rule(:undocumented) do s( any ) end rule(:key_attribute_long_type) do arg.as(:arg) end rule(:key_attribute_string_type) do arg.as(:arg) end rule(:key_attribute_ulong_type) do arg.as(:arg) end rule(:filename) do arg.as(:arg) end rule(:client_filename) do arg.as(:arg) end rule(:hostname) do arg.as(:arg) end rule(:ipaddr) do arg.as(:arg) end rule(:sysid) do arg.as(:arg) end rule(:interface_device) do arg.as(:arg) end rule(:bits) do arg.as(:arg) end rule(:isoaddr) do arg.as(:arg) end rule(:ipprefix) do arg.as(:arg) end rule(:ipprefix_mandatory) do arg.as(:arg) end rule(:interface_unit) do arg.as(:arg) end rule(:ipaddr_or_interface) do arg.as(:arg) end rule(:areaid) do arg.as(:arg) end rule(:interface_name) do arg.as(:arg) end rule(:community) do arg.as(:arg) end rule(:interface_wildcard) do arg.as(:arg) end rule(:unreadable) do arg.as(:arg) end rule(:ipprefix_optional) do arg.as(:arg) end rule(:policy_algebra) do arg.as(:arg) end rule(:regular_expression) do arg.as(:arg) end rule(:group_glob) do arg.as(:arg) end rule(:atm_vci) do arg.as(:arg) end rule(:ipprefix_only) do arg.as(:arg) end rule(:ipv4addr) do arg.as(:arg) end rule(:ipv4prefix) do arg.as(:arg) end rule(:ipv4prefix_mandatory) do arg.as(:arg) end rule(:ipv4addr_or_interface) do arg.as(:arg) end rule(:ipv4prefix_optional) do arg.as(:arg) end rule(:ipv4prefix_only) do arg.as(:arg) end rule(:ipv6addr) do arg.as(:arg) end rule(:ipv6prefix) do arg.as(:arg) end rule(:ipv6prefix_mandatory) do arg.as(:arg) end rule(:ipv6addr_or_interface) do arg.as(:arg) end rule(:ipv6prefix_optional) do arg.as(:arg) end rule(:ipv6prefix_only) do arg.as(:arg) end rule(:interface_device_wildcard) do arg.as(:arg) end rule(:interface_unit_wildcard) do arg.as(:arg) end rule(:time) do arg.as(:arg) end rule(:mac_addr) do arg.as(:arg) end rule(:mac_addr_prefix) do arg.as(:arg) end rule(:mac_unicast) do arg.as(:arg) end rule(:mac_unicast_prefix) do arg.as(:arg) end rule(:mac_multicast) do arg.as(:arg) end rule(:mac_multicast_prefix) do arg.as(:arg) end rule(:mpls_label) do arg.as(:arg) end rule(:float) do arg.as(:arg) end rule(:unsigned_float) do arg.as(:arg) end rule(:isoprefix) do arg.as(:arg) end rule(:isosysid) do arg.as(:arg) end rule(:interface_range_wild) do arg.as(:arg) end rule(:fc_addr) do arg.as(:arg) end rule(:wwn) do arg.as(:arg) end rule(:logfilename) do arg.as(:arg) end rule(:esi) do arg.as(:arg) end rule(:typedef) do arg.as(:arg) end rule(:configuration) do c( "rcsid" arg /* Revision control system identifier */, "version" arg /* Software version information */, "groups" ( /* Configuration groups */ s( any ) ), "system" ( /* System parameters */ juniper_system /* System parameters */ ), "dynamic-profiles" ( /* Dynamic profiles configuration */ juniper_dynamic_profile_object /* Dynamic profiles configuration */ ), "logical-systems" ( /* Logical systems */ juniper_logical_system /* Logical systems */ ), "chassis" ( /* Chassis configuration */ chassis_type /* Chassis configuration */ ), "services" ( /* Service PIC applications settings */ c( "analytics" ( /* Traffic analytics configuration options */ c( "traceoptions" ( /* Traffic analytics trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "configuration" | "rtsock" | "client-server" | "interface" | "xmlproxy")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "export-profiles" arg ( /* Mapping of export-profiles to collectors */ c( "stream-format" ( /* Streaming data format */ ("gpb" | "json" | "csv" | "tsv") ), "interface" ( /* Interface specific information */ c( "information" /* Enable streaming of interface information */, "statistics" ( /* Type of statistics to stream */ c( "traffic" /* Enable streaming of interface traffic statistics */, "queue" /* Enable streaming of interface queue statistics */ ) ), "status" ( /* Type of statistics to stream */ c( "link" /* Enable streaming of interface link status */, "traffic" /* Enable streaming of interface traffic status */, "queue" /* Enable streaming of interface queue status */ ) ) ) ), "system" ( /* Interface specific information */ c( "information" /* Enable streaming of system information */, "status" ( /* Type of statistics to stream */ c( "traffic" /* Enable streaming of system traffic status */, "queue" /* Enable streaming of system queue status */ ) ) ) ) ) ), "resource-profiles" arg ( /* Mapping of resource profiles to interfaces/queues/system */ c( "queue-monitoring" /* Enable queue statistics monitoring */, "no-queue-monitoring" /* Don't enable queue statistics monitoring */, "traffic-monitoring" /* Enable traffic statistics monitoring */, "no-traffic-monitoring" /* Don't enable traffic statistics monitoring */, "depth-threshold" ( /* Depth threshold configuration */ sc( "high" arg /* High queue depth threshold */, "low" arg /* Low queue depth threshold */ ) ).as(:oneline), "latency-threshold" ( /* Latency threshold configuration */ sc( "high" arg /* High latency threshold */, "low" arg /* Low latency threshold */ ) ).as(:oneline) ) ), "resource" ( c( "system" ( /* System configuration options */ c( "resource-profile" arg /* Resouce profile name */, "polling-interval" ( /* Polling interval */ c( "traffic-monitoring" arg /* Traffic statistics polling interval */, "queue-monitoring" arg /* Queue statistics polling interval */ ) ) ) ), "interfaces" ( /* Interface configuration options */ c( interface_type ) ) ) ), "collector" ( /* Remote streaming servers configuration options */ c( "local" ( /* Remote streaming servers configuration options */ c( "file" ( /* Log file information */ sc( filename /* Name of file in which to write log information */, "size" arg /* Maximum log file size */, "files" arg /* Maximum number of trace files */ ) ).as(:oneline) ) ), "address" arg ( /* IP address of remote server */ c( "port" arg ( /* Remote streaming server port number */ c( "transport" enum(("tcp" | "udp")) ( /* Transport protocol */ c( "export-profile" arg /* Export profile name */ ) ) ) ) ) ) ) ), "traffic-statistics" ( /* Traffic statistics configuration options */ c( "file" ( /* Log file information */ sc( filename /* Name of file in which to write log information */, "size" arg /* Maximum log file size */, "files" arg /* Maximum number of trace files */ ) ).as(:oneline), "interval" arg /* Traffic statistics polling interval */ ) ), "queue-statistics" ( /* Microburst statistics configuration options */ c( "file" ( /* Log file information */ sc( filename /* Name of file in which to write log information */, "size" arg /* Maximum log file size */, "files" arg /* Maximum number of trace files */ ) ).as(:oneline), "interval" arg /* Queue statistics polling interval */ ) ), "interfaces" ( /* Interface configuration options */ c( interface_type ) ), "streaming-servers" ( /* Remote streaming servers configuration options */ c( "address" arg ( /* IP address of remote server */ c( "port" arg ( /* Remote streaming server port number */ c( "stream-format" ( /* Streaming data format */ ("json" | "csv" | "tsv") ), "stream-type" enum(("traffic-statistics" | "queue-statistics")) /* Type of statistics to stream */ ) ) ) ) ) ), "streaming-server" arg ( /* Define Telemetry data servers */ c( "remote-address" ( /* Telemetry server IP address */ ipv4addr /* Telemetry server IP address */ ), "remote-port" arg /* Telemetry server Port */, "transport" ( /* Telemetry export transport protocol */ ("udp" | "grpc") ) ) ), "export-profile" arg ( /* Telemetry export profile name */ c( "local-address" ( /* Source address for exported packets */ ipv4addr /* Source address for exported packets */ ), "local-port" arg /* Source port for exported packets */, "dscp" arg /* DSCP value for exported packets */, "forwarding-class" arg /* Forwarding-class for exported packets, applicable only for PFE sensors */, "reporting-rate" arg /* Telemetry interval in seconds */, "payload-size" arg /* Telemetry payload size */, "format" ( /* Telemetry export record format */ ("gpb" | "gpb-sdm") ), "transport" ( /* Telemetry export transport protocol */ ("udp" | "grpc") ) ) ), "sensor" arg ( /* Define Telemetry sensors */ c( "server-name" arg /* Define Telemetry server */, "export-name" arg /* Define Telemetry export profiles */, "polling-interval" arg /* Define sensor polling interval in nano secs (1 .. 4294967295) */, "resource" arg /* System resource identifier string */, "resource-filter" arg /* Regexp for filtering resource instances (1 .. 1024) */, "subscription-id" arg /* Subscription ID (Used internally to group sensors) */, "suppress-zeros" /* Supress zeros while data export */, "reporting-rate" arg /* Telemetry interval in seconds */ ) ) ) ), "captive-portal-content-delivery" ( /* Configuration for captive portal and content delivery service */ c( "rule" ( /* Define a captive portal content delivery rule */ cpcd_rule_object_type /* Define a captive portal content delivery rule */ ), "rule-set" arg ( /* Define a set of captive portal content delivery rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* One or more rule/rule set in the profile */ c( c( "dynamic" /* Dynamic profile flag */, "cpcd-rules" arg /* List of captive portal content delivery rules */, "cpcd-rule-sets" arg /* List of captive portal content delivery rule sets */ ), "ipda-rewrite-options" ( /* Ipda rewrite options */ c( "destination-address" ( /* Default ipda rewrite IP address */ ipaddr /* Default ipda rewrite IP address */ ), "destination-port" arg /* Default ipda rewrite port */ ) ), "http-redirect-options" ( /* Http redirect options */ c( arg /* URL of the captive portal file */ ) ) ) ), "traceoptions" ( /* Captive portal and content delivery trace options */ cpcd_trace_options_type /* Captive portal and content delivery trace options */ ) ) ), "dynamic-flow-capture" ( /* Configure Dynamic Flow Capture parameters */ c( "g-max-duplicates" arg /* Maximum content destinations for the capture group */, "g-duplicates-dropped-periodicity" arg /* Periodicity of DuplicatesDropped notification in secs */, "capture-group" ( /* Configure DFC group parameters */ dfc_group_type /* Configure DFC group parameters */ ), "traceoptions" ( /* Trace options for dynamic-flow-capture service */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ) ) ), "flow-tap" ( /* Configure flow-tap parameters */ c( "family" ( /* Address family of packets to tap */ c( "inet" /* IPv4 family */, "inet6" /* IPv4 family */, "ccc" /* CCC family */ ) ), "interface" ( /* Service interface on which to configure flow-tap service */ interface_name /* Service interface on which to configure flow-tap service */ ), "tunnel-interface" ( /* Tunnel interface through which flow-tap would communicate with MD */ interface_name /* Tunnel interface through which flow-tap would communicate with MD */ ) ) ), "radius-flow-tap" ( /* Configure radius triggered flow-tap parameters */ c( "forwarding-class" arg /* Forwarding class assigned to intercepted packets */, "source-ipv4-address" ( /* IP Address to use as source address in IPv4 header appended to intercepted packets */ ipv4addr /* IP Address to use as source address in IPv4 header appended to intercepted packets */ ), "multicast-interception" /* Enable Multicast Tapping */, "interfaces" ( /* Tunnel Interfaces */ c( tunnel_interface_type ) ), c( "routing-instance" arg /* Routing instance to be used for radius flow tap */, "logical-system" arg ( /* Logical system to be used for radius flow tap */ c( "routing-instance" arg /* Routing instance to be used for radius flow tap */ ) ) ), "policy" arg ( /* Policy */ c( "inet" ( /* Protocol family IPv4 drop policy terms */ c( "drop-policy" ( /* Define an IPv4 drop policy */ drop_policy_term /* Define an IPv4 drop policy */ ) ) ), "inet6" ( /* Protocol family IPv6 drop policy terms */ c( "drop-policy" ( /* Define an IPv6 drop policy */ drop_policy6_term /* Define an IPv6 drop policy */ ) ) ) ) ), "snmp" ( /* SNMP options for radius flow tap */ c( "notify-targets" arg /* Target list for packet mirror SNMP notifications */ ) ) ) ), "mobile-flow-tap" ( /* Configure mobile triggered flow-tap parameters */ c( "source-interface" ( /* Source interface from which IRI packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline) ) ), "flow-monitoring" ( /* Configure flow monitoring */ c( "version9" ( /* Version 9 configuration */ c( "template" ( /* One or more version 9 templates */ version9_template /* One or more version 9 templates */ ) ) ), "version-ipfix" ( /* Version IP-Fix configuration */ c( "template" ( /* One or more version ip-fix templates */ version_ipfix_template /* One or more version ip-fix templates */ ) ) ) ) ), "jdaf" ( /* Juniper distributed application framework (JDAF) */ c( "routing-instances" arg /* List of routing-instance name for JDAF clients */ ) ), "rpm" ( /* Real-time performance monitoring */ c( "traceoptions" ( /* RMOPD trace options */ rmopd_traceoptions /* RMOPD trace options */ ), "bgp" ( /* BGP options for real-time performance monitoring */ c( "probe-type" ( /* RPM-BGP probe request type */ ("icmp-ping" | "icmp-ping-timestamp" | "icmp6-ping" | "tcp-ping" | "udp-ping" | "udp-ping-timestamp") ), "probe-count" arg /* Total number of probes per test */, "probe-interval" arg /* Delay between probes */, "test-interval" arg /* Delay between tests */, "destination-port" arg /* TCP/UDP port number */, "history-size" arg /* Number of stored history entries */, "moving-average-size" arg /* Number of samples used for moving average */, "data-size" arg /* Size of the data portion of the probes */, "data-fill" arg /* Define contents of the data portion of the probes */, "logical-system" ( /* Logical systems */ bgp_logical_system /* Logical systems */ ), "routing-instances" ( /* Routing instances */ bgp_routing_instances /* Routing instances */ ) ) ), "probe" arg ( /* TCP/UDP/ICMP ping */ c( "test" arg ( /* TCP/UDP/ICMP/ICMP6 ping test */ c( "probe-type" ( /* Probe request type */ ("http-get" | "http-metadata-get" | "icmp-ping" | "icmp-ping-timestamp" | "icmp6-ping" | "tcp-ping" | "udp-ping" | "udp-ping-timestamp") ), "target" ( /* Target destination for probe */ sc( c( "address" ( /* Address of target host */ ipv4addr /* Address of target host */ ), "inet6-address" ( /* Inet6 Address of target host */ ipv6addr /* Inet6 Address of target host */ ), "url" arg /* Fully formed target URL */, "inet6-url" arg /* Fully formed target IPV6 URL */ ) ) ).as(:oneline), "inet6-options" ( /* IPV6 related options */ c( "source-address" ( /* Inet6 Source Address of the probe */ ipv6addr /* Inet6 Source Address of the probe */ ) ) ), "probe-count" arg /* Total number of probes per test */, "probe-interval" arg /* Delay between probes */, "test-interval" arg /* Delay between tests */, "destination-port" arg /* TCP/UDP port number */, "source-address" ( /* Source address for probe */ ipv4addr /* Source address for probe */ ), "routing-instance" arg /* Routing instance used by probes */, "history-size" arg /* Number of stored history entries */, "moving-average-size" arg /* Number of samples used for moving average */, "dscp-code-points" arg /* Differentiated Services code point bits or alias */, "data-size" arg /* Size of the data portion of the probes */, "data-fill" arg /* Define contents of the data portion of the probes */, "thresholds" ( /* Probe and test threshold values. Set 0 to disable respective threshold */ c( "successive-loss" arg /* Successive probe loss count indicating probe failure */, "total-loss" arg /* Total probe loss count indicating test failure */, "rtt" arg /* Maximum round trip time per probe */, "jitter-rtt" arg /* Maximum jitter per test */, "std-dev-rtt" arg /* Maximum standard deviation per test */, "egress-time" arg /* Maximum source to destination time per probe */, "ingress-time" arg /* Maximum destination to source time per probe */, "jitter-ingress" arg /* Maximum destination to source jitter per test */, "jitter-egress" arg /* Maximum source to destination jitter per test */, "std-dev-ingress" arg /* Maximum destination to source standard deviation per test */, "std-dev-egress" arg /* Maximum source to destination standard deviation per test */ ) ), "traps" ( /* Trap to send if threshold is met or exceeded */ ("probe-failure" | "test-failure" | "test-completion" | "rtt-exceeded" | "std-dev-exceeded" | "jitter-exceeded" | "ingress-time-exceeded" | "ingress-std-dev-exceeded" | "ingress-jitter-exceeded" | "egress-time-exceeded" | "egress-std-dev-exceeded" | "egress-jitter-exceeded") ), "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ), "hardware-timestamp" /* Packet Forwarding Engine updates timestamps */, "one-way-hardware-timestamp" /* Enable hardware timestamps for one-way measurements */, "next-hop" ( /* Next-hop to which probe should be sent */ ipv4addr /* Next-hop to which probe should be sent */ ) ) ) ) ), "probe-server" ( /* ICMP/TCP/UDP probe server */ c( "icmp" ( /* ICMP probe server */ c( "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ) ) ), "tcp" ( /* TCP probe server */ c( "port" arg /* Port number 7 through 65535 */, "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ) ) ), "udp" ( /* UDP probe server */ c( "port" arg /* Port number 7 through 65535 */, "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ) ) ) ) ), "probe-limit" arg /* Maximum number of concurrent probes allowed */, "rfc2544-benchmarking" ( /* Rfc2544 benchmarking tests */ c( "profiles" ( /* Rfc2544 test profiles */ c( "test-profile" arg ( /* Test-profile definition */ c( "test-type" ( /* Rfc2544 test type */ ("throughput" | "latency" | "frame-loss" | "back-back-frames") ), "packet-size" arg /* Size of the test packet */, "bandwidth-kbps" arg /* Theoretical max service bandwidth in kbps (1000..1000000) */, "step-percent" arg /* Step percent for test */ ) ) ) ), "tests" ( /* Rfc2544 test configuration */ c( "test-name" arg ( /* Test definition */ c( "test-profile" arg /* Name of the test profile */, "source-mac-address" ( /* MAC address of source host in xx:xx:xx:xx:xx:xx format -Generator MAC */ mac_unicast /* MAC address of source host in xx:xx:xx:xx:xx:xx format -Generator MAC */ ), "destination-mac-address" ( /* MAC address of destination host in xx:xx:xx:xx:xx:xx format -Reflector MAC */ mac_unicast /* MAC address of destination host in xx:xx:xx:xx:xx:xx format -Reflector MAC */ ), "ovlan-id" arg /* Outer vlan id */, "ovlan-priority" arg /* Outer vlan priority */, "ovlan-cfi" arg /* Outer vlan CFI bit */, "outer-tag-protocol-id" arg /* Outer tag protocol id */, "ivlan-id" arg /* Inner vlan id */, "ivlan-priority" arg /* Inner vlan priority */, "ivlan-cfi" arg /* Inner vlan CFI bit */, "vlan-id" arg /* VLAN identifier */, "vlan-priority" arg /* VLAN priority */, "vlan-cfi" arg /* VLAN CFI bit */, "service-type" ( /* Service type */ ("eline" | "elan") ), "in-service" /* Test executed in-service mode */, "ip-swap" /* Swap IP in the test payload */, "udp-tcp-port-swap" /* Swap UDP/TCP port in the test payload */, "ignore-test-interface-state" /* Ignore interface state to run the test */, "check-test-interface-mtu" /* Check interface MTU to run the test */, "disable-signature-check" /* Signature check disable */, "forwarding-class" arg /* Forwarding class assigned to the frames */, "packet-loss-priority" ( /* Packet loss priority assigned to the frames */ ("low" | "high" | "medium-high") ), "dscp-code-points" arg /* Differentiated Services code point bits or alias */, "mode" ( /* Test mode */ ("reflect" | "initiate-and-terminate" | "ethernet-loopback") ), "reflect-mode" ( /* Reflect mode */ ("mac-swap" | "no-mac-swap" | "mac-rewrite") ), "family" ( /* Family type */ ("inet" | "ccc" | "bridge" | "vpls") ), "reflect-etype" arg /* Etype to match for reflect mode */, "direction" ( /* Direction of test */ ("ingress" | "egress") ), "timestamp-format" ( /* Format of timestamp values */ ("microseconds" | "nanoseconds") ), "source-udp-port" arg /* Source udp port */, "destination-udp-port" arg /* Destination udp port */, "test-duration" arg /* Test duration in minutes */, "test-iterator-duration" arg /* Duration of each iteration in seconds */, "test-finish-wait-duration" arg /* Number of seconds to wait after test completes before stopping the test */, "transmit-failure-threshold" arg /* Transmit failure-threshold (default 0.5%) */, "receive-failure-threshold" arg /* Receive failure-threshold (default 0%) */, "test-iterator-pass-threshold" arg /* Test pass-threshold (default 0.5%) */, "halt-on-prefix-down" /* Halt test on prefix down */, "skip-arp-iteration" /* Skip arp iteration in tests */, "test-interface" ( /* Name of interface(ifl) for test */ interface_name /* Name of interface(ifl) for test */ ), "reflector-port" arg /* Front panel port number - ACX5048: [16-53], ACX5096: [64-95, 100-103] */, "destination-ipv4-address" ( /* Destination address for test */ ipv4addr /* Destination address for test */ ), "source-ipv4-address" ( /* Source address for test */ ipv4addr /* Source address for test */ ) ) ) ) ) ) ), "twamp" ( /* Two-way Active Measurement Protocol configuration */ c( "post-cli-implicit-firewall" /* Enable post cli implicit firewall */, "client" ( /* TWAMP client configuration */ c( "control-connection" arg ( /* TWAMP control session configuration */ c( "authentication-mode" ( /* Authentication modes */ c( "none" /* No authentication or encryption */ ) ), "destination-interface" ( /* Name of output interface for all test sessions */ interface_name /* Name of output interface for all test sessions */ ), "destination-port" arg /* TCP TWAMP client listening port for the test sessions. Default 862 */, "history-size" arg /* Number of stored history entries */, "moving-average-size" arg /* Number of samples used for moving average */, "routing-instance" arg /* Routing instance used by the test sessions */, "target-address" ( /* Destination address of TWAMP responder */ ipv4addr /* Destination address of TWAMP responder */ ), "test-count" arg /* Total number of test session iterations */, "test-interval" arg /* Delay between test session iterations */, "traps" ( /* Trap to send if threshold is met or exceeded */ c( "test-iteration-done" /* All test sessions configured under the control connection have completed an iteration */, "control-connection-closed" /* Control connection closed */ ) ), "test-session" arg ( /* Test session details */ c( "target-address" ( /* Destination address of TWAMP responder */ ipv4addr /* Destination address of TWAMP responder */ ), "data-fill-with-zeros" /* Fill contents of test packet with zeros */, "data-size" arg /* Size of the data portion of the probes */, "dscp-code-points" arg /* Differentiated Services code point bits or alias used for TCP control and UDP TWAMP test packets */, "probe-count" arg /* Total number of probes per test */, "probe-interval" arg /* Delay between two consecutive probes */, "thresholds" ( /* TWAMP test threshold values. Set 0 to disable respective threshold */ c( "successive-loss" arg /* Successive probe loss count indicating probe failure */, "total-loss" arg /* Total probe loss count indicating test failure */, "rtt" arg /* Maximum round trip time per probe */, "jitter-rtt" arg /* Maximum jitter per test */, "std-dev-rtt" arg /* Maximum standard deviation per test */, "egress-time" arg /* Maximum source to destination time per probe */, "ingress-time" arg /* Maximum destination to source time per probe */, "jitter-ingress" arg /* Maximum destination to source jitter per test */, "jitter-egress" arg /* Maximum source to destination jitter per test */, "std-dev-ingress" arg /* Maximum destination to source standard deviation per test */, "std-dev-egress" arg /* Maximum source to destination standard deviation per test */ ) ), "traps" ( /* Trap to send if threshold is met or exceeded */ c( "probe-failure" /* Successive probe loss threshold reached */, "test-failure" /* Total probe loss threshold reached */, "test-completion" /* Test completed */, "rtt-exceeded" /* Exceeded maximum round trip time threshold */, "std-dev-exceeded" /* Exceeded round trip time standard deviation threshold */, "jitter-exceeded" /* Exceeded jitter in round trip time threshold */, "ingress-time-exceeded" /* Exceeded maximum ingress time threshold */, "ingress-std-dev-exceeded" /* Exceeded ingress time standard deviation threshold */, "ingress-jitter-exceeded" /* Exceeded jitter in ingress time threshold */, "egress-time-exceeded" /* Exceeded maximum egress time threshold */, "egress-std-dev-exceeded" /* Exceeded egress time standard deviation threshold */, "egress-jitter-exceeded" /* Exceeded jitter in egress time threshold */ ) ) ) ) ) ) ) ), "server" ( /* TWAMP server configuration */ c( "routing-instance-list" arg ( /* List of allowed routing instances,not more than 100, along with ports */ c( "port" arg /* Port to be used by the routing instance */ ) ), "authentication-mode" ( /* Authentication modes */ c( "none" /* No authentication or encryption */, "authenticated" ( /* Authenticated mode */ sc( "control-only" /* Authentication mode only for TWAMP control protocol */ ) ).as(:oneline), "encrypted" ( /* Encrypted mode */ sc( "control-only" /* Encryption mode only for TWAMP control protocol */ ) ).as(:oneline), "control-only-encrypted" /* Encrypted control and unauthenticated data mode */ ) ), "authentication-key-chain" ( /* Authentication key chain configuration */ twamp_authentication_key_chain /* Authentication key chain configuration */ ), "server-inactivity-timeout" arg /* Control packet idle timeout value in minutes, 0 to disable */, "max-connection-duration" arg /* Maximum Connection duration in hours, 0 to disable */, "maximum-sessions" arg /* Maximum number of test sessions for the server */, "maximum-sessions-per-connection" arg /* Maximum number of test sessions per client connection */, "maximum-connections" arg /* Maximum number of connections for the server */, "maximum-connections-per-client" arg /* Maximum number of server connections per client */, "port" arg /* TWAMP server listening port */, "client-list" arg ( /* List of allowed clients */ c( "address" arg /* IP prefix of client */ ) ) ) ) ) ) ) ), "video-monitoring" ( /* Video monitoring service */ c( "templates" arg ( /* Template for MDI flows */ c( "interval-duration" arg /* Monitoring interval in sec */, "inactive-timeout" arg /* Inactive timeout for idle flow in sec */, "rate" ( /* Media rate or layer3 pps */ c( c( "media" arg /* Constant bit rate in bps */, "layer3" arg /* Layer3 packet rate in pps */ ) ) ), "delay-factor" ( /* Delay factor related parameters */ c( "threshold" ( /* Threshold for delay factor alarm */ c( "info" arg /* Threshold for information alarm */, "warning" arg /* Threshold for warning alarm */, "critical" arg /* Threshold for critical alarm */ ) ), ("disable") ) ), "media-loss-rate" ( /* MLR related parameters */ c( "threshold" ( /* Threshold for MLR alarm */ c( "info" ( /* Threshold for information alarm */ c( c( "packet-count" ( /* MLR threshold value in packets count */ unsigned_float /* MLR threshold value in packets count */ ), "percentage" arg /* MLR threshold value in percentage */ ) ) ), "warning" ( /* Threshold for warning alarm */ c( c( "packet-count" ( /* MLR threshold value in packets count */ unsigned_float /* MLR threshold value in packets count */ ), "percentage" arg /* MLR threshold value in percentage */ ) ) ), "critical" ( /* Threshold for critical alarm */ c( c( "packet-count" ( /* MLR threshold value in packets count */ unsigned_float /* MLR threshold value in packets count */ ), "percentage" arg /* MLR threshold value in percentage */ ) ) ) ) ), ("disable") ) ), "media-rate-variation" ( /* MRV related parameters */ c( "threshold" ( /* Threshold for MRV alarm */ c( "info" arg /* Threshold for information alarm */, "warning" arg /* Threshold for warning alarm */, "critical" arg /* Threshold for critical alarm */ ) ), ("disable") ) ), "media-packets-count-in-layer3" arg /* Number of media packets in a IP packet */, "media-packet-size" arg /* Size of media packet */ ) ), "interfaces" arg ( /* Interfaces to enable video monitoring */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 flows */ c( "input-flows" arg ( /* Input flows informations */ c( "source-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ), "output-flows" arg ( /* Output flows informations */ c( "source-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ) ) ), "mpls" ( /* MPLS flows */ c( "input-flows" arg ( /* Input flows informations */ c( "payload-type" ( /* Specify MPLS payload-type */ ("ipv4") ), "source-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ), "output-flows" arg ( /* Output flows informations */ c( "payload-type" ( /* Specify MPLS payload-type */ ("ipv4") ), "source-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ) ) ) ) ) ) ), "stats-cache-life-time" arg /* Lifetime of cached stats in seconds */, "errors-cache-life-time" arg /* Lifetime of cached errors in seconds */, "flow-cache-life-time" arg /* Lifetime of cached flows in seconds */, "alarms" ( /* Alarms for Flows */ c( "delay-factor" ( /* DF Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ), "alarm-mode" ( /* Mode of alarm generation */ c( "mdi-records-count" arg /* Number of MDI records to average */, c( "immediate" /* Alarm will be triggered immediately */, "average" /* Alarm will be triggered based on average */ ) ) ) ) ), "media-rate-variation" ( /* MLR Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ), "alarm-mode" ( /* Mode of alarm generation */ c( "mdi-records-count" arg /* Number of MDI records to average */, c( "immediate" /* Alarm will be triggered immediately */, "average" /* Alarm will be triggered based on average */ ) ) ) ) ), "media-loss-rate" ( /* MRV Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ), "alarm-mode" ( /* Mode of alarm generation */ c( "mdi-records-count" arg /* Number of MDI records to average */, c( "immediate" /* Alarm will be triggered immediately */, "average" /* Alarm will be triggered based on average */ ) ) ) ) ), "flow-insert" ( /* Flow Insert Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ) ) ), "flow-delete" ( /* Flow Delete Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ) ) ) ) ) ) ), "app-engine" ( /* App-engine */ c( "security" /* Enable app-engine security */, "monitor-cpu" ( /* Monitor node CPU usage */ monitor_threshold /* Monitor node CPU usage */ ), "monitor-memory" ( /* Monitor node memory usage */ monitor_threshold /* Monitor node memory usage */ ), "monitor-storage" ( /* Monitor storage usage */ monitor_threshold /* Monitor storage usage */ ), "default-compute-node-package" arg /* Default JunosV App Engine package for appliance */, "compute-cluster" arg ( /* Configure compute cluster */ c( "local-management" ( /* Management address connected to compute cluster */ c( "routing-instance" ( /* Packets are restriction to specified routing instance */ s( arg, c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ), "monitor-cpu" ( /* Monitor node CPU usage */ monitor_threshold /* Monitor node CPU usage */ ), "monitor-memory" ( /* Monitor node memory usage */ monitor_threshold /* Monitor node memory usage */ ), "monitor-storage" ( /* Monitor storage usage */ monitor_threshold /* Monitor storage usage */ ), "compute-node" arg ( /* Compute node name */ c( "monitor-cpu" ( /* Monitor node CPU usage */ monitor_threshold /* Monitor node CPU usage */ ), "monitor-memory" ( /* Monitor node memory usage */ monitor_threshold /* Monitor node memory usage */ ), "monitor-storage" ( /* Monitor storage usage */ monitor_threshold /* Monitor storage usage */ ), c( "mac-address" ( /* MAC address of the network boot interface */ mac_addr /* MAC address of the network boot interface */ ), "fpc" arg /* FPC slot number */, "hypervisor" /* Compute node is hypervisor */ ), "package" arg /* JunosV App Engine package */, "routing-options" ( /* Route configuration for compute node */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ), "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ) ) ) ) ), "interfaces" ( /* Network interfaces configuration */ c( "ethernet" arg ( /* Interface configuration */ c( "management" /* Use this as management interface */, "family" ( /* Protocol family */ family /* Protocol family */ ), "enable-passthrough" /* Enable passthrough on this interface */, "mtu" arg /* Maximum transmit packet size */, "ether-options" ( c( c( "ieee-802-3ad" arg /* Aggregated interface name */ ) ) ) ) ), "bridge" arg ( /* Bridge configuration */ c( "management" /* Use this as management bridge */, "family" ( /* Protocol family */ family /* Protocol family */ ), "interface" arg /* Bridge interface list */, "mtu" arg /* Maximum transmit packet size */ ) ), "aggregate" arg ( /* Aggregate interface configuration */ c( "management" /* Use this as management aggregate */, "family" ( /* Protocol family */ family /* Protocol family */ ), "mtu" arg /* Maximum transmit packet size */, "aggregated-ether-options" ( /* Link aggregation parameters */ c( "hash-policy" ( ("layer-2" | "layer-3-and-4" | "layer-2-and-3") ), "miimon" arg /* Link monitoring interval in milli-second */ ) ) ) ) ) ), "syslog" enum(("any" | "authorization" | "privileged" | "cron" | "daemon" | "kernel" | "syslog" | "user" | "uucp" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7")) ( /* System logging facility */ sc( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "debug" /* Debug messages */ ) ) ).as(:oneline) ) ) ) ), "virtual-machines" ( /* Virtual-machine management */ c( "instance" arg ( /* Virtual-machine instance */ c( "cpu" arg /* Units of CPUs (default 1 cpu) */, "memory" arg /* Memory for the virtual-machine (default 1 gigabytes) */, "management-interface" arg /* Virtual-machine management interface name */, "package" arg /* Virtual-machine package */, "local-management" ( /* Management address connected to virtual machine */ c( "routing-instance" ( /* Packets are restriction to specified routing instance */ s( arg, c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ), "compute-cluster" arg ( /* Compute cluster on which the virtual-machine runs */ c( "compute-node" arg /* Compute node on which the virtual-machine runs */ ) ), "interface" arg ( /* Virtual-machine interface configuration */ c( "hw-model" ( /* Interface hardware model */ ("e1000g" | "virtio") ), "host-interface" arg /* Passthrough host interface for virtual-machine */, "bridge" arg /* Bridge that the interface connected to */, "mtu" arg /* Maximum transmit packet size */, "family" ( /* Interface address family */ c( "inet" ( /* IPv4 parameters */ c( "address" arg ( /* Interface address/destination prefix */ c( "primary" /* Primary address on the interface */ ) ) ) ) ) ) ) ), "routing-options" ( /* Route configuration for virutal machine */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ), "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ) ) ) ) ), "secondary-disk" ("hdb" | "hdc" | "hdd") ( /* Virtual-machine disk */ sc( "size" arg /* Virtual-machine secondary disk size */ ) ).as(:oneline) ) ) ) ) ) ), "unified-access-control" ( /* Configure Unified Access Control */ c( "infranet-controller" arg ( /* Configure infranet controller */ c( "address" ( /* Infranet controller IP address */ ipv4addr /* Infranet controller IP address */ ), "port" arg /* Infranet controller port */, "interface" ( /* Outgoing interface */ interface_name /* Outgoing interface */ ), "password" arg /* Infranet controller server password */, "ca-profile" arg /* Define a list of certificate authority */, "server-certificate-subject" arg /* Subject name of infranet controller certificate to match */ ) ), "certificate-verification" ( /* Specify certificate verification requirement */ ("warning" | "required" | "optional") ), "timeout" arg /* Timeout for idle infranet controller link in seconds */, "interval" arg /* Heartbeat interval from infranet controller in seconds */, "timeout-action" ( /* Specify action when infranet controller timeout occurs */ ("close" | "no-change" | "open") ), "test-only-mode" /* Allow all traffic and only log enforcement result */, "traceoptions" ( /* UAC trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "ipc" | "config" | "connect")) /* Tracing parameters */.as(:oneline) ) ), "captive-portal" arg ( /* Unauthenticated HTTP redirect */ c( "redirect-traffic" ( /* Traffic to redirect */ ("unauthenticated" | "all") ), "redirect-url" arg /* Redirect URL for unauthenticated users */ ) ) ) ), "flow-collector" ( /* Configure options to control flow collector */ c( "analyzer-address" ( /* Analyzer IP address field override value */ ipv4addr /* Analyzer IP address field override value */ ), "analyzer-id" arg /* Analyzer ID field override value */, "retry" arg /* Transfer retry attempt count */, "retry-delay" arg /* Delay between transfer retry attempts */, "destinations" ( /* Configure destination for files */ collector_destinations_type /* Configure destination for files */ ), "file-specification" ( /* File format specification */ file_specification_type /* File format specification */ ), "interface-map" ( /* Input interface to Collector PIC mapping */ interface_map_type /* Input interface to Collector PIC mapping */ ), "transfer-log-archive" ( /* Transfer log archive specification */ collector_transfer_log_archive_type /* Transfer log archive specification */ ) ) ), "captive-portal" ( /* Captive Portal options */ juniper_services_captive_portal /* Captive Portal options */ ), "logging" ( /* Bulk logging configuration */ juniper_pic_services_logging_options /* Bulk logging configuration */ ), "application-identification" ( /* Application identification configuration */ c( "enable-heuristics" /* Enable heuristic application identification */, "enable-performance-mode" ( /* Enable performance mode knobs for best DPI performance */ c( "max-packet-threshold" arg /* Max packet inspection threshold including both c2s ans s2c direction packets. Default value is 2 if not configured */ ) ), "download" ( c( "url" arg /* URL for application package download */, "ignore-server-validation" /* Disable server authentication for Applicaton Signature download */, "automatic" ( /* Scheduled download and update */ c( "start-time" arg /* Start time(MM-DD.hh:mm) */, "interval" arg /* Attempt to download new application package */ ) ) ) ), "statistics" ( /* Configure application statistics information */ c( "interval" arg /* Application statistics collection interval */ ) ), "nested-application-settings" ( /* Nested application settings */ c( "no-nested-application" /* Disable nested application identification */, "no-application-system-cache" /* Not to save nested AI match in application system cache */ ) ), "no-application-identification" /* Disable all application identification methods */, "no-signature-based" /* Disable signature based method */, "no-protocol-based" /* Disable protocol based method */, "signature-method-all-ports" /* Use signature-method on all(including well-known) ports */, "no-clear-application-system-cache" /* Disable clearing application system cache */, "no-application-system-cache" /* Disable storing AI result in application system cache */, "max-sessions" arg /* Max sessions that can run AI at the same time */, "application-system-cache-timeout" arg /* Application system cache entry lifetime */, "max-checked-bytes" arg /* Inspect the maximal number of bytes */, "application" arg ( /* Configure application definition */ c( "type" arg /* Well-known application such as HTTP and FTP */, "index" arg /* Custom index (32768..65534). Application index */, "tags" arg ( /* Application tags eg. risk factors, technology, traffic type */ c( arg /* Value */ ) ), "session-timeout" ( /* Lifetime of a session */ ("0" | "30" | "60" | "1800" | "3600" | "43200" | "86400" | "2592000") ), "idle-timeout" ( /* Remove the session if no packets */ ("0" | "5" | "15" | "30" | "60" | "1800" | "3600") ), "type-of-service" ( /* Type of service */ c( "minimize-delay" /* Requires minimal delay in packet transmission */, "maximize-throughput" /* Requires maximal throughput in packet transmission */, "maximize-reliability" /* Requires maximal reliability in packet transmission */, "minimize-monetary-cost" /* Requires minimal monetary cost in packet transmission */ ) ), "disable" /* Disable this application definition in AI */, "cacheable" /* Cacheable */, "description" arg /* Text description of application */, "priority" ( /* Application matching priority */ ("high" | "low") ), "order" arg /* The order value, lower the value higher the priority */, "maximum-transactions" arg /* Maximum number of transactions matched by AI */, "alt-name" arg /* Alt name for the application */, "compatibility" arg /* Juniper compatibility version */, "port-mapping" ( c( "icmp" ( /* Match ICMP message */ c( "type" arg /* Numeric type value (0 .. 254) */, "code" arg /* Numeric code value (0 .. 254) */ ) ), "protocol" arg /* Numeric protocol value (0 .. 254) */, "port-range" ( /* Used by port-based AI method */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ), "disable" /* Disable port-based method for this application */ ) ), "icmp-mapping" ( /* Match ICMP message */ c( "type" arg /* Numeric type value */, "code" arg /* Numeric code value */, "order" arg /* The Order value */, "order-priority" ( /* Application matching priority */ ("high" | "low") ) ) ), "ip-protocol-mapping" ( /* Match IP protocol */ c( "protocol" arg /* Numeric protocol value */, "order" arg /* The Order value */, "order-priority" ( /* Application matching priority */ ("high" | "low") ) ) ), "address-mapping" arg ( /* Match IP address */ c( "filter" ( /* Match IP/port */ c( "ip" ( /* IP address and prefix-length */ ipprefix /* IP address and prefix-length */ ), "port-range" ( /* Port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "source" ( /* Match IP source address */ c( "ip" ( /* IP address and prefix-length */ ipprefix /* IP address and prefix-length */ ), "wildcard-address" ( /* IP wildcard address and mask */ sc( ipaddr /* IP wildcard address */, "wildcard-mask" ( /* IP wildcard address mask */ ipaddr /* IP wildcard address mask */ ) ) ).as(:oneline), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "destination" ( /* Match IP destination address */ c( "ip" ( /* IP address and prefix-length */ ipprefix /* IP address and prefix-length */ ), "wildcard-address" ( /* IP wildcard address and mask */ sc( ipaddr /* IP wildcard address */, "wildcard-mask" ( /* IP wildcard address mask */ ipaddr /* IP wildcard address mask */ ) ) ).as(:oneline), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "order" arg /* Application matching priority */, "order-priority" ( /* Application matching priority */ ("high" | "low") ) ) ), "over" arg ( /* Set of L4/L7 application that carries given application */ c( "protocol" ( /* Application protocol */ ("http" | "ssl" | "udp" | "tcp") ), "chain-order" /* The order of members is used to match the pattern */, "order-priority" ( /* Application matching priority */ ("high" | "low") ), "order" arg /* The order value */, "port-range" ( /* Apply signature to packets sent to this port range */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ), "member" arg ( /* Pattern matched on client-to-server packets */ c( "context" ( /* Context to be matched on */ ("http-url-parsed" | "http-url-parsed-param-parsed" | "http-header-host" | "http-header-location" | "http-header-content-type" | "http-get-url-parsed-param-parsed" | "http-post-url-parsed-param-parsed" | "http-header-cookie" | "http-header-user-agent" | "http-post-variable-parsed" | "ssl-server-name" | "stream") ), "pattern" arg /* Pattern matched on context */, "direction" ( /* Connection direction of the packets to apply pattern matching */ ("client-to-server" | "server-to-client" | "any") ), "check-bytes" arg /* Maximum number of bytes to check for stream context */ ) ), "signature" arg ( /* Application signature for pattern matching */ c( "port-range" arg /* Port range */, "member" arg ( /* Application signature member */ c( "context" arg /* Context to be matched on */, "pattern" arg /* DFA pattern matched on context */, "direction" ( /* Connection direction of the packets to apply pattern matching */ ("client-to-server" | "server-to-client" | "any") ) ) ) ) ) ) ) ) ), "nested-application" arg ( /* Configure nested application definition */ c( "type" arg /* Well-known application such as FACEBOOK and KAZZA */, "index" arg /* Custom index (32768..65534). Application index */, "protocol" arg /* Name of layer 7 application that carries nested application */, "signature" arg ( /* Nested application signature for pattern matching */ c( "member" arg ( /* Pattern matched on client-to-server packets */ c( "context" ( /* Context to be matched on */ ("http-url-parsed" | "http-url-parsed-param-parsed" | "http-header-host" | "http-header-location" | "http-header-content-type" | "http-get-url-parsed-param-parsed" | "http-post-url-parsed-param-parsed" | "http-header-cookie" | "http-header-user-agent" | "http-post-variable-parsed" | "ssl-server-name" | "stream") ), "pattern" arg /* Pattern matched on context */, "direction" ( /* Connection direction of the packets to apply pattern matching */ ("client-to-server" | "server-to-client" | "any") ), "check-bytes" arg /* Maximum number of bytes to check for stream context */ ) ), "chain-order" /* The order of members is used to match the pattern */, "maximum-transactions" arg /* Maximum number of transactions matched by AI */, "order" arg /* Application matching priority */, "insert-before" ( /* Insert before another signature */ c( arg /* An application name */ ) ) ) ) ) ), "application-group" arg ( /* Define application group */ c( "application-groups" arg /* Configure child application group(s) */, "applications" arg /* Configure applications that belong to this application group */, "disable" /* Disable this application group definition in AI */ ) ), "rule" arg ( /* One or more application rules for address-based method AI */ c( "application-name" arg /* Name of application that is target of this rule */, "address" arg ( /* Configure one of more addresses */ c( "source" ( /* Match IP source address */ c( "ip" ( /* IP address and prefix-length */ ipv4prefix /* IP address and prefix-length */ ), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "destination" ( /* Match IP destination address */ c( "ip" ( /* IP address and prefix-length */ ipv4prefix /* IP address and prefix-length */ ), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "order" arg /* Application matching priority */ ) ) ) ), "rule-set" arg ( /* One or more application rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* One or more application rule-sets */ c( "rule-set" arg /* One or more rule-sets in the profile */ ) ), "traceoptions" ( /* Trace options for application identification */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) ) ) ), "service-set" arg ( /* Define a service set */ c( "syslog" ( /* Define system logging parameters */ service_set_syslog_object /* Define system logging parameters */ ), "max-flows" arg /* Maximum number of flows allowed for a service set */, "hosted-service-identifier" arg /* Service Set to Hosted service Map */, "max-session-setup-rate" arg /* Maximum number of session creations allowed per second */, "max-drop-flows" ( /* Maximum number of drop flows allowed for a service-set */ c( "ingress" arg /* Maximum number of ingress drop flows allowed */, "egress" arg /* Maximum number of egress drop flows allowed */ ) ), "snmp-trap-thresholds" ( /* Define snmp traps for service sets */ c( "flow" ( /* Flow Threshold range for a service set */ sc( "low" arg /* Lower limit of flow threshold */, "high" arg /* Upper limit of flow threshold */ ) ).as(:oneline), "nat-address-port" ( /* Nat Address and port usage trap threshold range */ sc( "low" arg /* Lower limit of trap threshold */, "high" arg /* Upper limit of trap threshold */ ) ).as(:oneline) ) ), "tcp-mss" arg /* Enable the limit on TCP Max. Seg. Size in SYN packets */, "softwire-options" ( /* Options for softwire */ c( "dslite-ipv6-prefix-length" ( /* The ipv6 prefix length for subscriber addresses */ ("56" | "64" | "96" | "128") ) ) ), "nat-options" ( /* Options for NAT */ c( "stateful-nat64" ( /* Options for stateful NAT64 */ c( "clear-dont-fragment-bit" /* Clear DF bit in IPv4 header if IPv6 packet size is less than 1280 bytes */, "ipv6-mtu" arg /* Path MTU of IPv6 network */, "disable-h323-ras" /* Disable H323 and RAS ALG for NAT64 */ ) ), "nptv6" ( /* Options for NPTv6 */ c( "icmpv6-error-messages" /* Send ICMP Error messages if NPTv6 address translation fails */ ) ), "land-attack-check" ( /* Enable land attack checks */ ("ip-only" | "ip-port") ), "max-sessions-per-subscriber" arg /* Limit the number of sessions per subscriber */, "snmp-value-match-msmic" /* Match the MSMIC specific snmp values for the msdpc */ ) ), "service-set-options" ( /* Options for service set */ c( "tcp-non-syn" ( /* Deny session creation on receiving first non SYN pkt */ ("drop-flow" | "drop-flow-send-rst") ), "tcp-fast-open" ( /* Tcp-fast-Open enabled packets will be handled accordingly */ ("disabled" | "drop") ), "bypass-traffic-on-pic-failure" /* Bypass traffic on service PIC failure */, "bypass-traffic-on-exceeding-flow-limits" /* Bypass traffic when exceeding the max flow limit */, "enable-asymmetric-traffic-processing" /* Enable service-processing for asymmetric traffic */, "subscriber-awareness" /* Enable subscriber awareness on the service chain */, "header-integrity-check" ( /* Enable/Disable header integrity checks */ c( "enable-all" /* Enable all header integrity checks */ ) ), "enable-change-on-ams-redistribution" /* Allow NAT pool change on AMS redistribution */, "routing-engine-services" /* Enable service-processing at RE */ ) ), "replicate-services" ( /* Define services that will be replicated to peer. */ c( "replication-threshold" arg /* Duration in seconds for which flow should remain active for replication. (Min 180s) */, "disable-replication-capability" /* Disable replication capability for this service-set */ ) ), "allow-multicast" /* Allow multicast packets */, c( "softwire-rules" arg /* List of softwire rules */, "softwire-rule-sets" arg /* List of softwire rule sets */ ), c( "stateful-firewall-rules" arg /* List of stateful firewall rules */, "stateful-firewall-rule-sets" arg /* List of stateful firewall rule sets */ ), c( "pcp-rules" arg /* List of PCP rules */, "pcp-rule-sets" arg /* List of PCP rule sets */ ), c( "nat-rules" arg /* List of NAT rules */, "nat-rule-sets" arg /* List of NAT rule sets */ ), c( "ip-reassembly-rules" arg /* List of ip-reassembly rules */ ), c( "ids-rules" arg /* List of IDS rules */, "ids-rule-sets" arg /* List of IDS rule sets */ ), c( "cos-rules" arg /* One or more CoS rules */, "cos-rule-sets" arg /* One or more CoS rule sets */ ), c( "aacl-rules" arg /* One or more AACL rules */, "aacl-rule-sets" arg /* One or more AACL rule sets */ ), "aacl-dyn-rules" arg /* One or more AACL rule */, c( "ptsp-rules" arg /* One or more PTSP rules */, "ptsp-rule-sets" arg /* One or more PTSP rule sets */ ), c( "pgcp-rules" arg /* One or more PGCP rules */, "pgcp-rule-sets" arg /* One or more PGCP rule sets */ ), "jflow-rules" ( /* One or more jflow rules */ c( "sampling" ( c( "instance" arg /* Name of the instance */ ) ) ) ), c( "application-identification-profile" arg /* Define Application Identification profile */ ), "pcef-profile" arg /* Define PCEF profile */, "lrf-profile" arg /* Define logging and reporting profile */, "hcm-profile" arg /* Define HCM profile */, "url-filter-profile" arg /* Define URL filtering profile */, c( "hcm-url-rules" arg /* One or more HCM uri rules */, "hcm-url-rule-sets" arg /* One or more HCM url rule sets */ ), c( "tag-rules" arg /* One or more HCM tag rules */, "tag-rule-sets" arg /* One or more HCM tag rule sets */ ), c( "idp-profile" arg /* IDP policy to use */ ), c( "captive-portal-content-delivery-profile" arg /* Define captive portal and content delivery profile */ ), c( "policy-decision-statistics-profile" ( /* Define policy decision statistics profile */ c( arg ) ) ), c( "interface-service" ( /* Define parameters for interface-specific service sets */ c( "service-interface" ( /* Services interface to use */ interface_unit /* Services interface to use */ ), "load-balancing-options" ( c( "hash-keys" ( c( "resource-triggered" /* Resource Triggered load balancing */, "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ) ) ) ) ) ) ), "sampling-service" ( /* Define parameters for sampling service sets */ c( "service-interface" ( /* Services interface to use */ interface_unit /* Services interface to use */ ) ) ), "next-hop-service" ( /* Define parameters for next-hop service sets */ c( "inside-service-interface" ( /* Service interface to inside network */ interface_unit /* Service interface to inside network */ ), "outside-service-interface" ( /* Service interface name */ interface_unit /* Service interface name */ ), "outside-service-interface-type" ( /* Service interface type local for reassembly service */ ("local") ), "service-interface-pool" arg /* Service interface pool name */ ) ) ), "extension-service" arg /* Define the customer specific extensions */, "service-order" ( /* Define of order of services to be applied */ c( "forward-flow" arg /* Service Order for forward flow */, "reverse-flow" arg /* Service Order for reverse flow */ ) ), "subscriber-profile" arg /* Subscriber profile name */, "jflow-log" ( /* Define Jflow-logging parameters. */ c( "template-profile" arg /* Allow jflow messages for applications */ ) ), "ipsec-vpn-options" ( /* Define IPSec VPN options */ service_set_ipsec_vpn_options_object /* Define IPSec VPN options */ ), c( "ipsec-vpn-rules" arg /* List of IPSec VPN rules */, "ipsec-vpn-rule-sets" arg /* List of IPSec VPN rule sets */ ), "ipsec-group-vpn" arg /* Designate service-set to a Group VPN */, "redundancy-set-id" arg /* Redundancy set identifier */ ) ), "ipsec-vpn" ( /* Configure IPSec VPN service */ c( "rule" ( /* Define an IPSec rule */ ipsec_vpn_rule_object /* Define an IPSec rule */ ), "rule-set" arg ( /* Defines a set of IPSec rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "ipsec" ( /* IPSec configuration */ services_ipsec /* IPSec configuration */ ), "ike" ( /* IKE configuration */ services_ike /* IKE configuration */ ), "traceoptions" ( /* Trace options for IPSec key management process */ ipsec_services_traceoptions /* Trace options for IPSec key management process */ ), "no-ipsec-tunnel-in-traceroute" /* Do not display IPSec tunnel endpoint in traceroute output */, "establish-tunnels" ( /* Define the criteria to establish tunnels */ ("immediately" | "on-traffic") ), "clear-ike-sas-on-pic-restart" /* Clear IKE SAs when the corresponding PIC restarts */, "clear-ipsec-sas-on-pic-restart" /* Clear IPSec SAs when the corresponding PIC restarts */, "disable-natt" /* Disable NAT traversal even if NAT is detected */ ) ), "lrf" ( /* Logging and reporting service configuration */ c( "profile" ( /* One or more LRF profiles */ lrf_profile_object /* One or more LRF profiles */ ) ) ), "pcef" ( /* Policy and Charging Enforcement Function(PCEF) configuration */ services_pcef /* Policy and Charging Enforcement Function(PCEF) configuration */ ), "ssl" ( /* Configuration for Secure Socket Layer support service */ c( "traceoptions" ( /* Trace options for Secure Socket Layer support service */ ssl_traceoptions /* Trace options for Secure Socket Layer support service */ ), "termination" ( /* Configuration for Secure Socket Layer termination support service */ ssl_termination_config /* Configuration for Secure Socket Layer termination support service */ ), "initiation" ( /* Configuration for Secure Socket Layer initiation support service */ ssl_initiation_config /* Configuration for Secure Socket Layer initiation support service */ ), "proxy" ( /* Configuration for Secure Socket Layer proxy support service */ ssl_proxy_config /* Configuration for Secure Socket Layer proxy support service */ ) ) ), "stateful-firewall" ( /* Configure stateful firewall services */ c( "rule" ( /* Define a stateful firewall rule */ sfw_rule_object /* Define a stateful firewall rule */ ), "rule-set" arg ( /* Define a set of stateful firewall rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "ip-reassembly" ( /* Configure ip-reassembly services */ c( "profile" ( /* Define a ip reassembly profile */ ipr_profile_object /* Define a ip reassembly profile */ ), "rule" ( /* Define a ip reassembly rule */ ipr_rule_object /* Define a ip reassembly rule */ ), "rule-set" arg ( /* Define a set of ip reassembly rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "softwire" ( /* Configure softwire services */ c( "ipv6-multicast-interfaces" ("all" | "interface-name") /* Enable IPv6 multicast filter */, "softwire-concentrator" ( /* Configure softwire concentrators */ c( "ds-lite" ( /* Configure DS-Lite concentrator */ dslite_object /* Configure DS-Lite concentrator */ ), "v6rd" ( /* Configure 6rd concentrator */ v6rd_object /* Configure 6rd concentrator */ ) ) ), "rule" ( /* Define a softwire rule */ sw_rule_object /* Define a softwire rule */ ), "rule-set" arg ( /* Define a set of softwire rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "aacl" ( /* Application Aware Access List services configuration */ c( "rule" ( /* One or more AACL rules */ aacl_rule_object /* One or more AACL rules */ ), "rule-set" arg ( /* Define a Set of AACL rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "aacl-dyn-rule-set" arg ( /* Define a set of AACL dynamic rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "ptsp" ( /* Packet Triggered Subscribers Policy services configuration */ c( "rule" ( /* One or more PTSP rules */ ptsp_rule_object /* One or more PTSP rules */ ), "forward-rule" ( /* One or more PTSP forwarding rules */ ptsp_forward_rule_object /* One or more PTSP forwarding rules */ ), "rule-set" arg ( /* Define a set of PTSP rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "hcm" ( /* Http Content Management services configuration */ c( "url-rule" ( /* One or more url HCM rules */ hcm_url_rule_object /* One or more url HCM rules */ ), "tag-rule" ( /* One or more HCM tag rules */ hcm_tag_rule_object /* One or more HCM tag rules */ ), "url-list" ( /* List of URL's */ hcm_url_list_object /* List of URL's */ ), "tag-attribute" ( /* Tag Attributes (Subscriber Aware Attrs: imsi,msisdn,ipv4addr,imei,ipv6addr,apn,ggsnipv4,ggsnipv6) */ ("msisdn" | "imsi" | "apn" | "imei" | "ipv4addr" | "ipv6addr" | "ggsnipv4" | "ggsnipv6" | "radiusclass") ), "url-rule-set" arg ( /* Define a Set of HCM url rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "tag-rule-set" arg ( /* Define a Set of HCM tag rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* HCM Profile Name */ c( "tag-rule" ( /* Tag rule to be included in this profile */ c( arg /* Tag Rule name */ ) ) ) ) ) ), "cos" ( /* Class of Service services configuration */ c( "application-profile" ( /* One or more CoS application profiles */ cos_application_profile_object /* One or more CoS application profiles */ ), "rule" ( /* One or more CoS rules */ cos_rule_object /* One or more CoS rules */ ), "rule-set" arg ( /* Define a Set of CoS rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "pgcp" ( /* Packet Gateway Control Protocol services configuration */ c( "traceoptions" ( /* Trace options for packet gateway service */ c( "flag" ( /* Per-component trace options */ c( "default" ( /* Default trace level for all the components */ ("trace" | "debug" | "info" | "warning" | "error") ), "h248-stack" ( /* H248 stack sub-components */ c( "default" ( /* Default trace level for the H248 stack subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "control-association" ( /* Control association trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "media-gateway" ( /* Media gateway trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "messages" /* Enable H248 dump messages */ ) ), "bgf-core" ( /* BGF core sub-components */ c( "default" ( /* Default trace level for the bgf core subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "firewall" ( /* Firewall trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "gate-logic" ( /* Gate trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "policy" ( /* Policy trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "pic-broker" ( /* PIC broker trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "statistics" ( /* Statistics trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Common trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "sbc-utils" ( /* SBC utils sub-components */ c( "default" ( /* Default trace level for the sbc-utils subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Common utils trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "configuration" ( /* Configuration trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "device-monitor" ( /* Device-monitor trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "ipc" ( /* IPC trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-management" ( /* Memory mgmt trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "messaging" ( /* Messaging trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "user-interface" ( /* UI trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ) ) ), "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ), "media-service" ( /* One or more PGCP media service */ pgcp_media_service_object /* One or more PGCP media service */ ), "virtual-interface" ( /* One or more Virtual Interfaces */ pgcp_virtual_interface_object /* One or more Virtual Interfaces */ ), "gateway" ( /* One or more Packet Gateways */ pgcp_gateway_object /* One or more Packet Gateways */ ), "rule" ( /* One or more PGCP rules */ pgcp_rule_object /* One or more PGCP rules */ ), "rule-set" arg ( /* Define a Set of PGCP rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "session-mirroring" ( /* Session mirroring configuration */ pgcp_session_mirroring_object /* Session mirroring configuration */ ), "notification-rate-limit" arg /* Max number of notifications/second sent to PGC */ ) ), "border-signaling-gateway" ( /* Border signaling service configuration */ c( "gateway" ( gateway_type ) ) ), "ids" ( /* Configure the intrusion detection system */ c( "rule" ( /* Define an IDS rule */ ids_rule_object /* Define an IDS rule */ ), "rule-set" arg ( /* Define a set of IDS rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "pcp" ( /* Configure Port Control Protocol */ c( "server" ( /* Define a PCP server */ pcp_server_object /* Define a PCP server */ ), "rule" ( /* Define a PCP rule */ pcp_rule_object /* Define a PCP rule */ ), "rule-set" arg ( /* Defines a set of PCP rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "nat" ( /* Configure Network Address Translation */ c( "pool" ( /* Define a NAT pool */ nat_pool_object /* Define a NAT pool */ ), "ipv6-multicast-interfaces" ("all" | "interface-name") ( /* Enable IPv6 multicast filter for IPv6 NAT */ c( "disable" /* Disable IPv6 multicast filter for IPv6 NAT */ ) ), "allow-overlapping-nat-pools" /* Allow usage of overlapping and same nat pools in multiple service sets */, "rule" ( /* Define a NAT rule */ nat_rule_object /* Define a NAT rule */ ), "port-forwarding" ( /* Define a port-forwarding pool */ pf_mapping /* Define a port-forwarding pool */ ), "rule-set" arg ( /* Defines a set of NAT rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "l2tp" ( /* Configure Layer 2 Tunneling Protocol service */ c( "tunnel-group" ( /* Layer 2 Tunneling Protocol profile */ l2tp_tunnel_group_object /* Layer 2 Tunneling Protocol profile */ ), "ip-reassembly" ( /* Configure IP Reassembly parameters */ c( "service-set" arg /* Name of IP Reassembly service set */ ) ), "traceoptions" ( /* Layer 2 Tunneling Protocol daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("gres" | "init" | "events" | "memory" | "message" | "packet-error" | "parse" | "receive-packets" | "session-db" | "states" | "timer" | "transmit-packets" | "routing-socket" | "routing-process" | "protocol" | "configuration" | "ipc-tx" | "ipc-rx" | "general" | "tunnel" | "stats" | "authentication" | "all")) /* Tracing parameters */.as(:oneline), "debug-level" ( /* Trace level for PPP, L2TP, RADIUS, and UDP */ ("error" | "detail" | "packet-dump") ), "filter" ( /* Filter to control trace messages */ c( "protocol" enum(("ppp" | "l2tp" | "radius" | "udp")) /* Additional filter for protocol */.as(:oneline), "user-name" arg /* Additional filter by user name */, "user" ( /* Filter by user name */ c( arg ) ) ) ), "interfaces" ( /* Layer 2 Tunneling Protocol service interface */ l2tp_interface_traceoptions /* Layer 2 Tunneling Protocol service interface */ ) ) ), "weighted-load-balancing" /* Enable weighted-load-balancing for LAC sessions */, "destination-equal-load-balancing" /* Enable equal load balancing of destinations */, "drain" /* Prevents creation of destinations, tunnels and sessions */, "failover-within-preference" /* Enable failover-within-preference level for LAC sessions */, "disable-calling-number-avp" /* Disable the calling number AVP in ICRQ packet */, "disable-failover-protocol" /* Disable failover protocol resync mechanism */, "rx-connect-speed-when-equal" /* Generate rx connect speed AVP when tx equals rx speed */, "tx-connect-speed-method" ( /* TX connect speed method */ ("none" | "static" | "ancp" | "pppoe-ia-tag" | "service-profile") ), "maximum-sessions" arg /* Maximum number of sessions per chassis */, "tunnel" ( /* System wide tunnel attributes */ c( "name" arg ( sc( "address" arg ( /* Address of the tunnel destination */ sc( "routing-instance" arg ( /* Routing instance in which tunnel exists */ sc( "drain" /* Prevents assignment of sessions to tunnel */ ) ).as(:oneline), "drain" /* Prevents assignment of sessions to tunnel */ ) ).as(:oneline), "drain" /* Prevents sessions assignment to tunnel */ ) ).as(:oneline), "assignment-id-format" ( /* Assignment id format */ ("assignment-id" | "client-server-id") ), "retransmission-count-established" arg /* Max Retransmission count for Established tunnels */, "retransmission-count-not-established" arg /* Max Retransmission count for Not Established tunnels */, "nas-port-method" ( /* Tunnel network access server port method */ ("cisco-avp") ), "minimum-retransmission-timeout" ( /* Min retransmission timeout for control packets in seconds (default 1) */ ("1" | "2" | "4" | "8" | "16") ), "idle-timeout" arg /* Tunnel idle timeout value in seconds */, "rx-window-size" arg /* Tunnel Receive Window Size */, "tx-address-change" ( /* Tunnel Tx Address Change */ c( "accept" /* Accept Tx IP Address or UDP Port Change */, "ignore" /* Ignore Tx IP Address or UDP Port Change */, "ignore-ip-address" /* Ignore Tx IP Address Change */, "ignore-udp-port" /* Ignore Tx UDP Port Change */, "reject" /* Reject Tx IP Address or UDP Port Change */, "reject-ip-address" /* Reject Tx IP Address Change */, "reject-udp-port" /* Reject Tx UDP Port Change */ ) ), "maximum-sessions" arg /* Maximum number of sessions per tunnel */, "failover-resync" ( /* Tunnel Failover Resync Mechanism */ ("silent-failover" | "failover-protocol") ) ) ), "destruct-timeout" arg /* The destruct timeout in seconds */, "tunnel-switch-profile" arg /* Default tunnel switch profile name */, "destination" ( /* System wide destination attributes */ l2tp_destination_object /* System wide destination attributes */ ), "access-line-information" ( /* Enable system wide sending of DSL line attributes */ l2tp_access_line_object /* Enable system wide sending of DSL line attributes */ ), "session-limit-group" arg ( c( "maximum-sessions" arg /* Maximum number of sessions per tunnel-group */ ) ), "enable-ipv6-services-for-lac" /* Enable IPv6 services for LAC sessions */, "enable-snmp-tunnel-statistics" /* Enable L2TP tunnel statistics for availability via SNMP */ ) ), "adaptive-services-pics" ( /* Adaptive Services PIC daemon configuration */ c( "traceoptions" ( /* Adaptive Services PIC daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("routing-socket" | "routing-protocol" | "service-identification" | "configuration" | "ipc" | "kernel-object" | "snmp" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "license-management" ( /* Configure license management server */ c( "license-server" ( c( "ip-address" ( /* Address of the license log server */ ipv4addr /* Address of the license log server */ ), "log-interval" arg /* Time interval to send data to Log Collector */, "services" ( /* List of services that require throughput data export */ ("jflow" | "cgnat" | "firewall") ) ) ) ) ), "soft-gre" ( /* Soft GRE tunnel definitions */ c( soft_gre_tunnel_group_object ) ), "service-interface-pools" ( /* Configure service interface pools */ c( "pool" ( /* Define service interface pool */ service_interface_pool_object /* Define service interface pool */ ) ) ), "hosted-services" ( /* Configuration for services performed in the remote server */ c( "client-profile" arg ( /* Configure client profile */ c( "transport-type" ( /* Transport type */ ("GRE" | "UDP" | "TCP") ), "client-address" ( /* Client address */ ipv4addr /* Client address */ ), "hosted-service-identifier" arg /* Identifier for the service performed on the remote server */ ) ), "server-profile" arg ( /* Configure server profile */ c( "transport-type" ( /* Transport type */ ("GRE" | "UDP" | "TCP") ), "server-address" ( /* Server address */ ipv4addr /* Server address */ ), "client-address" ( /* Client address */ ipv4addr /* Client address */ ), "hosted-service-identifier" arg /* Identifier for the service performed in the remote server */ ) ) ) ), "jflow-log" ( c( "collector" arg ( /* Collector attributes */ c( "destination-address" arg /* IPv4 Address or hostname of the collector */, "destination-port" arg /* Destination port of the collector */, "source-ip" ( /* Source IPv4 Address from which logging is to be done */ ipv4addr /* Source IPv4 Address from which logging is to be done */ ) ) ), "collector-group" arg ( c( "collector" arg /* List of Collector profiles */ ) ), "template-profile" arg ( c( "collector" arg /* Specify a collector name */, "collector-group" arg /* Specify a collector-group name */, "template-type" ( /* Allow jflow-log for applications */ ("nat") ), "version" ( /* Version of jflow-logging */ ("v9" | "ipfix") ), "refresh-rate" ( c( "packets" arg /* Specify number of packets after which templates are sent to collector */, "seconds" arg /* Specify number of seconds after which templates are sent to collector */ ) ) ) ) ) ), "service-device-pools" ( /* Configure service device pools */ c( "pool" ( /* Define service device pool */ service_device_pool_object /* Define service device pool */ ) ) ), "redundancy-set" ( /* Redundancy-set settings */ c( "traceoptions" ( /* Services redundancy trace options */ srd_traceoptions_object /* Services redundancy trace options */ ), srd_rs_id_object /* Definition of redundancy-set */ ) ), "traffic-load-balance" ( /* Traffic load balance configuration */ tdir_service_load_balance_object /* Traffic load balance configuration */ ), "network-monitoring" ( /* Network monitoring probe configuration */ tdir_netmon_object /* Network monitoring probe configuration */ ), "url-filter" ( /* URL filtering service configuration */ c( "profile" ( /* URL Filter profile */ urlf_profile_object /* URL Filter profile */ ), "traceoptions" ( /* Trace options for URL Filter */ urlf_traceoptions_object /* Trace options for URL Filter */ ) ) ) ) ), "access-profile" ( /* Access profile for this instance */ sc( arg /* Profile name */ ) ).as(:oneline), # Ported from vSRX 18.3R1.9 "security" ( /* Security configuration */ c( "alarms" ( /* Configure security alarms */ c( "audible" ( /* Beep when new security alarms arrive */ c( "continuous" /* Keep beeping until all security alarms have been cleared */ ) ), "potential-violation" ( /* Configure potential security violations */ c( "authentication" arg /* Raise alarm for specified number of authentication failures */, "cryptographic-self-test" /* Raise alarm for cryptographic self test failures */, "decryption-failures" ( /* No. of decryption failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 1000] */ ) ), "encryption-failures" ( /* No. of encryption failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 1000] */ ) ), "ike-phase1-failures" ( /* No. of IKE Phase-1 failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 20] */ ) ), "ike-phase2-failures" ( /* No. of IKE Phase-2 failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 20] */ ) ), "key-generation-self-test" /* Raise alarm for key generation self test failures */, "non-cryptographic-self-test" /* Raise alarm for non-cryptographic self test failures */, "policy" ( /* Raise alarm for flow policy violations */ c( "source-ip" ( /* Configure source address type of policy violation */ c( "threshold" arg /* Number of source IP address matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total source IP address number that can be done policy violation check concurrently */ ) ), "destination-ip" ( /* Configure destination address type of policy violation */ c( "threshold" arg /* Number of destination IP address matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total destination IP address number that can be done policy violation check concurrently */ ) ), "application" ( /* Configure application type of policy violation */ c( "threshold" arg /* Number of application matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total application number that can be done policy violation check concurrently */ ) ), "policy-match" ( /* Configure policy type of policy violation */ c( "threshold" arg /* Number of policy matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total concurrent number of policy check violations */ ) ) ) ), "replay-attacks" ( /* No. of Replay attacks before which an alarm needs to be raised */ c( "threshold" arg /* Replay threshold value */ ) ), "security-log-percent-full" arg /* Raise alarm when security log exceeds this percent capacity */, "idp" /* Raise alarm for idp attack */ ) ) ) ), "log" ( /* Configure security log */ c( "exclude" arg ( /* List of security log criteria to exclude from the audit log */ c( "destination-address" ( /* Destination address */ ipaddr /* Destination address */ ), "destination-port" arg /* Destination port */, "event-id" arg /* Event ID filter */, "failure" /* Event was a failure */, "interface-name" arg /* Name of interface */, "policy-name" arg /* Policy name filter */, "process" arg /* Process that generated the event */, "protocol" arg /* Protocol filter */, "source-address" ( /* Source address */ ipaddr /* Source address */ ), "source-port" arg /* Source port */, "success" /* Event was successful */, "username" arg /* Username filter */ ) ), "limit" arg /* Limit number of security log entries to keep in memory */, "cache" ( /* Cache security log events in the audit log buffer */ c( "exclude" arg ( /* List of security log criteria to exclude from the audit log */ c( "destination-address" ( /* Destination address */ ipaddr /* Destination address */ ), "destination-port" arg /* Destination port */, "event-id" arg /* Event ID filter */, "failure" /* Event was a failure */, "interface-name" arg /* Name of interface */, "policy-name" arg /* Policy name filter */, "process" arg /* Process that generated the event */, "protocol" arg /* Protocol filter */, "source-address" ( /* Source address */ ipaddr /* Source address */ ), "source-port" arg /* Source port */, "success" /* Event was successful */, "username" arg /* Username filter */ ) ), "limit" arg /* Limit number of security log entries to keep in memory */ ) ), "disable" /* Disable security logging for the device */, "utc-timestamp" /* Use UTC time for security log timestamps */, "mode" ( /* Controls how security logs are processed and exported */ ("stream" | "event") ), "event-rate" arg /* Control plane event rate */, "format" ( /* Set security log format for the device */ ("syslog" | "sd-syslog" | "binary") ), "rate-cap" arg /* Data plane event rate */, "max-database-record" arg /* Maximum records in database */, "report" /* Set security log report settings */, c( "source-address" ( /* Source ip address used when exporting security logs */ ipaddr /* Source ip address used when exporting security logs */ ), "source-interface" ( /* Source interface used when exporting security logs */ interface_name /* Source interface used when exporting security logs */ ) ), "transport" ( /* Set security log transport settings */ c( "tcp-connections" arg /* Set tcp connection number per-stream */, "protocol" ( /* Set security log transport protocol for the device */ ("udp" | "tcp" | "tls") ), "tls-profile" arg /* TLS profile */ ) ), "facility-override" ( /* Alternate facility for logging to remote host */ ("authorization" | "daemon" | "ftp" | "kernel" | "user" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7") ), "stream" arg ( /* Set security log stream settings */ c( "severity" ( /* Severity threshold for security logs */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug") ), "format" ( /* Specify the log stream format */ ("syslog" | "sd-syslog" | "welf" | "binary") ), "category" enum(("all" | "content-security" | "fw-auth" | "screen" | "alg" | "nat" | "flow" | "sctp" | "gtp" | "ipsec" | "idp" | "rtlog" | "pst-ds-lite" | "appqos" | "secintel" | "aamw")) /* Selects the type of events that may be logged */, "filter" enum(("threat-attack")) /* Selects the filter to filter the logs to be logged */, "host" ( /* Destination to send security logs to */ host_object /* Destination to send security logs to */ ), "rate-limit" ( /* Rate-limit for security logs */ c( arg ) ), "file" ( /* Security log file options for logs in local file */ c( "localfilename" arg /* Name of local log file */, "size" arg /* Maximum size of local log file in megabytes */, "rotation" arg /* Maximum number of rotate files */, "allow-duplicates" /* To disable log consolidation */ ) ) ) ), "file" ( /* Security log file options for logs in binary format */ c( "filename" arg /* Name of binary log file */, "size" arg /* Maximum size of binary log file in megabytes */, "path" arg /* Path to binary log files */, "files" arg /* Maximum number of binary log files */ ) ), "traceoptions" ( /* Security log daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("source" | "configuration" | "all" | "report" | "hpl")) /* List of things to include in trace */.as(:oneline) ) ) ) ), "certificates" ( /* X.509 certificate configuration */ c( "local" ( /* Local X.509 certificate configuration */ certificate_object /* Local X.509 certificate configuration */ ), "path-length" arg /* Maximum certificate path length */, "maximum-certificates" arg /* Maximum number of certificates to cache */, "cache-size" arg /* Maximum size of certificate cache */, "cache-timeout-negative" arg /* Time in seconds to cache negative responses */, "enrollment-retry" arg /* Number of retry attempts for an enrollment request */, "certification-authority" arg ( /* CA X.509 certificate configuration */ c( "ca-name" arg /* CA name */, "file" arg /* File to read certificate from */, "crl" arg /* File to read crl from */, "enrollment-url" arg /* URL */, "ldap-url" arg /* URL */, "encoding" ( /* Encoding to use for certificate or CRL on disk */ ("binary" | "pem") ) ) ) ) ), "authentication-key-chains" ( /* Authentication key chain configuration */ security_authentication_key_chains /* Authentication key chain configuration */ ), "ssh-known-hosts" ( /* SSH known host list */ c( "host" arg ( /* SSH known host entry */ c( "rsa1-key" arg /* Base64 encoded RSA key (protocol version 1) */, "rsa-key" arg /* Base64 encoded RSA key */, "dsa-key" arg /* Base64 encoded DSA key */, "ecdsa-key" arg /* Base64 encoded ECDSA key */, "ecdsa-sha2-nistp256-key" arg /* Base64 encoded ECDSA-SHA2-NIST256 key */, "ecdsa-sha2-nistp384-key" arg /* Base64 encoded ECDSA-SHA2-NIST384 key */, "ecdsa-sha2-nistp521-key" arg /* Base64 encoded ECDSA-SHA2-NIST521 key */, "ed25519-key" arg /* Base64 encoded ED25519 key */ ) ) ) ), "key-protection" /* Common-Criteria key-protection configuration */, "pki" ( /* PKI service configuration */ security_pki /* PKI service configuration */ ), "ike" ( /* IKE configuration */ security_ike /* IKE configuration */ ), "ipsec" ( /* IPSec configuration */ security_ipsec_vpn /* IPSec configuration */ ), "group-vpn" ( /* Group VPN configuration */ security_group_vpn /* Group VPN configuration */ ), "ipsec-policy" ( /* IPSec policy configuration */ security_ipsec_policies /* IPSec policy configuration */ ), "idp" ( /* Configure IDP */ c( "idp-policy" ( /* Configure IDP policy */ idp_policy_type /* Configure IDP policy */ ), "active-policy" arg /* Set active policy */, "default-policy" arg /* Set active policy */, "custom-attack" ( /* Configure custom attacks */ custom_attack_type /* Configure custom attacks */ ), "custom-attack-group" ( /* Configure custom attack groups */ custom_attack_group_type /* Configure custom attack groups */ ), "dynamic-attack-group" ( /* Configure dynamic attack groups */ dynamic_attack_group_type /* Configure dynamic attack groups */ ), "traceoptions" ( /* Trace options for idp services */ idpd_traceoptions_type /* Trace options for idp services */ ), "security-package" ( /* Security package options */ c( "url" arg /* URL of Security package download */, "source-address" ( /* Source address to be used for sending download request */ ipv4addr /* Source address to be used for sending download request */ ), "proxy-profile" arg /* Proxy profile of security package download */, "install" ( /* Configure install command */ c( "ignore-version-check" /* Skip version check when attack database gets installed */ ) ), "automatic" ( /* Scheduled download and update */ c( "start-time" ( /* Start time (YYYY-MM-DD.HH:MM:SS) */ time /* Start time (YYYY-MM-DD.HH:MM:SS) */ ), "interval" arg /* Interval */, "download-timeout" arg /* Maximum time for download to complete */, ("enable") ) ) ) ), "sensor-configuration" ( /* IDP Sensor Configuration */ c( "log" ( /* IDP Log Configuration */ c( "cache-size" arg /* Log cache size */, "suppression" ( /* Log suppression */ c( ("disable"), "include-destination-address" /* Include destination address while performing a log suppression */, "no-include-destination-address" /* Don't include destination address while performing a log suppression */, "start-log" arg /* Suppression start log */, "max-logs-operate" arg /* Maximum logs can be operate on */, "max-time-report" arg /* Time after suppressed logs will be reported */ ) ) ) ), "packet-log" ( /* IDP Packetlog Configuration */ c( "total-memory" arg /* Total memory unit(%) */, "max-sessions" arg /* Max num of sessions in unit(%) */, "threshold-logging-interval" arg /* Interval of logs for max limit session/memory reached in minutes */, "source-address" ( /* Source IP address used to transport packetlog to a host */ ipv4addr /* Source IP address used to transport packetlog to a host */ ), "host" ( /* Destination host to send packetlog to */ c( ipv4addr /* IP address */, "port" arg /* UDP port number */ ) ) ) ), "application-identification" ( /* Application identification */ c( ("disable"), "application-system-cache" /* Application system cache */, "no-application-system-cache" /* Don't application system cache */, "max-tcp-session-packet-memory" arg /* Max TCP session memory */, "max-udp-session-packet-memory" arg /* Max UDP session memory */, "max-sessions" arg /* Max sessions that can run AI at the same time */, "max-packet-memory" arg /* Max packet memory */, "max-packet-memory-ratio" arg /* Max packet memory ratio */, "max-reass-packet-memory-ratio" arg /* Max reass packet memory ratio */, "application-system-cache-timeout" arg /* Application system cache timeout */ ) ), "flow" ( /* Flow configuration */ c( "log-errors" /* Flow log errors */, "no-log-errors" /* Don't flow log errors */, "reset-on-policy" /* Flow reset-on-policy */, "no-reset-on-policy" /* Don't flow reset-on-policy */, "allow-icmp-without-flow" /* Allow icmp without flow */, "no-allow-icmp-without-flow" /* Don't allow icmp without flow */, "hash-table-size" arg /* Flow hash table size */, "reject-timeout" arg /* Flow reject timeout */, "max-timers-poll-ticks" arg /* Maximum timers poll ticks */, "fifo-max-size" arg /* Maximum fifo size */, "udp-anticipated-timeout" arg /* Maximum udp anticipated timeout */, "allow-nonsyn-connection" /* Allow TCP non-syn connection */, "drop-on-limit" /* Drop connections on exceeding resource limits */, "drop-on-failover" /* Drop traffic on HA failover sessions */, "drop-if-no-policy-loaded" /* Drop all traffic till IDP policy gets loaded */, "max-sessions-offset" arg /* Maximum session offset limit percentage */, "min-objcache-limit-lt" arg /* Memory lower threshold limit percentage */, "min-objcache-limit-ut" arg /* Memory upper threshold limit percentage */, "session-steering" /* Session steering for session anticipation */, "idp-bypass-cpu-usg-overload" /* Enable IDP bypass of sessions/packets on CPU usage overload */, "idp-bypass-cpu-threshold" arg /* Threshold of CPU usage in percentage for IDP bypass */, "idp-bypass-cpu-tolerance" arg /* Tolerance of CPU usage in percentage for IDP bypass */ ) ), "re-assembler" ( /* Re-assembler configuration */ c( "drop-on-syn-in-window" /* Drop session when SYN is seen in the window */, "no-drop-on-syn-in-window" /* Don't drop session when SYN is seen in the window */, "ignore-memory-overflow" /* Ignore memory overflow */, "no-ignore-memory-overflow" /* Don't ignore memory overflow */, "ignore-reassembly-memory-overflow" /* Ignore packet reassembly memory overflow */, "no-ignore-reassembly-memory-overflow" /* Don't ignore packet reassembly memory overflow */, "ignore-reassembly-overflow" /* Ignore global reassembly overflow */, "max-packet-mem" arg /* Maximum packet memory */, "max-flow-mem" arg /* Maximum flow memory */, "max-packet-mem-ratio" arg /* Maximum packet memory ratio */, "action-on-reassembly-failure" ( /* Select the action on reassembly failures */ ("ignore" | "drop" | "drop-session") ), "tcp-error-logging" /* Enable logging on tcp errors */, "no-tcp-error-logging" /* Don't enable logging on tcp errors */, "max-synacks-queued" arg /* Maximum syn-acks queued with different SEQ numbers */, "force-tcp-window-checks" /* Force TCP window checks if uni-directional policy is configured */, "no-force-tcp-window-checks" /* Don't force TCP window checks if uni-directional policy is configured */ ) ), "ips" ( /* Ips configuration */ c( "process-override" /* Process override */, "no-process-override" /* Don't process override */, "detect-shellcode" /* Detect shellcode */, "no-detect-shellcode" /* Don't detect shellcode */, "process-ignore-s2c" /* Process ignore s2c */, "no-process-ignore-s2c" /* Don't process ignore s2c */, "ignore-regular-expression" /* Ignore regular expression */, "no-ignore-regular-expression" /* Don't ignore regular expression */, "process-port" arg /* Process port */, "fifo-max-size" arg /* Maximum fifo size */, "log-supercede-min" arg /* Minimum log supercede */, "content-decompression-max-memory-kb" arg /* Maximum memory usage in kilo bytes */, "content-decompression-max-ratio" arg /* Maximum decompression ratio supported */, "session-pkt-depth" arg /* Session pkt scanning depth */ ) ), "global" ( /* Global configuration */ c( "enable-packet-pool" /* Enable packet pool */, "no-enable-packet-pool" /* Don't enable packet pool */, "enable-all-qmodules" /* Enable all qmodules */, "no-enable-all-qmodules" /* Don't enable all qmodules */, "policy-lookup-cache" /* Policy lookup cache */, "no-policy-lookup-cache" /* Don't policy lookup cache */, "memory-limit-percent" arg /* Memory limit percentage */ ) ), "detector" ( /* Detector Configuration */ c( "protocol-name" ( /* Apropriate help string */ proto_object /* Apropriate help string */ ) ) ), "ssl-inspection" ( /* SSL inspection */ c( "sessions" arg /* Number of SSL sessions to inspect */, "session-id-cache-timeout" arg /* Timeout value for SSL session ID cache */, "maximum-cache-size" arg /* Maximum SSL session ID cache size */, "cache-prune-chunk-size" arg /* Number of cache entries to delete when pruning SSL session ID cache */, "key-protection" /* Enable SSL key protection */ ) ), "disable-low-memory-handling" /* Do not abort IDP operations under low memory condition */, "high-availability" ( /* High availability configuration */ c( "no-policy-cold-synchronization" /* Disable policy cold synchronization */ ) ), "security-configuration" ( /* IDP security configuration */ c( "protection-mode" ( /* Enable security protection mode */ ("datacenter" | "datacenter-full" | "perimeter" | "perimeter-full") ) ) ) ) ), "max-sessions" arg /* Max number of IDP sessions */, "logical-system" ( /* Configure max IDP sessions for the logial system */ logical_system_type /* Configure max IDP sessions for the logial system */ ), "processes" /* Configure IDP Processes */ ) ), "address-book" ( /* Security address book */ named_address_book_type /* Security address book */ ), "alg" ( /* Configure ALG security options */ alg_object /* Configure ALG security options */ ), "application-firewall" ( /* Configure application-firewall rule-sets */ c( "traceoptions" ( /* Rule-sets Tracing Options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "lookup" | "compilation" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) ), "profile" arg ( /* Configure application-firewall profile */ c( "block-message" ( /* Block message settings */ c( "type" ( /* Type of block message desired */ c( c( "custom-text" ( /* Custom defined block message */ c( "content" arg /* Content of custom-text */ ) ), "custom-redirect-url" ( /* Custom redirect URL server */ c( "content" arg /* URL of block message */ ) ) ) ) ) ) ) ) ), "rule-sets" arg ( /* Configure application-firewall rule-sets */ c( "rule" ( /* Rule */ appfw_rule_type /* Rule */ ), "default-rule" ( /* Specify default rule for a rule-set */ c( c( "permit" /* Permit packets */, "deny" ( /* Deny packets */ c( "block-message" /* Block message */ ) ), "reject" ( /* Reject packets */ c( "block-message" /* Block message */ ) ) ) ) ), "profile" arg /* Profile for block message */ ) ), "nested-application" ( /* Configure nested application dynamic lookup */ c( "dynamic-lookup" ( /* Configure dynamic lookup */ c( "enable" /* Enable dynamic lookup */ ) ) ) ) ) ), "application-tracking" ( /* Application tracking configuration */ c( "disable" /* Disable Application tracking */, c( "first-update-interval" arg /* Interval when the first update message is sent */, "first-update" /* Generate Application tracking initial message when a session is created */ ), "session-update-interval" arg /* Frequency in which Application tracking update messages are generated */ ) ), "utm" ( /* Content security service configuration */ c( "traceoptions" ( /* Trace options for utm */ utm_traceoptions /* Trace options for utm */ ), "application-proxy" ( /* Application proxy settings */ c( "traceoptions" ( /* Trace options for application proxy */ utm_apppxy_traceoptions /* Trace options for application proxy */ ) ) ), "ipc" ( /* IPC settings */ c( "traceoptions" ( /* Trace options for IPC */ utm_ipc_traceoptions /* Trace options for IPC */ ) ) ), "custom-objects" ( /* Custom-objects settings */ c( "category-package" ( /* Category package download and install options */ c( "url" arg /* HTTPS URL of category package download */, "proxy-profile" arg /* Proxy profile */, "routing-instance" arg /* Routing instance name */, "automatic" ( /* Scheduled download and install */ c( "start-time" ( /* Start time (YYYY-MM-DD.HH:MM:SS) */ time /* Start time (YYYY-MM-DD.HH:MM:SS) */ ), "interval" arg /* Interval in hours */, "enable" /* Enable automatic download and install */ ) ) ) ), "mime-pattern" ( /* Configure mime-list object */ mime_list_type /* Configure mime-list object */ ), "filename-extension" ( /* Configure extension-list object */ extension_list_type /* Configure extension-list object */ ), "url-pattern" ( /* Configure url-list object */ url_list_type /* Configure url-list object */ ), "custom-url-category" ( /* Configure category-list object */ category_list_type /* Configure category-list object */ ), "protocol-command" ( /* Configure command-list object */ command_list_type /* Configure command-list object */ ), "custom-message" ( /* Configure custom-message object */ custom_message_type /* Configure custom-message object */ ) ) ), "default-configuration" ( /* Global default UTM configurations */ c( "anti-virus" ( /* Configure anti-virus feature */ default_anti_virus_feature /* Configure anti-virus feature */ ), "web-filtering" ( /* Configure web-filtering feature */ default_webfilter_feature /* Configure web-filtering feature */ ), "anti-spam" ( /* Configure anti-spam feature */ default_anti_spam_feature /* Configure anti-spam feature */ ), "content-filtering" ( /* Configure content filtering feature */ default_content_filtering_feature /* Configure content filtering feature */ ) ) ), "feature-profile" ( /* Feature-profile settings */ c( "anti-virus" ( /* Configure anti-virus feature */ anti_virus_feature /* Configure anti-virus feature */ ), "web-filtering" ( /* Configure web-filtering feature */ webfilter_feature /* Configure web-filtering feature */ ), "anti-spam" ( /* Configure anti-spam feature */ anti_spam_feature /* Configure anti-spam feature */ ), "content-filtering" ( /* Configure content filtering feature */ content_filtering_feature /* Configure content filtering feature */ ) ) ), "utm-policy" ( /* Configure profile */ profile_setting /* Configure profile */ ) ) ), "dynamic-address" ( /* Configure security dynamic address */ c( "traceoptions" ( /* Security dynamic address tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "control" | "ipc" | "ip-entry" | "file-retrieval" | "lookup" | "all")) /* Tracing parameters */.as(:oneline) ) ), "feed-server" arg ( /* Security dynamic address feed-server */ c( "description" arg /* Text description of feed-server */, "hostname" arg /* Hostname or IP address of feed-server */, "update-interval" arg /* Interval to retrieve update */, "hold-interval" arg /* Time to keep IP entry when update failed */, "feed-name" arg ( /* Feed name in feed-server */ c( "description" arg /* Text description of feed in feed-server */, "path" arg /* Path of feed, appended to feed-server to form a complete URL */, "update-interval" arg /* Interval to retrieve update */, "hold-interval" arg /* Time to keep IP entry when update failed */ ) ) ) ), "address-name" arg ( /* Security dynamic address name */ c( "description" arg /* Text description of dynamic address */, "profile" ( /* Information to categorize feed data into this dynamic address */ c( "feed-name" arg /* Name of feed in feed-server for this dynamic address */, "category" arg ( /* Name of category */ c( "feed" arg /* Name of feed under category */, "property" arg ( /* Property to match */ c( c( "string" arg /* Value type is strings */ ) ) ) ) ) ) ) ) ) ) ), "dynamic-vpn" /* Configure dynamic VPN */, "dynamic-application" ( /* Configure dynamic-application */ c( "traceoptions" ( /* Dynamic application tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "lookup" | "compilation" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) ), "profile" arg ( /* Configure application-firewall profile */ c( "redirect-message" ( /* Redirect message settings */ c( "type" ( /* Type of redirect message desired */ c( c( "custom-text" ( /* Custom defined text block message */ c( "content" arg /* Content of custom-text */ ) ), "redirect-url" ( /* Custom redirect URL server */ c( "content" arg /* URL of block message */ ) ) ) ) ) ) ) ) ) ) ), "softwires" ( /* Configure softwire feature */ softwires_object /* Configure softwire feature */ ), "forwarding-options" ( /* Security-forwarding-options configuration */ c( "family" ( /* Security forwarding-options for family */ c( "inet6" ( /* Family IPv6 */ c( "mode" ( /* Forwarding mode */ ("packet-based" | "flow-based" | "drop") ) ) ), "mpls" ( /* Family MPLS */ c( "mode" ( /* Forwarding mode */ ("packet-based") ) ) ), "iso" ( /* Family ISO */ c( "mode" ( /* Forwarding mode */ ("packet-based") ) ) ) ) ), "mirror-filter" ( /* Security mirror filters */ mirror_filter_type /* Security mirror filters */ ), "secure-wire" ( /* Secure-wire cross connections */ secure_wire_type /* Secure-wire cross connections */ ) ) ), "advanced-services" /* Advanced services configuration */, "flow" ( /* FLOW configuration */ c( "enhanced-routing-mode" /* Enable enhanced route scaling */, "traceoptions" ( /* Trace options for flow services */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "basic-datapath" | "high-availability" | "host-traffic" | "fragmentation" | "multicast" | "route" | "session" | "session-scan" | "tcp-basic" | "tunnel")) /* Events and other information to include in trace output */.as(:oneline), "rate-limit" arg /* Limit the incoming rate of trace messages */, "packet-filter" ( /* Flow packet debug filters */ flow_filter_type /* Flow packet debug filters */ ), "trace-level" ( /* FLow trace level */ c( c( "error" /* Error messages */, "brief" /* Brief messages */, "detail" /* Detail messages */ ) ) ) ) ), "pending-sess-queue-length" ( /* Maximum queued length per pending session */ ("normal" | "moderate" | "high") ), "enable-reroute-uniform-link-check" ( /* Enable reroute check with uniform link */ c( "nat" /* Enable NAT check */ ) ), "allow-dns-reply" /* Allow unmatched incoming DNS reply packet */, "route-change-timeout" arg /* Timeout value for route change to nonexistent route */, "syn-flood-protection-mode" ( /* TCP SYN flood protection mode */ ("syn-cookie" | "syn-proxy") ), "allow-embedded-icmp" /* Allow embedded ICMP packets not matching a session to pass through */, "mcast-buffer-enhance" /* Allow to hold more packets during multicast session creation */, "allow-reverse-ecmp" /* Allow reverse ECMP route lookup */, "sync-icmp-session" /* Allow icmp sessions to sync to peer node */, "ipsec-performance-acceleration" /* Accelerate the IPSec traffic performance */, "aging" ( /* Aging configuration */ c( "early-ageout" arg /* Delay before device declares session invalid */, "low-watermark" arg /* Percentage of session-table capacity at which aggressive aging-out ends */, "high-watermark" arg /* Percentage of session-table capacity at which aggressive aging-out starts */ ) ), "ethernet-switching" ( /* Ethernet-switching configuration for flow */ c( "block-non-ip-all" /* Block all non-IP and non-ARP traffic including broadcast/multicast */, "bypass-non-ip-unicast" /* Allow all non-IP (including unicast) traffic */, "no-packet-flooding" ( /* Stop IP flooding, send ARP/ICMP to trigger MAC learning */ c( "no-trace-route" /* Don't send ICMP to trigger MAC learning */ ) ), "bpdu-vlan-flooding" /* Set 802.1D BPDU flooding based on VLAN */ ) ), "tcp-mss" ( /* TCP maximum segment size configuration */ c( "all-tcp" ( /* Enable MSS override for all packets */ c( "mss" arg /* MSS value */ ) ), "ipsec-vpn" ( /* Enable MSS override for all packets entering IPSec tunnel */ c( "mss" arg /* MSS value */ ) ), "gre-in" ( /* Enable MSS override for all GRE packets coming out of an IPSec tunnel */ c( "mss" arg /* MSS value */ ) ), "gre-out" ( /* Enable MSS override for all GRE packets entering an IPsec tunnel */ c( "mss" arg /* MSS value */ ) ) ) ), "tcp-session" ( /* Transmission Control Protocol session configuration */ c( "rst-invalidate-session" /* Immediately end session on receipt of reset (RST) segment */, "fin-invalidate-session" /* Immediately end session on receipt of fin (FIN) segment */, "rst-sequence-check" /* Check sequence number in reset (RST) segment */, "no-syn-check" /* Disable creation-time SYN-flag check */, "strict-syn-check" /* Enable strict syn check */, "no-syn-check-in-tunnel" /* Disable creation-time SYN-flag check for tunnel packets */, "no-sequence-check" /* Disable sequence-number checking */, "tcp-initial-timeout" arg /* Timeout for TCP session when initialization fails */, "maximum-window" ( /* Maximum TCP proxy scaled receive window, default 256K bytes */ ("64K" | "128K" | "256K" | "512K" | "1M") ), "time-wait-state" ( /* Session timeout value in time-wait state, default 150 seconds */ c( c( "session-ageout" /* Allow session to ageout using service based timeout values */, "session-timeout" arg /* Configure session timeout value for time-wait state */ ), "apply-to-half-close-state" /* Apply time-wait-state timeout to half-close state */ ) ) ) ), "force-ip-reassembly" /* Force to reassemble ip fragments */, "preserve-incoming-fragment-size" /* Preserve incoming fragment size for egress MTU */, "advanced-options" ( /* Flow config advanced options */ c( "drop-matching-reserved-ip-address" /* Drop matching reserved source IP address */, "drop-matching-link-local-address" /* Drop matching link local address */, "reverse-route-packet-mode-vr" /* Allow reverse route lookup with packet mode vr */ ) ), "load-distribution" ( /* Flow config SPU load distribution */ c( "session-affinity" /* SPU load distribution based on the service anchor SPU */ ) ), "packet-log" ( /* Configure flow packet log */ c( "enable" /* Enable log for dropped packet */, "throttle-interval" arg /* Interval should be configured as a power of two */, "packet-filter" ( /* Configure packet log filter */ flow_filter_type /* Configure packet log filter */ ) ) ), "power-mode-ipsec" /* Enable power mode ipsec processing */ ) ), "firewall-authentication" ( /* Firewall authentication parameters */ c( "traceoptions" ( /* Data-plane firewall authentication tracing options */ c( "flag" enum(("authentication" | "proxy" | "all")) ( /* Events to include in trace output */ sc( c( "terse" /* Include terse amount of output in trace */, "detail" /* Include detailed amount of output in trace */, "extensive" /* Include extensive amount of output in trace */ ) ) ).as(:oneline) ) ) ) ), "screen" ( /* Configure screen feature */ c( "trap" ( /* Configure trap interval */ sc( "interval" arg /* Trap interval */ ) ).as(:oneline), "ids-option" ( /* Configure ids-option */ ids_option_type /* Configure ids-option */ ), "traceoptions" ( /* Trace options for Network Security Screen */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "all")) /* Tracing parameters */.as(:oneline) ) ), "white-list" ( /* Set of IP addresses for white list */ ids_wlist_type /* Set of IP addresses for white list */ ) ) ), "nat" ( /* Configure Network Address Translation */ nat_object /* Configure Network Address Translation */ ), "forwarding-process" ( /* Configure security forwarding-process options */ c( "enhanced-services-mode" /* Enable enhanced application services mode */, "application-services" ( /* Configure application service options */ c( "maximize-alg-sessions" /* Maximize ALG session capacity */, "maximize-persistent-nat-capacity" /* Increase persistent NAT capacity by reducing maximum flow sessions */, "maximize-cp-sessions" /* Maximize CP session capacity */, "session-distribution-mode" arg /* Session distribution mode */, "enable-gtpu-distribution" /* Enable GTP-U distribution */, "packet-ordering-mode" arg /* Packet ordering mode */, "maximize-idp-sessions" /* Run security services in dedicated processes to maximize IDP session capacity */ ) ) ) ), "policies" ( /* Configure Network Security Policies */ policy_object_type /* Configure Network Security Policies */ ), "tcp-encap" ( /* Configure TCP Encapsulation. */ c( "traceoptions" ( /* Trace options for TCP encapsulation service */ ragw_traceoptions /* Trace options for TCP encapsulation service */ ), "profile" arg ( /* Configure profile. */ c( "ssl-profile" arg /* SSL Termination profile */, "log" /* Enable logging for remote-access */ ) ), "global-options" ( /* Global settings for TCP encapsulation */ c( "enable-tunnel-tracking" /* Track ESP tunnels */ ) ) ) ), "resource-manager" ( /* Configure resource manager security options */ c( "traceoptions" ( /* Traceoptions for resource manager */ c( "flag" enum(("client" | "group" | "resource" | "gate" | "session" | "chassis cluster" | "messaging" | "service pinhole" | "error" | "all")) ( /* Resource manager objects and events to include in trace */ sc( c( "terse" /* Set trace verbosity level to terse */, "detail" /* Set trace verbosity level to detail */, "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "analysis" ( /* Configure security analysis */ c( "no-report" /* Stops security analysis reporting */ ) ), "traceoptions" ( /* Network security daemon tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "compilation" | "all")) /* Tracing parameters */.as(:oneline), "rate-limit" arg /* Limit the incoming rate of trace messages */ ) ), "datapath-debug" ( /* Datapath debug options */ c( "traceoptions" ( /* End to end debug trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ), "capture-file" ( /* Packet capture options */ sc( arg /* Capture file name */, "format" ( /* Capture file format */ ("pcap") ), "size" arg /* Maximum file size */, "files" arg /* Maximum number of files */, "world-readable" /* Allow any user to read packet-capture files */, "no-world-readable" /* Don't allow any user to read packet-capture files */ ) ).as(:oneline), "maximum-capture-size" arg /* Max packet capture length */, "action-profile" ( /* Action profile definitions */ e2e_action_profile /* Action profile definitions */ ), "packet-filter" ( /* Packet filter configuration */ end_to_end_debug_filter /* Packet filter configuration */ ) ) ), "user-identification" ( /* Configure user-identification */ c( "traceoptions" ( /* User-identification Tracing Options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Tracing parameters */.as(:oneline) ) ), "authentication-source" ( /* Configure user-identification authentication-source */ authentication_source_type /* Configure user-identification authentication-source */ ) ) ), "zones" ( /* Zone configuration */ c( "functional-zone" ( /* Functional zone */ c( "management" ( /* Host for out of band management interfaces */ c( "interfaces" ( /* Interfaces that are part of this zone */ zone_interface_list_type /* Interfaces that are part of this zone */ ), "screen" arg /* Name of ids option object applied to the zone */, "host-inbound-traffic" ( /* Allowed system services & protocols */ zone_host_inbound_traffic_t /* Allowed system services & protocols */ ), "description" arg /* Text description of zone */ ) ) ) ), "security-zone" ( /* Security zones */ security_zone_type /* Security zones */ ) ) ), "advance-policy-based-routing" ( /* Configure Network Security APBR Policies */ c( "traceoptions" ( /* Advance policy based routing tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "lookup" | "compilation" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) ), "tunables" ( /* Configure advance policy based routing tunables */ c( "max-route-change" arg /* Maximum route change */, "drop-on-zone-mismatch" /* Drop session if zone mismatches */, "enable-logging" /* Enable AppTrack logging */ ) ), "profile" arg ( /* Configure advance-policy-based-routing profile */ c( "rule" ( /* Specify an advance policy based routing rule */ apbr_rule_type /* Specify an advance policy based routing rule */ ) ) ), "active-probe-params" arg ( /* Active probe's settings */ c( "settings" ( /* Settings */ appqoe_probe_params /* Settings */ ) ) ), "metrics-profile" arg ( /* Configure metric profiles */ c( "sla-threshold" ( /* Configure SLA metric threshold */ appqoe_sla_metric_profile /* Configure SLA metric threshold */ ) ) ), "overlay-path" arg ( /* List of overlay paths */ c( "tunnel-path" ( /* Tunnel start & end ip addresses */ appqoe_probe_path /* Tunnel start & end ip addresses */ ), "probe-path" ( /* Probe start & end ip addresses */ appqoe_probe_path /* Probe start & end ip addresses */ ) ) ), "destination-path-group" arg ( /* Group of tunnels to a particular destination */ c( "probe-routing-instance" ( /* Set routing instance for the probe-path */ c( arg /* Name of routing instance */ ) ), "overlay-path" arg /* List of paths */ ) ), "sla-options" ( /* Global SLA options */ c( "local-route-switch" ( /* Enable/disable Automatic local route switching */ c( c( "enabled" /* Enable */, "disabled" /* Disable */ ) ) ), "log-type" ( /* Choose the logging mechanism */ c( c( "syslog" /* Choose syslog */ ) ) ), "max-passive-probe-limit" ( /* Set max passive probe limits */ c( "number-of-probes" ( /* Number of passive probes to be sent */ c( arg ) ), "interval" ( /* Interval within which to send */ c( arg ) ) ) ) ) ), "sla-rule" arg ( /* Create SLA rule */ c( "switch-idle-time" ( /* Idle timeout period where no SLA violation will be detected once path switch has happened */ c( arg ) ), "metrics-profile" ( /* Set metrics profile for the SLA */ c( arg /* Metrics Profile name */ ) ), "active-probe-params" ( /* Set Probe params for the overlay-path */ c( arg /* Probe parameter's name */ ) ), "passive-probe-params" ( /* Passive probe settings */ c( "sampling-percentage" ( /* Mininmum percentage of Sessions to be evaluated for the application */ c( arg ) ), "violation-count" ( /* Number of SLA violations within sampling period to be considered as a violation. */ c( arg ) ), "sampling-period" ( /* Time period in which the sampling is done */ c( arg ) ), "sla-export-factor" ( /* Enabled sampling window based SLA exporting */ c( arg ) ), "type" ( /* Choose type of SLA measurement */ c( c( "book-ended" /* Choose custom method of probing within WAN link */ ) ) ), "sampling-frequency" ( /* Sampling frequency settings */ c( "interval" ( /* Time based sampling interval */ c( arg ) ), "ratio" ( /* 1:N based sampling ratio */ c( arg ) ) ) ) ) ) ) ), "policy" arg ( /* Define a policy context from this zone */ c( "policy" ( /* Define security policy in specified zone-to-zone direction */ sla_policy_type /* Define security policy in specified zone-to-zone direction */ ) ) ) ) ), "gprs" ( /* GPRS configuration */ c( "gtp" ( /* GPRS tunneling protocol configuration */ c( "profile" arg ( /* Configure GTP Profile */ c( "min-message-length" arg /* Minimum message length, from 0 to 65535 */, "max-message-length" arg /* Maximum message length, from 1 to 65535 */, "timeout" arg /* Tunnel idle timeout */, "rate-limit" arg /* Limit messages per second */, "log" ( /* GPRS tunneling protocol logs */ c( "forwarded" ( /* Log passed good packets */ ("basic" | "detail") ), "state-invalid" ( /* Dropped by state-inspection or sanity failure */ ("basic" | "detail") ), "prohibited" ( /* Dropped for type/length/version filtering */ ("basic" | "detail") ), "gtp-u" enum(("all" | "dropped")) /* Logs for gtp-u */, "rate-limited" ( /* Dropped for rate-limit */ c( c( "basic" /* Basic logs */, "detail" /* Detailed logs */ ), "frequency-number" arg /* Logging frequency over threshold, set by rate-limit */ ) ) ) ), "remove-ie" ( /* Remove information elements */ c( "version" enum(("v1")) ( /* GTP version */ c( "release" enum(("R6" | "R7" | "R8" | "R9")) /* Remove information elements by release */, "number" ( /* Remove information elements by number */ c( arg ) ) ) ) ) ), "path-rate-limit" ( /* Limit control messages based on IP pairs */ c( "message-type" enum(("create-req" | "delete-req" | "echo-req" | "other")) ( /* Specific group of control messages */ c( "drop-threshold" ( /* Set drop threshold for path rate limiting */ c( "forward" arg /* Limit messages of forward direction */, "reverse" arg /* Limit messages of reverse direction */ ) ), "alarm-threshold" ( /* Set alarm threshold for path rate limiting */ c( "forward" arg /* Limit messages of forward direction */, "reverse" arg /* Limit messages of reverse direction */ ) ) ) ) ) ), "drop" ( /* Drop certain type of messages */ c( "aa-create-pdp" ( /* Create AA pdp request/response message */ c( c( "0" /* Version 0 */ ) ) ), "aa-delete-pdp" ( /* Delete AA pdp request/response message */ c( c( "0" /* Version 0 */ ) ) ), "bearer-resource" ( /* Bearer resource command/failure message */ c( c( "2" /* Version 2 */ ) ) ), "change-notification" ( /* Change notification request/response message */ c( c( "2" /* Version 2 */ ) ) ), "config-transfer" ( /* Configuration transfer message */ c( c( "2" /* Version 2 */ ) ) ), "context" ( /* Context request/response/ack message */ c( c( "2" /* Version 2 */ ) ) ), "create-bearer" ( /* Create bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "create-data-forwarding" ( /* Create indirect data forwarding tunnel request/response message */ c( c( "2" /* Version 2 */ ) ) ), "create-pdp" ( /* Create pdp request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "create-session" ( /* Create session request/response message */ c( c( "2" /* Version 2 */ ) ) ), "create-tnl-forwarding" ( /* Create forwarding tunnel request/response message */ c( c( "2" /* Version 2 */ ) ) ), "cs-paging" ( /* CS paging indication message */ c( c( "2" /* Version 2 */ ) ) ), "data-record" ( /* Data record request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "delete-bearer" ( /* Delete bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "delete-command" ( /* Delete bearer command/failure message */ c( c( "2" /* Version 2 */ ) ) ), "delete-data-forwarding" ( /* Delete indirect data forwarding tunnel request/response message */ c( c( "2" /* Version 2 */ ) ) ), "delete-pdn" ( /* Delete PDN connection set request/response message */ c( c( "2" /* Version 2 */ ) ) ), "delete-pdp" ( /* Delete pdp request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "delete-session" ( /* Delete session request/response message */ c( c( "2" /* Version 2 */ ) ) ), "detach" ( /* Detach notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "downlink-notification" ( /* Downlink data notification/ack/failure message */ c( c( "2" /* Version 2 */ ) ) ), "echo" ( /* Echo request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "error-indication" ( /* Error indication message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "failure-report" ( /* Failure report request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "fwd-access" ( /* Forward access context notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "fwd-relocation" ( /* Forward relocation request/response/comp/comp-ack message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "fwd-srns-context" ( /* Forward SRNS context/context-ack message */ c( c( "1" /* Version 1 */ ) ) ), "g-pdu" ( /* G-PDU (user PDU) message/T-PDU */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "identification" ( /* Identification request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "mbms-session-start" ( /* MBMS session start request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "mbms-session-stop" ( /* MBMS session stop request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "mbms-session-update" ( /* MBMS session update request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "modify-bearer" ( /* Modify bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "modify-command" ( /* Modify bearer command/failure message */ c( c( "2" /* Version 2 */ ) ) ), "node-alive" ( /* Node alive request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "note-ms-present" ( /* Note MS GPRS present request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "pdu-notification" ( /* PDU notification requst/response/reject/reject-response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "ran-info" ( /* RAN info relay message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "redirection" ( /* Redirection request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "release-access" ( /* Release access-bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "relocation-cancel" ( /* Relocation cancel request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "resume" ( /* Resume notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "send-route" ( /* Send route info request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "sgsn-context" ( /* SGSN context request/response/ack message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "stop-paging" ( /* Stop paging indication message */ c( c( "2" /* Version 2 */ ) ) ), "supported-extension" ( /* Supported extension headers notification message */ c( c( "1" /* Version 1 */ ) ) ), "suspend" ( /* Suspend notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "trace-session" ( /* Trace session activation/deactivation message */ c( c( "2" /* Version 2 */ ) ) ), "update-bearer" ( /* Update bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "update-pdn" ( /* Update PDN connection set request/response message */ c( c( "2" /* Version 2 */ ) ) ), "update-pdp" ( /* Update pdp request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "ver-not-supported" ( /* Version not supported message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ) ) ), "apn" arg ( /* GTP Access Point Name (APN) filter */ c( "imsi-prefix" arg ( /* Specific filter prefix digits for International Mobile Subscriber Identification(IMSI) */ c( "action" ( /* Configure GTP profile APN action */ c( c( "pass" /* Pass all selection modes for this APN */, "drop" /* Drop all selection modes for this APN */, "selection" ( /* Allowed selection modes for this APN */ c( "ms" /* Mobile Station selection mode */, "net" /* Network selection mode */, "vrf" /* Subscriber verified mode */ ) ) ) ) ) ) ) ) ), "restart-path" ( /* Restart GTP paths */ ("echo" | "create" | "all") ), "seq-number-validated" /* Validate G-PDU sequence number */, "gtp-in-gtp-denied" /* Deny nested GTP */, "u-tunnel-validated" /* Validate GTP-u tunnel */, "end-user-address-validated" /* Validate end user address */, "req-timeout" arg /* Request message timeout, default timeout value 5 seconds */, "handover-on-roaming-intf" /* Enable tunnel setup by Handover messages on roaming interface */, "handover-group" ( /* SGSN handover group configuration */ c( arg ) ) ) ), "traceoptions" ( /* Trace options for GPRS tunneling protocol */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "parser" | "chassis-cluster" | "gsn" | "jmpi" | "tnl" | "req" | "path" | "all")) /* Tracing parameters */.as(:oneline), "trace-level" ( /* GTP trace level */ c( c( "error" /* Match error conditions */, "warning" /* Match warning messages */, "notice" /* Match conditions that should be handled specially */, "info" /* Match informational messages */, "verbose" /* Match verbose messages */ ) ) ) ) ), "handover-group" arg ( /* Set handover group */ c( "address-book" arg ( /* Set addreess book */ c( "address-set" ( /* Set address set */ c( arg ) ) ) ) ) ), "handover-default" ( /* Set handover default deny */ c( "deny" /* Handover default deny */ ) ) ) ), "sctp" ( /* GPRS stream control transmission protocol configuration */ c( "profile" arg ( /* Configure stream transmission protocol */ c( "nat-only" /* Only do payload IPs translation for SCTP packet */, "association-timeout" arg /* SCTP association timeout length, in minutes */, "handshake-timeout" arg /* SCTP handshake timeout, in seconds */, "drop" ( /* Disallowed SCTP payload message */ c( "m3ua-service" enum(("sccp" | "tup" | "isup")) /* MTP level 3 (MTP3) user adaptation layer service */.as(:oneline), "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "all" | arg)) /* SCTP payload protocol identifier */.as(:oneline) ) ), "permit" ( /* Permit SCTP payload message */ c( "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "all" | arg)) /* SCTP payload protocol identifier */.as(:oneline) ) ), "limit" ( /* Packet limits */ c( "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "others" | arg)) ( /* Payload Rate limit */ sc( "rate" arg /* Rate limit */ ) ).as(:oneline), "address" arg ( /* Rate limit for a list of IP addresses */ c( "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "others" | arg)) ( /* Payload Rate limit */ sc( "rate" arg /* Rate limit */ ) ).as(:oneline) ) ), "rate" ( /* Rate limit */ c( "sccp" arg /* Global SCCP messages rate limit */, "ssp" arg /* Global SSP messages rate limit */, "sst" arg /* Global SST messages rate limit */, "address" arg ( /* Rate limit for a list of IP addresses */ c( "sccp" arg /* SCCP messages rate limit */, "ssp" arg /* SSP messages rate limit */, "sst" arg /* SST messages rate limit */ ) ) ) ) ) ) ) ), "multichunk-inspection" ( /* Configure for SCTP multi chunks inspection */ c( c( "disable" /* Set multichunk inspection flag to disable */ ) ) ), "nullpdu" ( /* Configure for SCTP NULLPDU protocol value */ c( "protocol" ( /* SCTP NULLPDU payload protocol identifier */ c( c( "ID-0x0000" /* Set 0x0000 to be NULLPDU ID value */, "ID-0xFFFF" /* Set 0xFFFF to be NULLPDU ID value */ ) ) ) ) ), "log" enum(("configuration" | "rate-limit" | "association" | "data-message-drop" | "control-message-drop" | "control-message-all")) /* GPRS stream control transmission protocol logs */.as(:oneline), "traceoptions" ( /* Trace options for GPRS stream control transmission protocol */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "detail" | "flow" | "parser" | "chassis-cluster" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ) ) ), "ngfw" ( /* Next generation unified L4/L7 firewall */ c( "default-profile" ( /* Unified L4/L7 firewall default profile configuration */ c( "ssl-proxy" ( /* SSL proxy services */ c( "profile-name" arg /* Specify SSL proxy service profile name */ ) ), "application-traffic-control" ( /* Application traffic control services */ jsf_application_traffic_control_rule_set_type /* Application traffic control services */ ) ) ) ) ), "macsec" ( /* MAC Security configuration */ security_macsec /* MAC Security configuration */ ) ) ), # End of vSRX 18.3R1.9 "interfaces" ( /* Interface configuration */ c( "pic-set" arg ( /* NP bundling configuration */ c( "interface" arg /* One or more interfaces that use this picset */, "fpc" arg ( c( "pic" arg /* Physical Interface Card number */ ) ) ) ), "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") ( /* Logical interface set configuration */ c( "targeted-distribution" /* Interface participates in targeted-distribution */, "targeted-options" /* Targeting specific options */, "interface" arg ( /* One or more interfaces that belong to interface set */ c( "unit" arg /* One or more logical interface unit numbers */, "vlan-tags-outer" arg /* One or more outer VLAN tags */ ) ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ) ) ), "traceoptions" ( /* Interface trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "kernel" | "change-events" | "kernel-detail" | "config-states" | "resource-usage" | "gres-events" | "select-events" | "bfd-events" | "lib-events" | "reserved" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "informational" | "debugging" | "verbose" | "japi")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface-range" arg ( /* Interface ranges configuration */ c( "member" arg /* Interfaces belonging to the interface range */, "member-range" arg ( /* Interfaces range in to format */ sc( "end-range" ( interface_device ) ) ).as(:oneline), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */ ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "10g" | "40g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ) ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */ ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ service_set_syslog_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( ipaddr /* Source IP */, "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ) ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( ipaddr /* Dest IP */, "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ) ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( ipv6addr /* Source softwire IP */, "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ) ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( ipaddr /* Destination softwire IP */, "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ) ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ) ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.26" | "1568.16" | "1568.05" | "1567.95" | "1567.85" | "1567.75" | "1567.64" | "1567.54" | "1567.44" | "1567.34" | "1567.23" | "1567.13" | "1567.03" | "1566.93" | "1566.83" | "1566.72" | "1566.62" | "1566.52" | "1566.42" | "1566.31" | "1566.21" | "1566.11" | "1566.01" | "1565.90" | "1565.80" | "1565.70" | "1565.60" | "1565.50" | "1565.39" | "1565.29" | "1565.19" | "1565.09" | "1564.99" | "1564.88" | "1564.78" | "1564.68" | "1564.58" | "1564.47" | "1564.37" | "1564.27" | "1564.17" | "1564.07" | "1563.96" | "1563.86" | "1563.76" | "1563.66" | "1563.56" | "1563.45" | "1563.35" | "1563.25" | "1563.15" | "1563.05" | "1562.95" | "1562.84" | "1562.74" | "1562.64" | "1562.54" | "1562.44" | "1562.33" | "1562.23" | "1562.13" | "1562.03" | "1561.93" | "1561.83" | "1561.72" | "1561.62" | "1561.52" | "1561.42" | "1561.32" | "1561.22" | "1561.11" | "1561.01" | "1560.91" | "1560.81" | "1560.71" | "1560.61" | "1560.50" | "1560.40" | "1560.30" | "1560.20" | "1560.10" | "1560.00" | "1559.90" | "1559.79" | "1559.69" | "1559.59" | "1559.49" | "1559.39" | "1559.29" | "1559.19" | "1559.08" | "1558.98" | "1558.88" | "1558.78" | "1558.68" | "1558.58" | "1558.48" | "1558.38" | "1558.27" | "1558.17" | "1558.07" | "1557.97" | "1557.87" | "1557.77" | "1557.67" | "1557.57" | "1557.46" | "1557.36" | "1557.26" | "1557.16" | "1557.06" | "1556.96" | "1556.86" | "1556.76" | "1556.66" | "1556.55" | "1556.45" | "1556.35" | "1556.25" | "1556.15" | "1556.05" | "1555.95" | "1555.85" | "1555.75" | "1555.65" | "1555.55" | "1555.44" | "1555.34" | "1555.24" | "1555.14" | "1555.04" | "1554.94" | "1554.84" | "1554.74" | "1554.64" | "1554.54" | "1554.44" | "1554.34" | "1554.23" | "1554.13" | "1554.03" | "1553.93" | "1553.83" | "1553.73" | "1553.63" | "1553.53" | "1553.43" | "1553.33" | "1553.23" | "1553.13" | "1553.03" | "1552.93" | "1552.83" | "1552.73" | "1552.62" | "1552.52" | "1552.42" | "1552.32" | "1552.22" | "1552.12" | "1552.02" | "1551.92" | "1551.82" | "1551.72" | "1551.62" | "1551.52" | "1551.42" | "1551.32" | "1551.22" | "1551.12" | "1551.02" | "1550.92" | "1550.82" | "1550.72" | "1550.62" | "1550.52" | "1550.42" | "1550.32" | "1550.22" | "1550.12" | "1550.02" | "1549.92" | "1549.82" | "1549.72" | "1549.62" | "1549.52" | "1549.42" | "1549.32" | "1549.21" | "1549.11" | "1549.01" | "1548.91" | "1548.81" | "1548.71" | "1548.61" | "1548.51" | "1548.41" | "1548.31" | "1548.21" | "1548.11" | "1548.02" | "1547.92" | "1547.82" | "1547.72" | "1547.62" | "1547.52" | "1547.42" | "1547.32" | "1547.22" | "1547.12" | "1547.02" | "1546.92" | "1546.82" | "1546.72" | "1546.62" | "1546.52" | "1546.42" | "1546.32" | "1546.22" | "1546.12" | "1546.02" | "1545.92" | "1545.82" | "1545.72" | "1545.62" | "1545.52" | "1545.42" | "1545.32" | "1545.22" | "1545.12" | "1545.02" | "1544.92" | "1544.82" | "1544.72" | "1544.63" | "1544.53" | "1544.43" | "1544.33" | "1544.23" | "1544.13" | "1544.03" | "1543.93" | "1543.83" | "1543.73" | "1543.63" | "1543.53" | "1543.43" | "1543.33" | "1543.23" | "1543.13" | "1543.04" | "1542.94" | "1542.84" | "1542.74" | "1542.64" | "1542.54" | "1542.44" | "1542.34" | "1542.24" | "1542.14" | "1542.04" | "1541.94" | "1541.84" | "1541.75" | "1541.65" | "1541.55" | "1541.45" | "1541.35" | "1541.25" | "1541.15" | "1541.05" | "1540.95" | "1540.85" | "1540.76" | "1540.66" | "1540.56" | "1540.46" | "1540.36" | "1540.26" | "1540.16" | "1540.06" | "1539.96" | "1539.86" | "1539.77" | "1539.67" | "1539.57" | "1539.47" | "1539.37" | "1539.27" | "1539.17" | "1539.07" | "1538.98" | "1538.88" | "1538.78" | "1538.68" | "1538.58" | "1538.48" | "1538.38" | "1538.28" | "1538.19" | "1538.09" | "1537.99" | "1537.89" | "1537.79" | "1537.69" | "1537.59" | "1537.50" | "1537.40" | "1537.30" | "1537.20" | "1537.10" | "1537.00" | "1536.90" | "1536.81" | "1536.71" | "1536.61" | "1536.51" | "1536.41" | "1536.31" | "1536.22" | "1536.12" | "1536.02" | "1535.92" | "1535.82" | "1535.72" | "1535.63" | "1535.53" | "1535.43" | "1535.33" | "1535.23" | "1535.13" | "1535.04" | "1534.94" | "1534.84" | "1534.74" | "1534.64" | "1534.54" | "1534.45" | "1534.35" | "1534.25" | "1534.15" | "1534.05" | "1533.96" | "1533.86" | "1533.76" | "1533.66" | "1533.56" | "1533.47" | "1533.37" | "1533.27" | "1533.17" | "1533.07" | "1532.98" | "1532.88" | "1532.78" | "1532.68" | "1532.58" | "1532.49" | "1532.39" | "1532.29" | "1532.19" | "1532.09" | "1532.00" | "1531.90" | "1531.80" | "1531.70" | "1531.60" | "1531.51" | "1531.41" | "1531.31" | "1531.21" | "1531.12" | "1531.02" | "1530.92" | "1530.82" | "1530.72" | "1530.63" | "1530.53" | "1530.43" | "1530.33" | "1530.24" | "1530.14" | "1530.04" | "1529.94" | "1529.85" | "1529.75" | "1529.65" | "1529.55" | "1529.46" | "1529.36" | "1529.26" | "1529.16" | "1529.07" | "1528.97" | "1528.87" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25") ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ) ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP server mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec")) /* DHCPV6 client requested option configuration */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-propagation" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ), interfaces_type ) ), "multi-chassis" ( c( "mc-lag" ( c( "consistency-check" ( /* Consistency Check properties */ c( "traceoptions" ( /* Trace options for MCLAG_CFGCHK */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("error" | "event" | "packet" | "pipe" | "pipe-detail" | "all")) /* Trace flag information */.as(:oneline) ) ) ) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ) ) ), "jsrc-partition" ( /* JSRC partition configuration */ sc( arg ) ).as(:oneline), "snmp" ( /* Simple Network Management Protocol configuration */ c( "system-name" arg /* System name override */, "description" arg /* System description */, "location" arg /* Physical location of system */, "contact" arg /* Contact information for administrator */, "interface" ( /* Restrict SNMP requests to interfaces */ interface_name /* Restrict SNMP requests to interfaces */ ), "alarm-management" ( /* Alarm management */ c( "alarm-list-name" arg ( /* Alarm list name */ c( "alarm-id" arg ( /* Alarm id */ c( "alarm-state" arg ( /* Alarm model state, configure state value as 1 for clear alarm */ c( "notification-id" arg /* Notification id of alarm */, "varbind-index" arg /* Varbind index in alarm varbind list */, "varbind-value" arg /* Alarm varbind value */, "description" arg /* Alarm description */, "varbind-subtree" arg /* Alarm varbind subtree */, "resource-prefix" arg /* Alarm resource prefix */ ) ) ) ) ) ) ) ), "filter-interfaces" ( /* List of interfaces that needs to be filtered */ c( "interfaces" arg /* Filter specified interfaces */, "all-internal-interfaces" /* Filter all internal interfaces */ ) ), "if-count-with-filter-interfaces" /* Filter interfaces config for ifNumber and ipv6Interfaces */, "filter-duplicates" /* Filter requests with duplicate source address/port and request ID */, "nonvolatile" ( /* Configure the handling of nonvolatile SNMP Set requests */ c( "commit-delay" arg /* Delay between affirmative SNMP Set reply and start of commit */ ) ), "v3" ( /* SNMPv3 configuration information */ c( "usm" ( /* User-based security model (USM) information */ c( "local-engine" ( /* Local engine user configuration */ c( "user" ( /* SNMPv3 USM user information */ v3_user_config /* SNMPv3 USM user information */ ) ) ), "remote-engine" arg ( /* Remote engine user configuration */ c( "user" ( /* SNMPv3 USM user information */ v3_user_config /* SNMPv3 USM user information */ ) ) ) ) ), "vacm" ( /* View-based access control model (VACM) information */ c( "security-to-group" ( /* Assigns security names to group */ c( "security-model" enum(("usm" | "v1" | "v2c")) ( /* Security model context for group assignment */ c( "security-name" arg ( /* Security name to assign to group */ c( "group" arg /* Group to which to assign security name */ ) ) ) ) ) ), "access" ( /* Specify SNMP access limits */ c( "group" arg ( /* Group access configuration */ c( "default-context-prefix" ( /* Default context-prefix access configuration */ c( "security-model" ( /* Security model access configuration */ security_model_access /* Security model access configuration */ ) ) ), "context-prefix" arg ( /* Context-prefix access configuration */ c( "security-model" ( /* Security model access configuration */ security_model_access /* Security model access configuration */ ) ) ) ) ) ) ) ) ), "target-address" arg ( /* Identifies notification targets as well as allowed management stations */ c( "address" ( /* SNMP target address */ ipaddr /* SNMP target address */ ), "port" arg /* SNMP target port number */, "timeout" arg /* Acknowledgment timeout for confirmed SNMP notifications */, "retry-count" arg /* Maximum retry count for confirmed SNMP notifications */, "tag-list" arg /* SNMP tag list used to select target addresses */, "address-mask" ( /* Mask range of addresses for community string access control. */ ipaddr /* Mask range of addresses for community string access control. */ ), "routing-instance" arg /* Routing instance for trap destination */, "logical-system" arg /* Logical-system name for trap destination */, "target-parameters" arg /* SNMPv3 target parameter name in the target parameters table */ ) ), "target-parameters" arg ( /* Parameters and filter name used when sending notifications */ c( "parameters" ( /* Parameters used when sending notifications */ c( "message-processing-model" ( /* The message processing model to be used when generating SNMP notifications */ ("v1" | "v2c" | "v3") ), "security-model" ( /* Security-model used when generating SNMP notifications */ ("usm" | "v1" | "v2c") ), "security-level" ( /* Security-level used when generating SNMP notifications */ ("none" | "authentication" | "privacy") ), "security-name" arg /* Security name used when generating SNMP notifications */ ) ), "notify-filter" ( /* Notify filter to apply to notifications */ sc( arg ) ).as(:oneline) ) ), "notify" arg ( /* Used to select management targets for notifications as well as the type of notifications */ c( "type" ( /* Notification type */ ("trap" | "inform") ), "tag" arg /* Notifications will be sent to all targets configured with this tag */ ) ), "notify-filter" arg ( /* Filters to apply to SNMP notifications */ c( "oid" arg ( /* OID include/exclude list */ sc( c( "include" /* Include this OID in the notify filter */, "exclude" /* Exclude this OID from the notify filter */ ) ) ).as(:oneline) ) ), "snmp-community" arg ( /* SNMP community and view-based access control model configuration */ c( "community-name" ( /* SNMPv1/v2c community name (default is same as community-index) */ unreadable /* SNMPv1/v2c community name (default is same as community-index) */ ), "security-name" arg /* Security name used when performing access control */, "context" arg /* Context used when performing access control */, "tag" arg /* Tag identifier for set of targets allowed to use this community string */ ) ) ) ), "proxy" arg ( /* SNMP proxy configuration */ c( "device-name" arg /* Satellite/Proxied Device name or IP address */, c( "version-v1" ( /* For v1 proxy configuration define snmp-community */ comm_object /* For v1 proxy configuration define snmp-community */ ), "version-v2c" ( /* For v2c proxy configuration define snmp-community */ comm_object /* For v2c proxy configuration define snmp-community */ ), "version-v3" ( /* For v3 proxy configuration define security-name */ sec_object /* For v3 proxy configuration define security-name */ ) ), "routing-instance" arg /* Associate routing-instance name for proxy forwarding */, "logical-system" arg ( /* Associate logical-system name for proxy forwarding */ c( "routing-instance" arg /* Associate routing-instance name for proxy forwarding */ ) ) ) ), "subagent" ( /* SNMP subagent configuration */ c( "tcp" ( /* Allow SNMP subagent tcp connection */ c( "routing-instance" ( /* Specify routing-instance name for tcp connection */ c( "default" /* Allow connections over default routing-instance */ ) ) ) ) ) ), "engine-id" ( /* SNMPv3 engine ID */ c( c( "use-mac-address" /* Uses management interface MAC Address for the engine ID */, "use-default-ip-address" /* Use default IP address for the engine ID */, "local" arg /* Local engine ID */ ) ) ), "access" ( /* SNMPv3 access information */ c( "user" arg ( /* SNMPv3 USM user information */ c( "authentication-type" ( /* SNMPv3 USM authentication type */ ("none" | "md5" | "sha") ), "authentication-password" ( /* SNMPv3 USM authentication password */ unreadable /* SNMPv3 USM authentication password */ ), "privacy-type" ( /* SNMPv3 USM privacy type */ ("none" | "des") ), "privacy-password" ( /* SNMPv3 USM privacy password */ unreadable /* SNMPv3 USM privacy password */ ), "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ), "group" arg ( /* SNMPv3 USM group information */ c( "user" arg /* SNMPv3 USM username */, "model" ( /* SNMPv3 security model */ ("usm") ) ) ), "context" arg ( /* SNMPv3 context information */ c( "description" arg /* SNMPv3 context description */, "group" arg ( /* Access group */ c( "model" ( /* SNMPv3 security model */ ("usm") ), "security-level" ( /* SNMPv3 security level */ ("none" | "authentication" | "privacy") ), "read-view" arg /* Read view name */, "write-view" arg /* Write view name */ ) ) ) ) ) ), "view" arg ( /* Define MIB views */ c( "oid" arg ( /* OID include/exclude list */ sc( c( "include" /* Include this OID in the view */, "exclude" /* Exclude this OID from the view */ ) ) ).as(:oneline) ) ), "client-list" arg ( /* Client list */ c( client_address_object /* Client address list */ ) ), "community" arg ( /* Configure a community string */ c( "view" arg /* View name */, "authorization" ( /* Authorization type */ ("read-only" | "read-write") ), c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ), "routing-instances" arg ( /* Use logical-system/routing-instance for v1/v2c clients */ c( c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ) ), "routing-instance" arg ( /* Use routing-instance name for v1/v2c clients */ c( c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ) ), "logical-system" arg ( /* Use logical-system name for v1/v2c clients */ c( "routing-instance" arg ( /* Use routing-instance name for v1/v2c clients */ c( c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ) ) ) ) ) ), "trap-options" ( /* SNMP trap options */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ), "enterprise-oid" /* Add snmpTrapEnterprise oid in varbind of all traps */, "context-oid" /* Add context oid in varbind of all traps at the end */, "routing-instances" arg ( /* Use routing-instance name for source-address */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ) ) ), "routing-instance" arg ( /* Use routing-instance name for source-address */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ) ) ), "logical-system" arg ( /* Use logical-system name for source-address */ c( "routing-instance" arg ( /* Use routing-instance name for source-address */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ) ) ) ) ), "agent-address" ( /* Agent address for v1 trap PDUs */ ("outgoing-interface") ) ) ), "trap-group" arg ( /* Configure traps and notifications */ c( "version" ( /* SNMP version */ ("all" | "v1" | "v2") ), "destination-port" arg /* SNMP trap receiver port number */, "categories" ( /* Trap categories */ c( "authentication" /* Authentication failures */, "chassis" /* Chassis or environment notifications */, "link" /* Link up-down transitions */, "remote-operations" /* Remote operations */, "routing" /* Routing protocol notifications */, "startup" /* System warm and cold starts */, "ggsn" /* GGSN notifications */, "rmon-alarm" /* RMON rising and falling alarms */, "vrrp-events" /* VRRP notifications */, "configuration" /* Configuration notifications */, "services" /* Services notifications */, "chassis-cluster" /* Clustering notifications */, "timing-events" /* Timing defects/events notifications */, "dot3oam-events" /* 802.3ah notifications */, "sonet-alarms" ( /* SONET alarm trap subcategories */ c( "loss-of-light" /* Loss of light alarm notification */, "pll-lock" /* PLL lock alarm notification */, "loss-of-frame" /* Loss of frame alarm notification */, "loss-of-signal" /* Loss of signal alarm notification */, "severely-errored-frame" /* Severely errored frame alarm notification */, "line-ais" /* Line AIS alarm notification */, "path-ais" /* Path AIS alarm notification */, "loss-of-pointer" /* Loss of pointer alarm notification */, "ber-defect" /* Sonet bit error rate alarm defect notification */, "ber-fault" /* Sonet bit error rate alarm fault notification */, "line-remote-defect-indication" /* Line Remote Defect Indication alarm notification */, "path-remote-defect-indication" /* Path Remote Defect Indication alarm notification */, "remote-error-indication" /* Remote Error Indication alarm notification */, "unequipped" /* Unequipped alarm notification */, "path-mismatch" /* Path mismatch alarm notification */, "loss-of-cell" /* Loss of Cell delineation alarm notification */, "vt-ais" /* VT AIS alarm notification */, "vt-loss-of-pointer" /* VT Loss Of Pointer alarm notification */, "vt-remote-defect-indication" /* VT Remote Defect Indication alarm notification */, "vt-unequipped" /* VT Unequipped alarm notification */, "vt-label-mismatch" /* VT label mismatch error notification */, "vt-loss-of-cell" /* VT Loss of Cell delineation notification */ ) ), "otn-alarms" ( /* OTN alarm trap subcategories */ c( "oc-los" /* Loss of signal alarm notification */, "oc-lof" /* Loss of frame alarm notification */, "oc-lom" /* Loss of multiframe alarm notification */, "wavelength-lock" /* Wavelength lock alarm notification */, "otu-ais" /* OTU Alarm indication signal alarm notification */, "otu-bdi" /* OTU Backward defect indication alarm notification */, "otu-ttim" /* OTU Trace identification mismatch alarm notification */, "otu-iae" /* OTU Incoming alignment error alarm notification */, "otu-sd" /* OTU Signal degrade alarm notification */, "otu-sf" /* OTU Signal fail alarm notification */, "otu-fec-exe" /* OTU Fec excessive errors alarm notification */, "otu-fec-deg" /* OTU Fec degraded errors alarm notification */, "otu-bbe-threshold" /* OTU Background block error threshold alarm notification */, "otu-es-threshold" /* OTU Errored Second threshold alarm notification */, "otu-ses-threshold" /* OTU Severely Errored Second threshold alarm notification */, "otu-uas-threshold" /* OTU Unavailable Second threshold alarm notification */, "odu-ais" /* ODU Alarm indication signal alarm notification */, "odu-oci" /* ODU Open connection indicator alarm notification */, "odu-lck" /* ODU Locked alarm notification */, "odu-bdi" /* ODU Backward defect indication alarm notification */, "odu-ttim" /* ODU Trace identification mismatch alarm notification */, "odu-sd" /* ODU Signal degrade alarm notification */, "odu-sf" /* ODU Signal fail alarm notification */, "odu-rx-aps-change" /* ODU Receive APS change notification */, "odu-bbe-threshold" /* ODU Background block error threshold alarm notification */, "odu-es-threshold" /* ODU Errored Second threshold alarm notification */, "odu-ses-threshold" /* ODU Severely Errored Second threshold alarm notification */, "odu-uas-threshold" /* ODU Unavailable Second threshold alarm notification */, "opu-ptm" /* ODU Payload Type Mismatch alarm notification */ ) ) ) ), "targets" arg /* Targets for trap messages */.as(:oneline), "routing-instance" arg /* Routing instance for trap destination */, "logical-system" arg /* Logical-system name for trap destination */ ) ), "routing-instance-access" ( /* SNMP routing-instance options */ c( "access-list" arg ( /* Allow/Deny SNMP access to routing-instances */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ), "logical-system-trap-filter" /* Allow only logical-system specific traps */, "traceoptions" ( /* Trace options for SNMP */ c( "memory-trace" ( /* Memory tracing information */ c( "size" arg /* Memory size reserved for tracing */ ) ), "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("timer" | "protocol-timeouts" | "pdu" | "varbind-error" | "routing-socket" | "interface-stats" | "subagent" | "general" | "nonvolatile-sets" | "all")) /* Tracing parameters */.as(:oneline) ) ), "rmon" ( /* Remote Monitoring configuration */ c( "history" arg ( /* RMON history entries */ c( "interface" ( /* Enable RMON on this interface */ interface_name /* Enable RMON on this interface */ ), "bucket-size" arg /* Requested buckets for the interface */, "interval" arg /* Interval between samples */, "owner" arg /* Owner name of the entry */ ) ), "alarm" arg ( /* RMON alarm entries */ c( "description" arg /* General description of alarm (stored in alarmOwner) */, "interval" arg /* Interval between samples */, "falling-threshold-interval" arg /* Interval between samples during falling-threshold test */, "variable" arg /* OID of MIB variable to be monitored */, "sample-type" ( /* Method of sampling the selected variable */ ("absolute-value" | "delta-value") ), "request-type" ( /* Type of SNMP request to issue for alarm */ ("get-request" | "get-next-request" | "walk-request") ), "startup-alarm" ( /* The alarm that may be sent upon entry startup */ ("rising-alarm" | "falling-alarm" | "rising-or-falling-alarm") ), "rising-threshold" arg /* The rising threshold */, "falling-threshold" arg /* The falling threshold */, "rising-event-index" arg /* Event triggered after rising threshold is crossed */, "falling-event-index" arg /* Event triggered after falling threshold is crossed */, "syslog-subtag" arg /* Tag to be added to syslog messages */ ) ), "event" arg ( /* RMON event entries */ c( "description" arg /* General description of event */, "type" ( /* The type of notification for this event */ ("none" | "log" | "snmptrap" | "log-and-trap") ), "community" arg /* The community (trap group) for outgoing traps */ ) ) ) ), "health-monitor" ( /* Health monitoring configuration */ c( "routing-engine" ( /* Routing engine health monitoring configuration */ c( "cpu" ( /* CPU monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "memory" ( /* Memory monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "storage" ( /* Storage monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "temperature" ( /* Temperature monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */ ) ), "process-count" ( /* Process count monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "open-files-count" ( /* Open files count monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ), "traceoptions" ( /* Trace options for system health management process */ c( "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("configuration" | "memory" | "diagnostic" | "all")) /* Events or messages to include in the trace output */.as(:oneline) ) ) ) ), "interval" arg /* Interval between samples */, "rising-threshold" arg /* Rising threshold applied to all monitored objects */, "falling-threshold" arg /* Falling threshold applied to all monitored objects */, "idp" ( /* IDP health monitor configuration */ c( "interval" arg /* Interval between samples */, "rising-threshold" arg /* Rising threshold applied to all monitored objects */, "falling-threshold" arg /* Falling threshold applied to all monitored objects */ ) ) ) ), "arp" ( /* JVision ARP settings */ c( "host-name-resolution" /* Enable host name resolution */ ) ) ) ), "forwarding-options" ( /* Configure options to control packet forwarding */ juniper_forwarding_options /* Configure options to control packet forwarding */ ), "event-options" ( /* Event processing configuration */ c( "max-policies" arg /* Number of policies that can be executed simultaneously */, "generate-event" arg ( /* Generate an internal event */ sc( c( "time-of-day" ( /* Time of day at which to generate event (hh:mm:ss) */ time /* Time of day at which to generate event (hh:mm:ss) */ ), "time-interval" arg /* Frequency for generating the event */ ), "no-drift" /* Avoid event generation delay propagating to next event */ ) ).as(:oneline), "policy" arg ( /* Event policy for event policy manager */ c( "events" arg /* List of events that trigger this policy */, "within" arg ( /* List of events correlated with trigering events */ c( "trigger" ( /* Correlate events based on the number of occurrences */ sc( c( "until" /* Trigger when occurrences of triggering event < 'count' */, "on" /* Trigger when occurrences of triggering event = 'count' */, "after" /* Trigger when occurrences of triggering event > 'count' */ ), arg /* Number of occurrences of triggering event */ ) ).as(:oneline), "events" arg /* List of events that must occur within time interval */, "not" ( /* Events must not occur within time interval */ sc( "events" arg /* List of events that must not occur within time interval */ ) ).as(:oneline) ) ), "attributes-match" ( /* List of attributes to compare for two events */ s( arg, enum(("equals" | "starts-with" | "matches")), arg ) ).as(:oneline), "then" ( /* List of actions to perform when policy matches */ c( "ignore" /* Do not log event or perform any other action */, "priority-override" ( /* Change syslog priority value */ c( "facility" ( /* Facility type */ ("authorization" | "daemon" | "ftp" | "ntp" | "security" | "kernel" | "user" | "dfc" | "external" | "firewall" | "pfe" | "conflict-log" | "change-log" | "interactive-commands") ), "severity" ( /* Severity type */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info") ) ) ), "upload" ( /* Upload file to specified destination */ s( "filename" arg /* Name of file to upload */, "destination" arg /* Location to which to output file */, c( "user-name" arg /* User under whose privileges upload action will execute */, "transfer-delay" arg /* Delay before uploading file to the destination */, "retry-count" ( /* Upload output-filename retry attempt count */ sc( arg, "retry-interval" arg /* Time interval between each retry */ ) ).as(:oneline) ) ) ), "change-configuration" ( /* Change configuration */ c( "retry" ( /* Change configuration retry attempt count */ sc( "count" arg /* Number of retry attempts */, "interval" arg /* Time interval between each retry */ ) ).as(:oneline), "commands" arg /* List of configuration commands */, "user-name" arg /* User under whose privileges configuration should be changed */, "commit-options" ( /* List of commit options */ c( "check" ( /* Check correctness of syntax; do not apply changes */ c( "synchronize" /* Synchronize commit on both Routing Engines */ ) ), "synchronize" /* Synchronize commit on both Routing Engines */, "force" /* Force commit on other Routing Engine (ignore warnings) */, "log" arg /* Message to write to commit log */ ) ) ) ), "execute-commands" ( /* Issue one or more CLI commands */ c( "commands" arg /* List of CLI commands to issue */, "user-name" arg /* User under whose privileges command will execute */, "output-filename" arg /* Name of file in which to write command output */, "destination" arg ( /* Location to which to upload command output */ c( "transfer-delay" arg /* Delay before uploading file to the destination */, "retry-count" ( /* Upload output-filename retry attempt count */ sc( arg, "retry-interval" arg /* Time interval between each retry */ ) ).as(:oneline) ) ), "output-format" ( /* Format of output from CLI commands */ ("text" | "xml") ) ) ), "event-script" arg ( /* Invoke event scripts */ c( "arguments" arg ( /* Command line argument to the script */ sc( arg /* Value of the argument */ ) ).as(:oneline), "user-name" arg /* User under whose privileges event script will execute */, "output-filename" arg /* Name of file in which to write event script output */, "destination" arg ( /* Location to which to upload event script output */ c( "transfer-delay" arg /* Delay before uploading files */, "retry-count" ( /* Upload output-filename retry attempt count */ sc( arg, "retry-interval" arg /* Time interval between each retry */ ) ).as(:oneline) ) ), "output-format" ( /* Format of output from event-script */ ("text" | "xml") ) ) ), "raise-trap" /* Raise SNMP trap */ ) ) ) ), "event-script" ( /* Configure event-scripts */ c( "optional" /* Allow commit to succeed if the script is missing */, "max-datasize" arg /* Maximum data segment size for scripts execution */, "dampen" ( /* Run event scripts in dampen mode */ c( "dampen-options" ( /* Dampen options for event scripts */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "traceoptions" ( /* Trace options for event scripts */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("events" | "input" | "offline" | "output" | "rpc" | "xslt" | "all")) /* Tracing parameters */.as(:oneline) ) ), "file" arg ( /* File name for event script */ c( "source" arg /* URL of source for this script */, "python-script-user" arg /* Run the python event script with privileges of user */, "dampen" ( /* Run script in dampen mode */ c( "dampen-options" ( /* Dampen options for the script */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "checksum" ( /* Checksum of this script */ c( "md5" arg /* MD5 checksum of this script */, "sha1" arg /* SHA1 checksum of this script */, "sha-256" arg /* SHA-256 checksum of this script */ ) ), "remote-execution" arg ( /* Remote login username and password details for script */ c( "username" arg /* SSH username for login into the remote host */, "passphrase" ( /* SSH passphrase for login into the remote host */ unreadable /* SSH passphrase for login into the remote host */ ) ) ) ) ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */ ) ), "destinations" arg ( /* List of destinations referred to in 'then' clause */ c( "transfer-delay" arg /* Delay before transferring files */, "archive-sites" arg ( /* List of archive destinations */ sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ) ) ).as(:oneline) ) ), "traceoptions" ( /* Trace options for the event processing daemon */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("server" | "configuration" | "events" | "timer-events" | "database" | "policy" | "registration" | "syslogd" | "all")) /* List of event types to include in trace */.as(:oneline) ) ), "redundancy-event" ( /* Events for policies to take action on */ srd_events_object /* Events for policies to take action on */ ) ) ), "accounting-options" ( /* Accounting data configuration */ juniper_accounting_options /* Accounting data configuration */ ), "routing-options" ( /* Protocol-independent routing option configuration */ juniper_routing_options /* Protocol-independent routing option configuration */ ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "protocols" ( /* Routing protocol configuration */ juniper_protocols /* Routing protocol configuration */ ), "policy-options" ( /* Policy option configuration */ juniper_policy_options /* Policy option configuration */ ), "class-of-service" ( /* Class-of-service configuration */ juniper_class_of_service_options /* Class-of-service configuration */ ), "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "dialer-filter" ( /* Define an IPv4 dialer filter */ inet_dialer_filter /* Define an IPv4 dialer filter */ ), "prefix-action" ( /* Define a prefix action */ prefix_action /* Define a prefix action */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ), "template" ( /* Define an Inet firewall template */ inet_template /* Define an Inet firewall template */ ), "simple-filter" ( /* Define an IPv4 firewall simple filter */ inet_simple_filter /* Define an IPv4 firewall simple filter */ ), "service-filter" ( /* One or more IPv4 service filters */ inet_service_filter /* One or more IPv4 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet_fuf /* One or more fast update filters */ ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "dialer-filter" ( /* Define an IPv6 dialer filter */ inet6_dialer_filter /* Define an IPv6 dialer filter */ ), "filter" ( /* Define an IPv6 firewall filter */ inet6_filter /* Define an IPv6 firewall filter */ ), "service-filter" ( /* One or more IPv6 service filters */ inet6_service_filter /* One or more IPv6 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet6_fuf /* One or more fast update filters */ ), "template" ( /* Define an Inet6 firewall template */ inet6_template /* Define an Inet6 firewall template */ ) ) ), "mpls" ( /* Protocol family MPLS for firewall filter */ c( "dialer-filter" ( /* Define an mpls dialer filter */ mpls_dialer_filter /* Define an mpls dialer filter */ ), "filter" ( mpls_filter ), "template" ( /* Define an MPLS firewall template */ mpls_template /* Define an MPLS firewall template */ ) ) ), "vpls" ( /* Protocol family VPLS for firewall filter */ c( "filter" ( vpls_filter ) ) ), "evpn" ( /* Protocol family EVPN for firewall filter */ c( "filter" ( vpls_filter ) ) ), "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( bridge_filter ) ) ), "ccc" ( /* Protocol family CCC for firewall filter */ c( "filter" ( ccc_filter ) ) ), "any" ( /* Protocol-independent filter */ c( "filter" ( /* Define a protocol independent filter */ any_filter /* Define a protocol independent filter */ ), "template" ( /* Define Protocol independent filter template */ any_template /* Define Protocol independent filter template */ ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ es_filter /* Define an Ethernet Switching firewall filter */ ), "template" ( /* Define an ethernet switching firewall template */ es_template /* Define an ethernet switching firewall template */ ) ) ) ) ), "policer" ( /* Policer template definition */ firewall_policer /* Policer template definition */ ), "flexible-match" ( /* Flexible packet match template definition */ firewall_flexible_match /* Flexible packet match template definition */ ), "tunnel-end-point" ( /* Tunnel end-point template definition */ tunnel_end_point /* Tunnel end-point template definition */ ), "hierarchical-policer" ( /* Hierarchical policer template definition */ firewall_hierpolicer /* Hierarchical policer template definition */ ), "interface-set" ( /* Interface set definition */ interface_set_type /* Interface set definition */ ), "load-balance-group" ( /* Load-balance group definition */ firewall_load_balance_group /* Load-balance group definition */ ), "atm-policer" ( /* Atm policer */ atm_policer_type /* Atm policer */ ), "three-color-policer" ( /* Three-color policer */ three_color_policer_type /* Three-color policer */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ) ) ), "access" ( /* Network access configuration */ juniper_access_options /* Network access configuration */ ), "routing-instances" ( /* Routing instance configuration */ c( juniper_routing_instance ) ), "bridge-domains" ( /* Bridge domain configuration */ c( juniper_bridge_domains ) ), "fabric" ( /* Fabric configuration */ c( "routing-instances" ( /* Routing instance configuration */ c( juniper_fabric_routing_instance ) ), "routing-options" ( /* Fabric routing option configuration */ juniper_fabric_routing_options /* Fabric routing option configuration */ ), "protocols" ( /* Routing protocol configuration */ c( "bgp" ( /* BGP options */ juniper_protocols_bgp /* BGP options */ ) ) ), "virtual-chassis" ( /* Virtual chassis configuration */ c( "flow-groups" ( /* Flow groups */ c( flow_group_type, "node-device" arg ( /* Node device */ c( "interconnect-device" arg ( /* Interconnect device */ c( "preference" ( /* Preference metric for link */ ("high" | "normal" | "never") ) ) ) ) ) ) ), "traceoptions" ( juniper_virtual_chassis_traceoptions ) ) ) ) ), "switch-options" ( /* Options for default routing-instance of type virtual-switch */ juniper_def_rtb_switch_options /* Options for default routing-instance of type virtual-switch */ ), "unified-edge" ( /* Unified edge configuration */ c( "cos-cac" ( /* Unified Edge COS configuration */ juniper_unified_edge_cos_options /* Unified Edge COS configuration */ ), "local-policies" arg ( /* Local policy profiles */ c( "description" arg /* Text description of local policy */, "resource-threshold-profile" arg /* Resource threshold profile associated with the local policy */, "classifier-profile" arg /* QoS class profile associated with the local policy */, "cos-policy-profile" arg /* QoS policy profile associated with the local policy */, "roamer-classifier-profile" arg /* QoS classifier profile for roamers */, "roamer-cos-policy-profile" arg /* QoS policy profile for roamers */, "visitor-classifier-profile" arg /* QoS classifier profile for visitor */, "visitor-cos-policy-profile" arg /* QoS policy profile for visitor */, "traffic-class-qci-mapping-profile" arg /* Traffic class to qci mapping profile */, "ul-bandwidth-pool" arg /* Bandwidth pool associated with the local policy */, "dl-bandwidth-pool" arg /* Bandwidth pool associated with the local policy */ ) ), "aaa" ( /* AAA configuration */ c( "traceoptions" ( aaa_traceoptions ), "profiles" ( /* AAA profile configuration */ aaa_profile /* AAA profile configuration */ ) ) ), "diameter-profiles" ( /* Unified Edge Diameter application configurations */ mobile_diameter_profiles /* Unified Edge Diameter application configurations */ ), "gateways" ( /* Gateways configuration */ c( "ggsn-pgw" arg ( /* GGSN-PGW Configuration */ c( "service-mode" ( /* Service mode */ ("maintenance") ), "maximum-bearers" arg /* Maximum bearers for the GW */, "session-timeout-check-interval" arg /* Session timeout checking interval in minutes */, "redirect-timeout" arg /* Delay before a redirected session is deleted */, "local-policy-profile" arg /* Local profile for the system level */, "pfes" ( /* PFE Configuration */ c( "guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "maximum-bearers" arg /* PFE maximum bearers */, "default-bearers-percentage" arg /* PFE default bearer percentage */, "ipv4-nbm-prefixes" arg /* PFE IPv4 prefixes limit for NBM */, "ipv6-nbm-prefixes" arg /* PFE IPv6 prefixes limit for NBM */, "maximum-sdfs" arg /* PFE maximum SDFs */ ) ), "anchor-pfe-guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "anchor-pfe-maximum-bearers" arg /* PFE maximum bearers */, "anchor-pfe-default-bearers-percentage" arg /* PFE default bearer percentage */, "anchor-pfe-ipv4-nbm-prefixes" arg /* PFE IPv4 prefixes limit for NBM */, "anchor-pfe-ipv6-nbm-prefixes" arg /* PFE IPv6 prefixes limit for NBM */, "preemption" ( /* Pre-Emption configuration */ c( "enable" /* Preemption-enabled - default is disabled */, "gtpv1-pvi-disable" /* Preemption Vulnerability indicator disabled - default is Enabled */, "gtpv1-pci-disable" /* Preemption Capability indicator disabled - default is Enabled */ ) ), "gtp" ( /* GTP configuration */ mobile_gateway_config_gtp /* GTP configuration */ ), "home-plmn" ( /* Configure home PLMN MCC MNC values */ c( "mcc" ( /* Enter MCC value */ s( arg, "mnc" arg /* Mobile network code */ ) ) ) ), "traceoptions" ( /* Trace options related to mobile subscriber management */ mobile_smd_traceoptions /* Trace options related to mobile subscriber management */ ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "service-selection-profiles" arg ( /* Profile definition */ c( "term" arg ( /* Define a selection term */ c( "from" ( /* Define match criteria */ c( "imsi" arg /* Match IMSI */, "msisdn" arg /* Match MSISDN */, "imei" arg /* Match IMEI */, "anonymous-user" /* Match anonymous users */, "domain-name" arg /* Match domain name */, "roaming-status" ( /* Match roaming status */ ("home" | "roamer" | "visitor") ), "plmn" ( /* Match PLMN MCC MNC values */ c( "mcc" ( /* Enter MCC value */ s( arg, "mnc" arg /* Mobile network code */ ) ), "except" /* Except the specified plmns */ ) ), "charging-characteristics" arg /* Match charging characteristics */, "maximum-bearers" arg /* Maximum bearers in the gateway */, "peer" ( /* IP address of the peer creating the session */ ipaddr /* IP address of the peer creating the session */ ), "peer-routing-instance" arg /* Routing instance of the peer creating the session */, "pdn-type" ( /* Match pdn type */ ("ipv4" | "ipv6" | "ipv4v6") ), "rat-type" ( /* Radio Access Technology Type */ ("geran" | "utran" | "eutran" | "wlan" | "hspa") ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "redirect-peer" arg /* IP address of the redirect peer */.as(:oneline), "accept" /* Stop matching futher terms and accept */, "reject" /* Reject the connection attempt */, "apn-name" arg /* Real APN name */, "pcef-profile" arg /* PCEF profile for service selection profile */, "charging-profile" arg /* Charging profile for service selection profile */ ) ) ) ) ) ), "apn-services" ( /* Apn services configuration */ ggsn_pgw_apn_services /* Apn services configuration */ ), "system" ( /* System parameters */ unified_edge_ggsn_pgw_system /* System parameters */ ), "diameter" ( /* Diameter protocol parameters specific to gateway */ unified_edge_gateway_diameter /* Diameter protocol parameters specific to gateway */ ), "charging" ( /* PGW charging profile definitions */ c( "traceoptions" ( /* Charging trace options */ charging_traceoptions /* Charging trace options */ ), "charging-profiles" ( /* Charging profile */ c( juniper_charging_profiles ) ), "transport-profiles" ( /* Transport profile definition */ c( juniper_transport_profiles ) ), "cdr-profiles" ( /* CDR profiles definition */ c( juniper_cdr_profiles /* CDR profile definition */ ) ), "trigger-profiles" ( /* Trigger profile definition */ c( juniper_trigger_profiles ) ), "local-persistent-storage-options" ( /* Local persistent storage configuration */ juniper_charged_configuraton /* Local persistent storage configuration */ ), "gtpp" ( /* Configuration for GTPP protocol for charging */ c( "source-interface" ( /* Source interface from which GTPP packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "destination-port" arg /* Destination port number of the CGF Server */, "n3-requests" arg /* Number of retries of GTPP messages upon timeout */, "transport-protocol" ( /* Default Transport protocol(udp/tcp) used */ ("udp" | "tcp") ), "version" ( /* GTPP version V0|V1|V2 */ ("v0" | "v1" | "v2") ), "echo-interval" arg /* GTPP echo-interval in seconds */, "no-path-management" /* Disables path management */, "t3-response" arg /* Response timeout value for GTPP request message */, "header-type" ( /* GTPP protocol header type short|long */ ("short" | "long") ), "pending-queue-size" arg /* Maximum number of DRT messages awaiting an ack */, "down-detect-time" arg /* Time (in sec) to wait before declaring a CGF as Down */, "reconnect-time" arg /* Time (in sec) after which connection to the CGF server should be retried */, "peer" ( /* GTPP peer object */ gtpp_peer /* GTPP peer object */ ) ) ), "diameter-avp-profiles" ( /* Diameter AVP profile definition */ c( juniper_diameter_avp_profiles /* Diameter AVP profile attribute definition */ ) ) ) ), "ip-reassembly-profile" ( /* IP reassembly profile for mobile gateways */ c( arg ) ), "ipv6-router-advertisement" ( /* IPv6 router advertisement configuration for GGSN/PGW */ mobile_gateways_ipv6_router_advertisement /* IPv6 router advertisement configuration for GGSN/PGW */ ), "software-datapath" ( /* Mobility software datapath options */ c( "traceoptions" ( /* Mobility software datapath trace options */ software_datapath_traceoptions /* Mobility software datapath trace options */ ) ) ), "inline-services" ( /* Inline services */ c( "ip-reassembly" ( /* IP reassembly */ c( "service-set" ( /* Inline IP reassembly service set for mobile gateways */ c( arg ) ) ) ) ) ) ) ), "sgw" arg ( /* Serving Gateway Configuration */ c( "service-mode" ( /* Service mode */ ("maintenance") ), "maximum-bearers" arg /* Maximum bearers for the GW */, "local-policy-profile" arg /* Local profile for the system level */, "pfes" ( /* PFE Configuration */ c( "guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "maximum-bearers" arg /* PFE maximum bearers */, "default-bearers-percentage" arg /* PFE default bearer percentage */ ) ), "anchor-pfe-guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "anchor-pfe-maximum-bearers" arg /* PFE maximum bearers */, "anchor-pfe-default-bearers-percentage" arg /* PFE default bearer percentage */, "preemption" ( /* Pre-Emption configuration */ c( "enable" /* Preemption-enabled - default is disabled */ ) ), "remote-delete-on-peer-fail" /* Send delete towards remote peer if other peer fails */, "gtp" ( /* GTP configuration */ sgw_config_gtp /* GTP configuration */ ), "home-plmn" ( /* Configure home PLMN MCC MNC values */ c( "mcc" ( /* Enter MCC value */ s( arg, "mnc" arg /* Mobile network code */ ) ) ) ), "traceoptions" ( /* Trace options related to mobile subscriber management */ mobile_smd_traceoptions /* Trace options related to mobile subscriber management */ ), "call-rate-statistics" ( /* Call rate statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "system" ( /* System parameters */ unified_edge_sgw_system /* System parameters */ ), "charging" ( /* SGW charging profile definitions */ c( "traceoptions" ( /* Charging trace options */ charging_traceoptions /* Charging trace options */ ), "charging-profiles" ( /* Charging profile */ c( juniper_charging_profiles ) ), "transport-profiles" ( /* Transport profile definition */ c( juniper_transport_profiles ) ), "cdr-profiles" ( /* CDR profiles definition */ c( juniper_cdr_profiles /* CDR profile definition */ ) ), "trigger-profiles" ( /* Trigger profile definition */ c( juniper_trigger_profiles ) ), "local-persistent-storage-options" ( /* Local persistent storage configuration */ juniper_charged_configuraton /* Local persistent storage configuration */ ), "gtpp" ( /* Configuration for GTPP protocol for charging */ c( "source-interface" ( /* Source interface from which GTPP packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "destination-port" arg /* Destination port number of the CGF Server */, "n3-requests" arg /* Number of retries of GTPP messages upon timeout */, "transport-protocol" ( /* Default Transport protocol(udp/tcp) used */ ("udp" | "tcp") ), "version" ( /* GTPP version V0|V1|V2 */ ("v0" | "v1" | "v2") ), "echo-interval" arg /* GTPP echo-interval in seconds */, "no-path-management" /* Disables path management */, "t3-response" arg /* Response timeout value for GTPP request message */, "header-type" ( /* GTPP protocol header type short|long */ ("short" | "long") ), "pending-queue-size" arg /* Maximum number of DRT messages awaiting an ack */, "down-detect-time" arg /* Time (in sec) to wait before declaring a CGF as Down */, "reconnect-time" arg /* Time (in sec) after which connection to the CGF server should be retried */, "peer" ( /* GTPP peer object */ gtpp_peer /* GTPP peer object */ ) ) ), "global-profile" ( /* Global charging profiles */ c( "default-profile" arg /* Global charging profile for SGW */, "home-profile" arg /* Global home profile for SGW */, "roamer-profile" arg /* Global roamer profile for SGW */, "visitor-profile" arg /* Global visitor profile for SGW */, "profile-selection-order" ( /* Global charging profile selection order */ ("static" | "serving" | "pgw-cg-addr") ) ) ) ) ), "ip-reassembly-profile" ( /* IP reassembly profile for mobile gateways */ c( arg ) ), "idle-mode-buffering" ( /* Idle mode buffering */ sgw_idle_mode_buffering /* Idle mode buffering */ ), "software-datapath" ( /* Mobility software datapath options */ c( "traceoptions" ( /* Mobility software datapath trace options */ software_datapath_traceoptions /* Mobility software datapath trace options */ ) ) ), "inline-services" ( /* Inline services */ c( "ip-reassembly" ( /* IP reassembly */ c( "service-set" ( /* Inline IP reassembly service set for mobile gateways */ c( arg ) ) ) ) ) ) ) ), "tdf" ( /* Traffic Detection Function Configuration */ unified_edge_tdf /* Traffic Detection Function Configuration */ ) ) ), "mobile-options" ( /* Mobile options */ unified_edge_mobile_options /* Mobile options */ ), "pcef" ( /* PCEF configuration */ unified_edge_pcef /* PCEF configuration */ ), "resource-management" ( /* Configure Resource Mangement Packet Steering Daemon */ c( "server" ( /* Configure Resource Mangement Packet Steering Daemon */ c( "traceoptions" ( /* Resource Management Packet Steering Daemon trace options */ rmpsd_traceoptions_type /* Resource Management Packet Steering Daemon trace options */ ) ) ), "client" ( /* Configure Resource Mangement Packet Steering Client */ c( "traceoptions" ( /* Resource Management Packet Steering Client trace options */ rmps_clnt_traceoptions_type /* Resource Management Packet Steering Client trace options */ ) ) ) ) ) ) ), "jsrc" ( /* JSRC partition configuration */ jsrc_options /* JSRC partition configuration */ ), "vmhost" ( /* VM Host configurations */ c( "no-auto-recovery" /* Disable Guest auto recovery by the host */, "management-if" ( /* Configuration for the host's side management interface */ c( "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("automatic" | "10m" | "100m" | "1g") ), "disable" /* Administratively disable the management port */ ) ) ) ), "applications" ( /* Define applications by protocol characteristics */ c( "application" ( /* Define an application */ application_object /* Define an application */ ), "application-set" ( /* Define an application set */ application_set_object /* Define an application set */ ) ) ), "diameter" ( /* Diameter protocol layer */ c( "origin" ( /* Origin attributes of this diameter instance */ c( "realm" arg /* Origin realm of this diameter instance */, "host" arg /* Origin hostof this diameter instance */ ) ), "network-element" arg ( /* Network element of this diameter instance */ c( "dne-origin" ( /* Optional origin filter of this networkd element */ c( "realm" arg /* Origin realm of this network element */, "host" arg /* Optional origin host of this network element */ ) ), "function" ( /* Diameter function associated with by this network element */ ("jsrc" | "packet-triggered-subscribers" | "gx-plus" | "sd-3gpp" | "nasreq" | "pcrf" | "ocs") ), "peer" arg ( /* Peer associated with this network element */ c( "priority" arg /* Peer priority with this network element */ ) ), "forwarding" ( /* Forwarding configuration for this network-element */ c( "route" arg ( /* Routes associated with this network-element */ c( "function" ( /* Diameter function and partition associated with route */ sc( c( "jsrc" /* Function to use SRC application */, "packet-triggered-subscribers" /* Function to control packet-triggered subscribers */, "gx-plus" /* Function to use GX-PLUS application */, "sd-3gpp" /* Function to use SD-3GPP application */, "nasreq" /* Function to use NASREQ application */, "pcrf" /* Function to use PCRF(GX) application */, "ocs" /* Function to use OCS(GY) application */ ), "partition" arg /* Diameter function partition name */ ) ).as(:oneline), "destination" ( /* Destination for this route */ sc( "realm" arg /* Diameter destination realm */, "host" arg /* Diameter destination host */ ) ).as(:oneline), "metric" arg /* Metric for this route */ ) ) ) ) ) ), "transport" arg ( /* Diameter transport configuration */ c( "address" ( /* Source IP address for a peer */ ipaddr /* Source IP address for a peer */ ), c( "logical-system" ( /* Logical system to be used by transport */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used by transport */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ), "peer" arg ( /* Diameter peer configuration */ c( "address" ( /* IP Address of Diameter peer */ ipaddr /* IP Address of Diameter peer */ ), "send-origin-state-id" /* Include origin-state-id in peer messages */, c( "logical-system" ( /* Logical system to be used by transport */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used by transport */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ), "connect-actively" ( c( "transport" arg /* Name of transport */, "port" arg /* Peer port */ ) ), "peer-origin" ( /* Optional origin attributes of this diameter peer */ c( "realm" arg /* Origin realm of this diameter peer */, "host" arg /* Origin host of this diameter peer */ ) ) ) ) ) ), "poe" ( /* Power over Ethernet options */ c( "management" ( /* Power management mode for Power over Ethernet */ ("static" | "class" | "high-power") ), "guard-band" arg /* Guard band for Power over Ethernet */, "notification-control" ( /* Notification control for Power over Ethernet traps */ c( "fpc" arg ( /* FPC slot number */ c( "disable" /* Disable Power over Ethernet notification */ ) ) ) ), "lldp-priority" /* PoE controller LLDP priority */, "interface" ("all" | "all-extended" | arg) ( /* Interface configuration for Power over Ethernet */ c( "disable" /* Disable interface */, "priority" ( /* Priority options */ ("low" | "high") ), "maximum-power" arg /* Maximum power */, "telemetries" ( /* Telemetries settings */ c( "disable" /* Disable telemetries */, "interval" arg /* Interval at which data should be recorded */, "duration" arg /* Duration to continue recording of data */ ) ), "fourpair-poe" /* Enable 4Pair PoE interface upto 60W */, "ultrahigh-poe" /* Enable Ultra High PoE interface upto 90W */ ) ) ) ), "session-limit-group" arg ( sc( "maximum-sessions" arg /* Maximum number of sessions per tunnel-group */ ) ).as(:oneline), "virtual-chassis" ( /* Virtual chassis configuration */ c( "auto-sw-update" ( /* Auto software update */ c( "package-name" arg /* URL or pathname of software package */, "ex-4200" ( /* URL or pathname of EX-42xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "ex-4500" ( /* URL or pathname of EX-45xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "ex-4300" ( /* URL or pathname of EX-43xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "ex-4600" ( /* URL or pathname of EX-46xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "qfx-3" ( /* URL or pathname of qfx-3 software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "qfx-5" ( /* URL or pathname of qfx-5 software package */ c( "package-name" arg /* URL or pathname of software package */ ) ) ) ), c( "preprovisioned" /* Only accept preprovisioned members */, "auto-provisioned" /* Add and configure new line-card members automatically */ ), "id" ( /* Virtual chassis identifier, of type ISO system-id */ isosysid /* Virtual chassis identifier, of type ISO system-id */ ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable") ) ), "no-split-detection" /* Disable split detection. This command is recommended to only be enabled in a 2 member setup */, "traceoptions" ( juniper_virtual_chassis_traceoptions ), "heartbeat-timeout" arg /* Member's timeout period for receiving a heartbeat packet */, "heartbeat-address" ( /* Peer member's IP address for sending heartbeat packet */ ipaddr /* Peer member's IP address for sending heartbeat packet */ ), "heartbeat-tos" arg /* IPv4 TOS/DS or IPv6 TC octet for heartbeat packet */, "locality-bias" /* Bias transit packets to egress local chassis of Virtual-Chassis */, "member" arg ( /* Member of virtual chassis configuration */ c( "mastership-priority" arg /* Member's mastership priority */, "fabric-tree-root" /* Member's participation as root of multicast distribution tree */, "role" ( /* Member's role */ ("routing-engine" | "line-card") ), "serial-number" arg /* Member's serial number */, "no-management-vlan" /* Disable management VLAN */, "location" arg /* Member's location */ ) ), "aliases" ( /* Aliases for serial numbers */ c( "serial-number" arg ( /* Set alias for a serial number */ c( "alias-name" arg /* Provide an alias name for this serial-number */ ) ) ) ), "mac-persistence-timer" ( /* How long to retain MAC address when member leaves virtual chassis */ c( arg, "disable" /* Disable MAC persistence timer */ ) ), "fast-failover" ( /* Fast failover mechanism */ c( "ge" /* Fast failover on GE VC uplink ports (ring has to be formed) */, "xe" /* Fast failover on XE VC uplink ports (ring has to be formed) */, "et" /* Fast failover on ET VC uplink ports (ring has to be formed) */, "vcp" ( /* Fast failover on VCP ports */ c( "disable" /* Disable */ ) ) ) ), "vc-port" ( /* Set vc ports lag hashing mode */ c( "lag-hash" ( /* Set vc ports lag hashing mode */ ("packet-based" | "source-port-based") ) ) ), "vcp-no-hold-time" /* Set no hold time for vcp interfaces */ ) ), "ethernet-switching-options" ( juniper_ethernet_options ), "vlans" ( /* VLAN configuration */ c( vlan_types /* Virtual LAN */ ) ) ) end rule(:aaa_profile) do arg.as(:arg) ( c( "radius" ( /* Specify RADIUS options */ aaa_profile_radius /* Specify RADIUS options */ ) ) ) end rule(:aaa_profile_radius) do c( "authentication" ( /* Specify RADIUS authentication parameters */ c( "network-element" arg /* The network-element used for authentication */ ) ), "accounting" ( /* Specify RADIUS accounting parameters */ c( "network-element" arg /* The network-element used for accounting */ ) ), "policy" ( /* Specify RADIUS policy parameters */ c( "activation-attribute" ( /* Configure the attribute used for policy activation */ c( "code" arg /* Attribute code */, "vendor-id" arg /* Attribute vendor-id */ ) ), "deactivation-attribute" ( /* Configure the attribute used for policy deactivation */ c( "code" arg /* Attribute code */, "vendor-id" arg /* Attribute vendor-id */ ) ), "coa-accounting" ( /* Allow/disallow accounting to the CoA server */ ("allow" | "disallow") ) ) ) ) end rule(:aaa_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "general" | "request" | "response" | "high-availability" | "debug" | "request-in" | "request-out" | "response-in" | "response-out" | "client-request-in" | "client-request-out" | "all")) /* Tracing parameters */.as(:oneline), "protocol" enum(("radius" | "diameter" | "all")) /* AAA Protocol to trace */.as(:oneline) ) end rule(:aacl_rule_object) do arg.as(:arg) ( c( "dynamic" /* Make rule dynamic */, "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* One or more terms in AACL rule */ c( "from" ( /* Match criteria */ aacl_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "count" ( /* Count packets by application or Application group */ ("none" | "application" | "application-group" | "application-group-any" | "nested-application") ), "log" ( /* Log session information for this application match */ ("none" | "session-start" | "session-start-end" | "session-start-end-no-stats" | "session-start-interim-end" | "session-interim-end" | "session-end") ), "police" arg /* Policer name */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */ ) ) ) ) ) ) ) end rule(:aacl_match_object) do c( "source-address" ( /* Match IP source address */ sfw_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ sfw_addr_object /* Match IP destination address */ ), "source-address-range" ( /* Match IP source address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "source-prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), c( "application-group-any" /* Use to wildcard or match any application group */, "application-unknown" /* Use to specify unknown application as the match criteria. */, "nested-application-unknown" /* Use to specify unknown nested application as the match criteria. */, "applications" arg /* Match one or more applications */, "nested-applications" arg /* Match one or more nested-applications */, "application-groups" arg /* Match one or more applications */ ) ) end rule(:advisory_options_type) do c( "upstream-rate" arg /* Recommended upstream shaping rate */, "downstream-rate" arg /* Recommended downstream shaping rate */ ) end rule(:aggregate_load_balance) do c( c( "per-packet" /* Per packet */, "no-adaptive" /* Disable adaptive */, "adaptive" ( /* Enable adaptive load balancing by re-programming selector table */ c( "tolerance" arg /* Target tolerance in percentage (default 20%) */, "pps" /* Adaptive load balance based on packet per second (default bps) */, "scan-interval" arg /* Scan interval for multiple of 30 seconds (default 30 seconds) */ ) ) ) ) end rule(:any_filter) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "interface-shared" /* Filter is interface-shared */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "interface" ( /* Match interface name */ match_interface_object_oam /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "policy-map" arg, "policy-map-except" arg ), "service-filter-hit" /* Match if service-filter-hit is set */ ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "service-accounting" /* Count the packets for service accounting */, "service-accounting-deferred" /* Count the packets for deferred service accounting */, "service-filter-hit" /* Signal subsequent filters in the chain that packet was processed */, "force-premium" /* Process packets as premium traffic by subsequent hierarchical policers */, "loss-priority" ( /* Classify packet to loss-priority */ ("low" | "high" | "medium-low" | "medium-high") ), "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "forwarding-class" arg /* Classify packet to forwarding class */, c( "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:any_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "forwarding-class" /* Match forwarding class */, "forwarding-class-except" /* Do not match forwarding class */, "interface" /* Match interface name */, "interface-set" /* Match interface in set */, "loss-priority" /* Match Loss Priority */, "loss-priority-except" /* Do not match Loss Priority */, "packet-length" /* Match packet length */, "packet-length-except" /* Do not match packet length */ ) ) ) ) end rule(:application_object) do arg.as(:arg) ( c( "application-protocol" ( /* Application protocol type */ ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet") ), "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "ether-type" arg /* Match ether type */, "snmp-command" ( /* Match SNMP command */ ("get" | "get-next" | "get-response" | "set" | "trap") ), "icmp-type" ( /* Match ICMP message type */ ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp6-type" ( /* Match ICMP6 message type */ ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg) ), "icmp-code" ( /* Match ICMP message code */ ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp6-code" ( /* Match ICMP6 message code */ ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "ttl-threshold" arg /* Traceroute TTL threshold */, "rpc-program-number" arg /* Match range of RPC program numbers */, "uuid" arg /* Match universal unique identifier for DCE RPC objects */, "inactivity-timeout" ( /* Application-specific inactivity timeout */ ("never" | arg) ), "gate-timeout" arg /* Application-specific gate timeout */, "child-inactivity-timeout" arg /* Application-specific child session inactivity timeout */, "learn-sip-register" /* Learn potential incoming SIP calls by inspecting the SIP register method */, "sip-call-hold-timeout" arg /* SIP flow timeout when call is put on hold */, c( "do-not-translate-AAAA-query-to-A-query" /* Knob to control the translation of AAAA query to A query */, "do-not-translate-A-query-to-AAAA-query" /* Knob to control the translation of A query to AAAA query */ ) ) ) end rule(:application_set_object) do arg.as(:arg) ( c( "description" arg /* Text description of application set */, "application" arg /* Application to be included in the set */, "application-set" arg /* Define an application-set */ ) ) end rule(:aps_type) do c( c( "working-circuit" arg /* Working circuit group name */, "protect-circuit" arg /* Protect circuit group name */ ), "annex-b" /* Annex-b mode */, "wait-to-restore-time" arg /* Circuit wait-to-restore time for annex-b */, "preserve-interface" /* Preserve interface state for fast failover */, "neighbor" ( /* Neighbor address */ ipv4addr /* Neighbor address */ ), "paired-group" arg /* Name of paired APS group */, "authentication-key" ( /* Authentication parameters */ sc( unreadable /* Authentication key */ ) ).as(:oneline), "switching-mode" ( /* APS switching mode */ ("bidirectional" | "unidirectional") ), "advertise-interval" arg /* Advertise interval */, "hold-time" arg /* Hold time */, "revert-time" arg /* Circuit revert time */, "break-before-make" /* Ensure only one interface is active at a time */, "no-break-before-make" /* Don't ensure only one interface is active at a time */, c( "request" ( /* Request circuit state */ ("protect" | "working") ), "force" ( /* Force circuit state */ ("protect" | "working") ), "lockout" /* Lockout protection */ ), "fast-aps-switch" /* Fast aps switch */ ) end rule(:atm_policer_type) do arg.as(:arg) ( c( "logical-interface-policer" /* Policer is logical interface policer */, "atm-service" ( /* ATM service category */ ("cbr" | "rtvbr" | "nrtvbr" | "ubr") ), "peak-rate" arg /* ATM Peak Cell Rate (PCR) */, "sustained-rate" arg /* ATM Sustained Cell Rate (SCR) */, "max-burst-size" arg /* ATM Maximum Burst Size (MBS) */, "cdvt" arg /* Cell Delay Variation Tolerance */, "policing-action" ( /* Policing action */ ("count" | "discard" | "discard-tag") ) ) ) end rule(:auto_configure_vlan_type) do c( "stacked-vlan-ranges" ( /* Stacked Vlan Range configuration */ c( "dynamic-profile" arg ( /* Attach dynamic-profile to ranges */ c( "accept" ( enum(("inet" | "inet6" | "pppoe" | "dhcp-v4" | "dhcp-v6" | "any")) ), "ranges" arg /* Configure interface based on stacked-vlan range */, "access-profile" ( /* Auto-configure VLAN access profile for these ranges */ sc( arg ) ).as(:oneline) ) ), "override" ( /* SVLAN profile override specification */ c( "outer-tag" arg ( /* Specify pair of SVLAN tags for profile override */ c( "inner-tag" arg /* Stacked-vlan inner tag to be overridden */, "dynamic-profile" arg /* Dynamic profile to override with */ ) ) ) ), "authentication" ( /* Auto-configure stacked VLAN authentication */ auto_configure_authentication_type /* Auto-configure stacked VLAN authentication */ ), "access-profile" ( /* Auto-configure stacked VLAN access profile */ sc( arg ) ).as(:oneline) ) ), "vlan-ranges" ( /* Vlan Range configuration */ c( "dynamic-profile" arg ( /* Attach dynamic-profile to ranges */ c( c( "accept" ( enum(("inet" | "inet6" | "pppoe" | "dhcp-v4" | "dhcp-v6" | "any")) ), "accept-out-of-band" ( enum(("ancp")) ) ), "ranges" arg /* Configure interface based on vlan range */, "access-profile" ( /* Auto-configure VLAN access profile for these ranges */ sc( arg ) ).as(:oneline) ) ), "override" ( /* VLAN profile override specification */ c( "tag" arg ( /* Specify VLAN tag for profile override */ c( "dynamic-profile" arg /* Dynamic profile to override with */ ) ) ) ), "authentication" ( /* Auto-configure VLAN authentication */ auto_configure_authentication_type /* Auto-configure VLAN authentication */ ), "access-profile" ( /* Auto-configure VLAN access profile */ sc( arg ) ).as(:oneline) ) ), "agent-circuit-identifier" ( /* ACI configuration */ c( "dynamic-profile" arg /* Dynamic profile name */ ) ), "line-identity" ( /* Line-identity configuration */ c( "includes" ( /* Agent options configuration */ c( "circuit-id" /* Agent Circit id */, "remote-id" /* Agent Remote id */, "accept-no-ids" /* Accept packet with no agent options */ ) ), "dynamic-profile" arg /* Dynamic profile name */ ) ), "remove-when-no-subscribers" /* Requests auto-deletion of interface when not in use by subscribers */ ) end rule(:auto_configure_authentication_type) do c( "packet-types" ( enum(("inet" | "inet6" | "pppoe" | "dhcp-v4" | "dhcp-v6" | "any")) ), "password" arg /* Username password */, "username-include" ( /* Username options */ c( "delimiter" arg /* Delimiter/separator character */, "domain-name" arg /* Domain name */, "user-prefix" arg /* User defined prefix */, "mac-address" /* Include MAC address */, "option-82" ( /* Include option 82 */ sc( "circuit-id" /* Include option 82 circuit-id (sub option 1) */, "remote-id" /* Include option 82 remote-id (sub option 2) */ ) ).as(:oneline), "option-18" /* Include option 18 for dhcp-v6 */, "option-37" /* Include option 37 for dhcp-v6 */, "circuit-type" /* Include circuit type */, "radius-realm" arg /* Radius realm name */, "interface-name" /* Interface name */ ) ) ) end rule(:bgp_logical_system) do arg.as(:arg) ( c( "routing-instances" ( /* Routing instances */ bgp_routing_instances /* Routing instances */ ) ) ) end rule(:bgp_routing_instances) do arg.as(:arg) end rule(:bridge_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "instance-shared" /* Filter is routing-instance shared */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "vlan-ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "vlan-ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), "destination-mac-address" ( /* Destination MAC address */ firewall_mac_addr_object /* Destination MAC address */ ), "source-mac-address" ( /* Source MAC address */ firewall_mac_addr_object /* Source MAC address */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), c( "learn-vlan-dei" arg, "learn-vlan-dei-except" arg ), c( "traffic-type" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ), "traffic-type-except" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ) ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "ip-address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags */, c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), "ipv6-destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "ipv6-source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "ipv6-address" ( /* Match IPv6 address */ firewall_addr6_object /* Match IPv6 address */ ), c( "ipv6-next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "ipv6-traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ipv6-source-prefix-list" ( /* Match IPV6 source prefixes in named list */ firewall_prefix_list /* Match IPV6 source prefixes in named list */ ), "ipv6-destination-prefix-list" ( /* Match IPV6 destination prefixes in named list */ firewall_prefix_list /* Match IPV6 destination prefixes in named list */ ), "ipv6-prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ), c( "isid" arg, "isid-except" arg ), c( "isid-priority-code-point" arg, "isid-priority-code-point-except" arg ), c( "isid-dei" arg, "isid-dei-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ), "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "next-hop-group" arg /* Use specified next-hop group */, "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "forwarding-policy" ( /* Specify forwarding policy for extended port */ c( "uplink-select" arg /* Specify port group for uplink selection */ ) ) ) ) ) ) ) ) end rule(:ccc_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Any counters defined will be interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), "destination-mac-address" ( /* Destination MAC address */ firewall_mac_addr_object /* Destination MAC address */ ), "is-host-packet" /* Match if packet is host generated */, "source-mac-address" ( /* Source MAC address */ firewall_mac_addr_object /* Source MAC address */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "policy-map" arg, "policy-map-except" arg ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "port-mirror-instance" arg /* Port-mirror the packet to the specified instance */, "next-hop-group" arg /* Use specified next-hop group */, "port-mirror" /* Port-mirror the packet */, "packet-mode" /* Bypass flow mode for the packet */, "force-premium" /* Convert traffic-class to premium */, "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, c( "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ) ) ) ) ) end rule(:certificate_object) do arg.as(:arg) ( c( arg /* Certificate and private key string */ ) ) end rule(:charging_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("critical" | "error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "general" | "triggers" | "cdr-encoding" | "transport" | "path-management" | "fsm" | "ipc" | "resource" | "group-fsm" | "client-fsm" | "timers" | "online" | "tpm" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:chassis_type) do c( "copy-tos-to-outer" ( /* Copy TOS from inner to outer header */ c( "service-type" ( /* Service type for which the TOS copy is needed */ c( "gre" /* Copy TOS for GRE Tunnel service */, "mt" /* Copy TOS for MT Tunnel service */ ) ) ) ), "nssu" ( /* Nonstop Software Upgrade settings */ c( "upgrade-group" arg ( /* Nonstop Software Upgrade group */ c( "fpcs" arg /* FPCs associated with update-group */, "node-devices" arg /* Node-devices associated with update-group */, "member" ( /* Member of virtual chassis configuration */ upgrade_group_fpcs /* Member of virtual chassis configuration */ ) ) ), "rcp-count" arg /* Parallel rcp count */ ) ), "psu" ( /* Power Supply Unit redundancy configuration */ c( "redundancy" ( /* PSU Redundancy settings */ c( "n-plus-n" /* PSU redundancy: N+N configuration */ ) ) ) ), "fpc-resync" /* Send and receive Nchip cells for newly onlined FPC */, "craft-lockout" /* Disable craft interface input */, "config-button" ( /* Config button behavior settings */ sc( "no-rescue" /* Don't reset to rescue configuration */, "no-clear" /* Don't reset to factory-default configuration */ ) ).as(:oneline), "routing-engine-power-off-button-disable" /* Disable RE power off button */, "source-route" /* Enable IP source-route processing */, "no-source-route" /* Don't enable IP source-route processing */, "packet-scheduling" /* Enable DX2.0 packet scheduling */, "no-packet-scheduling" /* Don't enable DX2.0 packet scheduling */, "route-memory-enhanced" /* Enhance memory allocation for routes */, "policer-drop-probability-low" /* Set policer probabilistic drop probability to Minimum */, "policer-limit" /* Limit the policer tick unit to 32 bytes */, "enhanced-policer" /* Enhanced Policer Counters */, "effective-shaping-rate" /* Report effective shaping rate */, "memory-enhanced" ( /* Enhance memory allocation */ c( "route" /* Enhance memory allocation for routes */, "filter" /* Enhance memory allocation for filter */, "vpn-label" /* Enhance memory allocation for L3 VPN label */ ) ), "vrf-mtu-check" /* Enable Internet Processor II-based MTU check */, "icmp" ( /* ICMP protocol */ c( "rate-limit" arg /* Configure icmp rate-limit value in the range 1-50 for non ttl-expired packets */ ) ), "routing-performance" /* Alter routing performance */, "icmp6" ( /* ICMP version 6 protocol */ c( "rate-limit" arg /* Configure icmp rate-limit value in the range 1-50 for non ttl-expired packets */ ) ), "maximum-ecmp" ( /* Maximum ECMP limit for nexthops */ ("16" | "32" | "64") ), "ecmp-alb" ( /* Enable adaptive load balancing for ECMP nexthops */ c( "tolerance" arg /* Adaptive tolerance in percentage (default 20%) */ ) ), "redundancy" ( /* Redundancy settings */ chassis_redundancy_type /* Redundancy settings */ ), "routing-engine" ( /* Routing Engine settings */ chassis_routing_engine_type /* Routing Engine settings */ ), "aggregated-devices" ( /* Aggregated devices configuration */ chassis_agg_dev_type /* Aggregated devices configuration */ ), "disk-partition" enum(("/var" | "/config")) ( /* Chassis disk monitor configuration */ c( "level" enum(("high" | "full")) ( /* Threshold level */ c( "free-space" ( /* Enter threshold value & choose the metric */ sc( arg, c( "percent" /* Free space threshold in % */, "mb" /* Free space threshold in MB */ ) ) ).as(:oneline) ) ) ) ), "container-devices" ( /* Container devices configuration */ chassisd_agg_container_type /* Container devices configuration */ ), "pseudowire-service" ( /* Pseudowire L3 termination device configuration */ chassis_pw_type /* Pseudowire L3 termination device configuration */ ), "provider-instance-devices" ( /* Provider instance devices configuration */ chassisd_provider_instance_type /* Provider instance devices configuration */ ), "redundancy-group" ( /* Redundancy group configuration */ chassisd_redundancy_group_type /* Redundancy group configuration */ ), "fabric" ( /* Switch fabric settings */ chassis_fabric_type /* Switch fabric settings */ ), "fpc" ( /* Flexible PIC Concentrator parameters */ chassis_fpc_type /* Flexible PIC Concentrator parameters */ ), "disable-fm" /* Disable Fabric Manager */, "disable-power-management" /* Disable Power Management in this chassis */, "fpc-feb-connectivity" ( /* Connectivity between Flexible PIC Concentrators and Forwarding Engine Boards */ c( "fpc" arg ( c( "feb" ( /* FEB slot number */ sc( c( "none" /* FPC not connected to any FEB */, arg ) ) ).as(:oneline) ) ) ) ), "ioc-npc-connectivity" ( /* Connectivity between IOC and NPC */ c( "ioc" arg ( c( "npc" ( /* NPC-FPC slot number */ sc( c( "none" /* IOC not connected to any NPC */, arg ) ) ).as(:oneline) ) ) ) ), "pem" ( /* Power supply (PEM) parameters */ chassis_pem_type /* Power supply (PEM) parameters */ ), "sib" ( /* Switch Interface Board parameters */ chassis_sib_type /* Switch Interface Board parameters */ ), "sfm" ( /* Switching and Forwarding Module parameters */ chassis_sfm_type /* Switching and Forwarding Module parameters */ ), "feb" ( /* Forwarding Engine Board parameters */ chassis_feb_type /* Forwarding Engine Board parameters */ ), "afeb" ( /* Forwarding Engine Board parameters */ chassis_feb_type /* Forwarding Engine Board parameters */ ), "tfeb" ( /* Taz Forwarding Engine Board parameters */ chassis_feb_type /* Taz Forwarding Engine Board parameters */ ), "alarm" ( /* Global alarm settings */ chassis_alarm_type /* Global alarm settings */ ), "slow-pfe-alarm" /* Enable slow (potential) PFE alarm */, "fpc-ifl-ae-statistics" /* Enable fpc ifl ae child statistics */, "ppp-subscriber-services" ( /* Select PPP subscriber services */ ("disable" | "enable") ), "ambient-temperature" ( /* Chassis ambient-temperature value in degree celsius */ ("55C" | "40C" | "25C") ), "network-services" ( /* Chassis network services configuration */ ("ip" | "ethernet" | "enhanced-ip" | "enhanced-ethernet" | "enhanced-mode" | "lan") ), "usb" ( /* USB control flags */ c( "storage" ( /* USB storage flags */ c( "disable" /* Disable USB storage */ ) ) ) ), "lcc" arg ( /* Line-card chassis configuration */ c( "fpc" ( /* Flexible PIC Concentrator parameters */ chassis_fpc_type /* Flexible PIC Concentrator parameters */ ), "pem" ( /* Power supply (PEM) parameters */ chassis_pem_type /* Power supply (PEM) parameters */ ), "spmb" /* Switch Processor Mezzanine Board parameters */, c( "online-expected" /* LCC is expected to be online */, "offline" /* LCC is expected to be offline */ ) ) ), "lcc-mode" ( /* Line card chassis mode T4000/T1600/EMPTY configuration */ c( "lcc" arg ( c( "mode" ( /* Changing Mode of LCC will result in the restart of LCC */ ("t1600" | "t4000" | "empty") ) ) ) ) ), "member" arg ( /* Member chassis configuration */ c( "fabric" ( /* Switch fabric settings */ chassis_fabric_type /* Switch fabric settings */ ), "fpc" ( /* Flexible PIC Concentrator parameters */ chassis_fpc_type /* Flexible PIC Concentrator parameters */ ) ) ), "host-outbound" ( /* Host-out bound options */ c( "media-interface" /* Enable processing of media interface features for Host gernated packets */ ) ), "synchronization" ( /* Clock synchronization options */ c( "switchover-mode" ( /* Should system revert to higher priority valid source */ ("non-revertive" | "revertive") ), "switching-mode" ( /* Should system revert to higher priority valid source */ ("non-revertive" | "revertive") ), "network-option" ( /* EEC synchronization networking type */ ("option-1" | "option-2") ), "selection-mode" ( /* Selection mode for incoming ESMC quality */ ("configured-quality" | "received-quality") ), "clock-mode" ( /* Synchronous Ethernet Clock selection mode */ ("free-run" | "auto-select") ), "quality-mode-enable" /* Enable Synchronous Ethernet ESMC Quality mode */, "max-transmit-quality-level" ( /* Maximum transmit quality level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "stu" | "st2" | "tnc" | "st3e") ), "global-wait-to-restore" arg /* Global Port signal up state time before opening for ESMC */, "port" ("auxiliary" | "gnss" | "time-of-day") ( /* Clock synchronization ports */ c( "client" ( /* Port client receiving external signals */ c( "time-of-day-format" ( /* Time-of-day format as received on this port */ c( c( "ascii" arg /* ASCII Time-of-day message format string */ ) ) ), "cable-length-compensation" arg /* Antenna cable length compensation in nanoseconds */, "antenna-voltage" ( /* Configure antenna voltage */ ("3.3" | "5") ), "constellation" ( /* Configure constellation of satellites to use */ ("gps" | "glonass" | "gps-and-glonass") ), "anti-jamming" /* Enable anti-jamming feature */ ) ), "server" ( /* The role of port is server which transmits signals out */ c( "time-of-day-format" ( /* RS-232 port time-of-day format */ c( c( "ascii" arg /* ASCII Time-of-day message format string */ ) ) ) ) ) ) ), "interfaces" ("external" | "external-0/0" | "external-0/1" | "external-1/0" | "external-1/1" | "external-a" | "external-b" | "bits" | "bits-a" | "bits-b" | "gps-0" | "gps-1") ( /* Interface(s) with upstream clock source */ c( "signal-type" ( /* Frequency for provided reference clocks */ ("1mhz" | "5mhz" | "10mhz" | "2048khz" | "e1" | "t1" | "cc-8k" | "cc-8k-400" | "6312k") ), "pulse-per-second-enable" /* Enable pulse-per-second (PPS) receive on the interface */, "e1-options" ( /* E1 interface-specific options */ c( "line-encoding" ( /* Line encoding */ ("ami" | "hdb3") ), "framing" ( /* Framing mode */ ("g704" | "g704-no-crc4") ), "sabit" arg /* The sabit used for exchanging SSM quality */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "framing" ( /* Framing mode */ ("esf" | "sf") ) ) ) ) ), "output" ( /* External clock interface related */ c( "interfaces" ("external" | "external-0/0" | "external-0/1" | "external-1/0" | "external-1/1" | "external-a" | "external-b") ( /* Interface(s) to output source to */ c( "wander-filter-disable" /* Disables wander filtering */, "holdover-mode-disable" /* Disables holdover */, "source-mode" ( /* Source mode for selecting source to output */ ("chassis" | "line") ), "tx-dnu-to-line-source-enable" /* Sets Tx QL to DNU/DUS on line source interface */, "minimum-quality" ( /* Minimum quality threshold */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ) ) ), "source" ( /* ESMC source(s) related */ c( "external-a" ( /* External Clock source A */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "external-b" ( /* External Clock source B */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "gps" ( /* Global Positioning System 10MHz input */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "gps-0" ( /* Global Positioning System input A */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "gps-1" ( /* Global Positioning System input B */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "bits" ( /* External Building Integrated Timing Supply input */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "no-ssm-support" /* No SSM support available for this interface */, "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "bits-a" ( /* External Building Integrated Timing Supply input A */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "bits-b" ( /* External Building Integrated Timing Supply input B */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ), "interfaces" ("external" | "external-0/0" | "external-0/1" | "external-1/0" | "external-1/1" | "external-a" | "external-b" | arg) ( /* Interface(s) with upstream clock source */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "no-ssm-support" /* No SSM support available for this interface */, "hold-off-time" arg /* Port signal down state time before closing for ESMC */, "aggregated-ether" arg /* Aggregated sources group name */, "quality-level" ( /* ESMC Clock EEC level */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu") ) ) ) ) ), "esmc-transmit" ( /* ESMC transmit parameters */ c( "interfaces" (arg | "all") /* Interface(s) on which to permit ESMC transmit messages */ ) ), "hold-interval" ( /* Hold interval */ c( "switchover" arg /* Switchover wait time after clock recovery */, "configuration-change" arg /* Clock select wait time after change in config */, "restart" arg /* Clock select wait time after reboot */ ) ), "validation-interval" arg /* Time between frequency measurements */, "y-cable-line-termination" /* A single signal is wired to both CBs via Y-cable */, "transmitter-enable" /* Control whether diagnostic timing signal is transmitted */, "signal-type" ( /* Frequency for provided reference clocks */ ("e1" | "t1" | "cc-8k" | "cc-8k-400" | "6312k") ), "primary" ( /* Best choice synchronization reference source list */ ("external-a" | "external-b" | "bits-a" | "bits-b" | "gps-0" | "gps-1" | "fpc-0" | "fpc-1" | "fpc-2" | "fpc-3" | "fpc-4" | "fpc-5" | "fpc-6" | "fpc-7" | "fpc-8" | "fpc-9" | "fpc-10" | "fpc-11" | "fpc-12" | "fpc-13" | "fpc-14" | "fpc-15") ), "secondary" ( /* Alternative choice synchronization reference source list */ ("external-a" | "external-b" | "bits-a" | "bits-b" | "gps-0" | "gps-1" | "fpc-0" | "fpc-1" | "fpc-2" | "fpc-3" | "fpc-4" | "fpc-5" | "fpc-6" | "fpc-7" | "fpc-8" | "fpc-9" | "fpc-10" | "fpc-11" | "fpc-12" | "fpc-13" | "fpc-14" | "fpc-15") ) ) ), "lcd" ( /* Chassis LCD */ c( "fpc" arg ( sc( c( "maintenance-menu" /* LCD maintenance menu */ ), ("disable") ) ).as(:oneline), c( "maintenance-menu" /* LCD maintenance menu */ ), ("disable") ) ), "forwarding-options" ( /* Configure options to control packet forwarding */ c( c( "l2-profile-one" ( /* MAC: 136K L3-host: 8K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-two" ( /* MAC: 104K L3-host: 40K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-three" ( /* (default) MAC: 160K L3-host: 144K LPM: 16K, needs reboot for VC;restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l3-profile" ( /* MAC: 40K L3-host: 104K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "lpm-profile" ( /* MAC: 8K L3-host: 8K LPM: 128K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */, "unicast-in-lpm" /* Install unicast host entries in LPM table */ ) ), "exact-match-profile" ( /* MAC: 8K L3-host: 8K LPM: 16K EM: 64K, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "custom-profile" ( /* Partition the shared banks, needs reboot for VC; restarts PFE if standalone */ c( "l2-entries" ( /* Customize l2 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "l3-entries" ( /* Customize l3 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "exact-match-entries" ( /* Customize exact match entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "lpm-entries" ( /* Customize lpm banks needed */ c( "num-banks" ( /* Number of banks needed for entries of this type */ ("0" | "2" | "4") ), "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */ ) ), "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ) ) ) ), "lcd-menu" ( /* Chassis LCD menu */ c( "fpc" arg ( c( "menu-item" arg ( /* LCD menu item */ sc( "disable" /* Disable LCD menu */ ) ).as(:oneline) ) ), "menu-item" arg ( /* LCD menu item */ sc( "disable" /* Disable LCD menu */ ) ).as(:oneline) ) ), "fru-poweron-sequence" arg /* FRUs power on sequence like 0 1 2 3 ... within double quotes */, "auto-image-upgrade" /* Auto image upgrade using DHCP */, "route-localization" ( /* Route-Localization settings */ c( "inet" /* Route-Localization inet */, "inet6" /* Route-Localization inet6 */ ) ), "state" ( /* Set SFB upgrade state. */ c( "cb-upgrade" ( /* Set CB upgrade state on/off. */ ("off" | "on") ), "sfb-upgrade" ( /* Set SFB upgrade state on/off. */ ("off" | "on") ) ) ), "multicast-loadbalance" ( /* Multicast load balancing settings */ chassis_ae_lb_type /* Multicast load balancing settings */ ), "extended-statistics" /* Enable extended system statistics */, "error" ( /* Error level configuration for all FPC */ chassis_fpc_error_type /* Error level configuration for all FPC */ ), "oss-map" ( /* Translate Operation Supported System's requirements */ c( "model-name" ( /* Override chassis model name for specific show/snmp output */ ("t640" | "t1600") ) ) ), "satellite" arg /* List of available satellite configurations */, "auto-satellite-conversion" /* Enable remote conversion to satellite device-mode */, "satellite-management" ( /* Satellite management configuration */ c( "traceoptions" ( /* Global satelite discovery and provisioning trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("parse" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "krt" | "lldp" | "provision" | "extended-port" | "multi-chassis" | "upgrade-group" | "device" | "tcp" | "interface" | "cluster" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "cluster-policy" arg /* Cluster policy */, "cluster" arg ( c( "cluster-id" arg /* Satellite cluster identifier */, "cascade-ports" ( /* Cascade ports */ interface_device /* Cascade ports */ ), "cluster-policy" arg /* Candidate uplink policy */, "fpc" arg ( c( "alias" arg /* Satellite alias */, "description" arg /* Satellite description */, "member-id" arg /* Satellite member id */, "system-id" ( /* Satellite system id */ mac_addr /* Satellite system id */ ), "cluster-policy" arg /* Candidate uplink policy */ ) ) ) ), "fpc" arg ( c( "serial-number" arg /* Satellite serial number */, "system-id" ( /* Satellite system id */ mac_addr /* Satellite system id */ ), "alias" arg /* Satellite alias */, "description" arg /* Satellite description */, "management-address" ( /* Satellite Management Interface IP */ c( "address" ( /* Satellite Management Interface IP address */ ipv4prefix /* Satellite Management Interface IP address */ ), "gateway" ( /* Satellite Management Interface Gateway IP address */ ipv4addr /* Satellite Management Interface Gateway IP address */ ) ) ), "cascade-ports" ( /* Cascade ports */ interface_device /* Cascade ports */ ), "extended-ports-template" arg /* Extended ports template */, c( "uplink-failure-detection" ( /* Enable uplink-failure-detection */ c( "candidate-uplink-policy" arg /* Candidate uplink policy */ ) ) ), "environment-monitoring-policy" arg /* Environment monitoring policy */, c( "forwarding-policy" ( /* Enable a forwarding policy */ c( arg /* Define forwarding policy alias */ ) ) ) ) ), "extended-ports-policy" arg /* Extended ports policy */, c( "uplink-failure-detection" ( /* Enable uplink-failure-detection */ c( "candidate-uplink-policy" arg /* Candidate uplink policy */ ) ) ), "psu" ( /* Power Supply Unit redundancy configuration */ c( "redundancy" ( /* PSU Redundancy settings */ c( "n-plus-n" /* PSU redundancy: N+N configuration */ ) ) ) ), "environment-monitoring-policy" ( /* Environment monitoring policy */ c( "policy-name" arg /* Default environment monitoring policy */ ) ), c( "forwarding-policy" ( /* Enable a forwarding policy */ c( arg /* Define forwarding policy alias */ ) ) ), "redundancy-groups" ( /* Redundancy groups configuration */ c( "chassis-id" arg /* Chassis identifier */, redundancy_group_type /* Redundancy groups */ ) ), "upgrade-groups" ( /* Upgrade group configuration */ c( upgrade_group_type /* Upgrade group */ ) ), "auto-satellite-conversion" ( c( "satellite" arg /* Satellite slot-id or range or all */ ) ), "single-home" ( c( "satellite" arg /* Satellite slot-id or range or all */ ) ), "aging-timer" arg /* Aging-timer */, "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( satellite_bridge_filter ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ satellite_bridge_filter /* Define an Ethernet Switching firewall filter */ ) ) ) ) ) ) ) ) ), "periodic" ( /* Chassisd periodic options */ c( "yield-cpu" /* Yield cpu in FRU periodic */, "one-sib-per-check" /* Check one SIB per periodic */, "no-sib-asic-stats" /* Disable asic statis for all SIBs in periodic */, "slow-fpc-check" /* Slow FPC check in periodic */, "ch-power-check-interval" arg /* Chassis power check interval, 0=default */, "re-check-interval" arg /* Chassis RE check interval, 0=default */ ) ), "turbotx-disable" /* Disable turbotx processing */, "system-domains" ( /* Root and protected system domain configuration */ c( "root-domain-id" arg /* Root domain identifier */, "protected-system-domains" ( /* Protected system domain configuration */ juniper_protected_system_domain /* Protected system domain configuration */ ), "traceoptions" ( /* Protected system domain traceoptions */ juniper_protected_system_domain_traceoptions /* Protected system domain traceoptions */ ) ) ), "network-slices" ( /* Network slices configuration */ c( "guest-network-functions" ( /* Guest network function configuration */ c( "gnf" ( /* Guest network function */ juniper_gnf /* Guest network function */ ) ) ) ) ) ) end rule(:chassis_pw_type) do c( "device-count" arg /* Number of pseudo-wire ps devices */ ) end rule(:chassis_ae_lb_type) do c( "disable" /* Disable Multicast load balancing */, "hash-mode" ( /* PFE hash mode */ ("crc-sgip" | "crc-gip" | "crc-sip" | "simple-sgip" | "simple-gip" | "simple-sip" | "balanced") ) ) end rule(:chassis_agg_dev_type) do c( "ae-20" /* Run AE over Container nexthops Infrastructure */, "ethernet" ( /* Aggregated device options for Ethernet */ chassisd_agg_enet_type /* Aggregated device options for Ethernet */ ), "sonet" ( /* Aggregated device options for SONET */ chassisd_agg_pos_type /* Aggregated device options for SONET */ ), "maximum-links" arg /* Maximum links limit for aggregated devices (16, 32, or 64) */ ) end rule(:chassis_alarm_type) do c( "management-ethernet" ( /* Management Ethernet alarms */ chassis_alarm_ethernet_type /* Management Ethernet alarms */ ), "otn-odu" ( /* OTN ODU alarms */ chassis_alarm_otn_odu_type /* OTN ODU alarms */ ), "otn-otu" ( /* OTN OTU alarms */ chassis_alarm_otn_otu_type /* OTN OTU alarms */ ), "sonet" ( /* SONET alarms */ chassis_alarm_sonet_type /* SONET alarms */ ), "t3" ( /* DS3 alarms */ chassis_alarm_ds3_type /* DS3 alarms */ ), "ds1" ( /* DS1 alarms */ chassis_alarm_ds1_type /* DS1 alarms */ ), "ethernet" ( /* Ethernet alarms */ chassis_alarm_ethernet_type /* Ethernet alarms */ ), "integrated-services" ( /* Integrated services alarms */ chassis_alarm_integrated_services_type /* Integrated services alarms */ ), "services" ( /* Services PIC alarms */ chassis_alarm_services_type /* Services PIC alarms */ ), "serial" ( /* Serial alarms */ chassis_alarm_serial_type /* Serial alarms */ ), "fibre-channel" ( /* Fibre Channel alarms */ chassis_alarm_fibre_channel_type /* Fibre Channel alarms */ ), "relay" ( /* Alarm relays */ chassis_alarm_relay_type /* Alarm relays */ ) ) end rule(:chassis_alarm_ds1_type) do c( "ais" ( /* Alarm indicator signal */ ("red" | "yellow" | "ignore") ), "ylw" ( /* Yellow alarm */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_ds3_type) do c( "ais" ( /* Alarm indicator signal */ ("red" | "yellow" | "ignore") ), "exz" ( /* Excessive zeros */ ("red" | "yellow" | "ignore") ), "ferf" ( /* Far-end failure */ ("red" | "yellow" | "ignore") ), "idle" ( /* Idle alarm */ ("red" | "yellow" | "ignore") ), "lcv" ( /* Line code violation */ ("red" | "yellow" | "ignore") ), "lof" ( /* Loss of frame */ ("red" | "yellow" | "ignore") ), "los" ( /* Loss of signal */ ("red" | "yellow" | "ignore") ), "pll" ( /* Phase-locked loop out of lock */ ("red" | "yellow" | "ignore") ), "ylw" ( /* Yellow alarm */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_ethernet_type) do c( "link-down" ( /* Link has gone down */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_fibre_channel_type) do c( "link-down" ( /* Link has gone down */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_integrated_services_type) do c( "failure" ( /* Integrated Services failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_otn_odu_type) do c( "odu-bdi" ( /* ODU backward-defect-indicator, ODU-BDI failure */ ("red" | "yellow" | "ignore") ), "odu-ttim" ( /* ODU trail-trace-identifier-mismatch, ODU-TTIM failure */ ("red" | "yellow" | "ignore") ), "odu-ptim" ( /* ODU payload-type-mismatch, ODU-PTIM failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_otn_otu_type) do c( "oc-los" ( /* Loss of signal, LOS failure */ ("red" | "yellow" | "ignore") ), "oc-lof" ( /* Loss of framing, LOF failure */ ("red" | "yellow" | "ignore") ), "oc-lom" ( /* Loss of multiframe, LOM failure */ ("red" | "yellow" | "ignore") ), "wavelength-lock" ( /* Wavelength lock alarm */ ("red" | "yellow" | "ignore") ), "otu-bdi" ( /* OTU backward-defect-indicator, OTU-BDI failure */ ("red" | "yellow" | "ignore") ), "otu-iae" ( /* OTU incoming-alignment-error, OTU-IAE failure */ ("red" | "yellow" | "ignore") ), "otu-ttim" ( /* OTU trail-trace-identifier-mismatch, OTU-TTIM failure */ ("red" | "yellow" | "ignore") ), "otu-fec-excessive-errs" ( /* OTU fec-excessive-errors, OTU-FEC_EXE failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_relay_type) do c( "input" ( /* Input relays */ c( "port" arg ( c( "mode" ( /* Relay mode in de-active state */ ("open" | "close") ), "trigger" ( /* Relay triggered */ ("red" | "yellow" | "ignore") ) ) ) ) ), "output" ( /* Output relays */ c( "port" arg ( c( "mode" ( /* Relay mode in de-active state */ ("open" | "close") ), "temperature" /* Trigger on temperature alarm red */, "input-relay" arg /* Trigger on input relay trigger */ ) ) ) ) ) end rule(:chassis_alarm_serial_type) do c( "loss-of-rx-clock" ( /* RX clock absent */ ("red" | "yellow" | "ignore") ), "loss-of-tx-clock" ( /* TX clock absent */ ("red" | "yellow" | "ignore") ), "dcd-absent" ( /* DCD signal absent */ ("red" | "yellow" | "ignore") ), "cts-absent" ( /* CTS signal absent */ ("red" | "yellow" | "ignore") ), "dsr-absent" ( /* DSR signal absent */ ("red" | "yellow" | "ignore") ), "tm-absent" ( /* TM signal absent */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_services_type) do c( "pic-reset" ( /* Services PIC reset */ ("red" | "yellow" | "ignore") ), "pic-hold-reset" ( /* Services PIC held in reset */ ("red" | "yellow" | "ignore") ), "linkdown" ( /* Services PIC linkdown */ ("red" | "yellow" | "ignore") ), "rx-errors" ( /* Services PIC excessive rx errors */ ("red" | "yellow" | "ignore") ), "tx-errors" ( /* Services PIC excessive tx errors */ ("red" | "yellow" | "ignore") ), "sw-down" ( /* Services PIC software problem */ ("red" | "yellow" | "ignore") ), "hw-down" ( /* Services PIC hardware problem */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_sonet_type) do c( "lol" ( /* Loss of light */ ("red" | "yellow" | "ignore") ), "pll" ( /* Phase locked loop out of lock */ ("red" | "yellow" | "ignore") ), "lof" ( /* Loss of framing, LOF failure */ ("red" | "yellow" | "ignore") ), "los" ( /* Loss of signal, LOS failure */ ("red" | "yellow" | "ignore") ), "ais-l" ( /* Line alarm indication signal, AIS-L failure */ ("red" | "yellow" | "ignore") ), "ais-p" ( /* Path alarm indication signal, AIS-P failure */ ("red" | "yellow" | "ignore") ), "lop-p" ( /* Loss of pointer, LOP-P failure */ ("red" | "yellow" | "ignore") ), "ber-sd" ( /* Signal Degrade (SD), bit error rate > 1E-6 */ ("red" | "yellow" | "ignore") ), "ber-sf" ( /* Signal Fail (SF), bit error rate > 1E-3 */ ("red" | "yellow" | "ignore") ), "rfi-l" ( /* Line remote failure indication, RFI-L, line FERF */ ("red" | "yellow" | "ignore") ), "rfi-p" ( /* Path remote failure indication, RFI-P, STS path yellow */ ("red" | "yellow" | "ignore") ), "uneq-p" ( /* STS Path (C2) unequipped, UNEQ-P failure */ ("red" | "yellow" | "ignore") ), "locd" ( /* Loss of cell delineation (ATM only) */ ("red" | "yellow" | "ignore") ), "plm-p" ( /* STS payload label (C2) mismatch, PLM-P failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_fabric_type) do c( "upgrade-mode" ( /* Enable online switch fabric upgrade */ ("default" | "t4000" | "3d-fabric") ), "degraded" ( /* Degraded fabric configuration */ c( "action-fpc-restart-disable" /* Limit degraded fabric actions to Plane restart only */, "degraded-fpc-bad-plane-threshold" arg /* No of bad planes to declare a FPC degraded */, "degraded-fabric-detection-enable" /* Enable degraded FPC detection */, "fpc-restart" /* Restart fpc on zero planes */, "auto-recovery-disable" /* Disable fabric degraded auto recovery */, "fpc-offline-on-blackholing" /* Offline FPC on fabric blackholing */ ) ), "redundancy-mode" ( /* Fabric redundancy mode */ c( c( "redundant" /* Fabric is configured in redundant mode */, "increased-bandwidth" /* Fabric is configured in increased bandwidth mode */ ) ) ), "disable-grant-bypass" /* Disable fabric grant-bypass mode */ ) end rule(:chassis_feb_type) do c( "sanity-poll" ( /* FPC register sanity poll */ c( "retry-count" arg /* Number of retries before reporting error */, "on-error" ( /* Actions to be taken if inconsistencies are detected */ c( "raise-alarm" /* Raise emergency alarm */, "power" ( /* Power cycle or power off FPC */ ("cycle" | "off") ), "write-coredump" /* Write coredump and continue */ ) ) ) ), "slot" arg ( c( "sanity-poll" ( /* FPC register sanity poll */ c( "retry-count" arg /* Number of retries before reporting error */, "on-error" ( /* Actions to be taken if inconsistencies are detected */ c( "raise-alarm" /* Raise emergency alarm */, "power" ( /* Power cycle or power off FPC */ ("cycle" | "off") ), "write-coredump" /* Write coredump and continue */ ) ) ) ), "power" ( /* Power FEBs on or off */ ("off" | "on") ), "port-mirror-instance" arg /* Associate a port mirroring instance with the FEB */, "sampling-instance" arg /* Associate a sampling instance with the FEB */, "ucode-imem-remap" /* Remap the PIC microcode to IMEM on FEB */, "inline-services" ( c( "report-zero-oif-gw-on-discard" /* Jflow reports value zero in OIF and GW when traffic is not forwarded */, "flex-flow-sizing" /* No fixed size allocation of flow tables for proto families */, "use-extended-flow-memory" /* Use extended memory for flow records */, "flow-table-size" ( c( "ipv4-flow-table-size" arg /* IPv4 flow table size in units of 256k */, "ipv6-flow-table-size" arg /* IPv6 flow table size in units of 256k */, "vpls-flow-table-size" arg /* VPLS flow table size in units of 256k */, "ipv6-extended-attrib" /* Enable extended flow attribute */, "mpls-flow-table-size" arg /* MPLS flow table size in units of 256k */ ) ) ) ), "inline-video-monitoring" ( c( "maximum-flows-count" arg /* Maximum number of inline video monitoring flows per PFE instance */ ) ) ) ) ) end rule(:chassis_fpc_error_type) do c( "fatal" ( /* FPC Fatal errors (default threshold = 1) */ chassis_fpc_error_level_type /* FPC Fatal errors (default threshold = 1) */ ), "major" ( /* FPC Major Level errors (default threshold = 1) */ chassis_fpc_error_level_type /* FPC Major Level errors (default threshold = 1) */ ), "minor" ( /* FPC Minor Level errors (default threshold = 10) */ chassis_fpc_error_level_type /* FPC Minor Level errors (default threshold = 10) */ ) ) end rule(:chassis_fpc_error_level_type) do c( "threshold" arg /* Error count at which to take the action (0 - valid for minor only) */, "action" enum(("reset" | "offline" | "alarm" | "get-state" | "log" | "disable-pfe" | "offline-pic")) /* Configure the action for this level */ ) end rule(:chassis_fpc_type) do arg.as(:arg) ( c( "auto-speed-detection" ( /* Disables auto-speed detection */ c( c( "disable" /* Disables automatic speed detection as 40g or 4x10g */ ) ) ), "sanity-poll" ( /* FPC register sanity poll */ c( "retry-count" arg /* Number of retries before reporting error */, "on-error" ( /* Actions to be taken if inconsistencies are detected */ c( "raise-alarm" /* Raise emergency alarm */, "power" ( /* Power cycle or power off FPC */ ("cycle" | "off") ), "write-coredump" /* Write coredump and continue */ ) ) ) ), "forwarding-options" ( /* Configure options to control packet forwarding */ c( c( "l2-profile-one" ( /* MAC: 136K L3-host: 8K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-two" ( /* MAC: 104K L3-host: 40K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-three" ( /* (default) MAC: 160K L3-host: 144K LPM: 16K, needs reboot for VC;restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l3-profile" ( /* MAC: 40K L3-host: 104K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "lpm-profile" ( /* MAC: 8K L3-host: 8K LPM: 128K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */, "unicast-in-lpm" /* Install unicast host entries in LPM table */ ) ), "exact-match-profile" ( /* MAC: 8K L3-host: 8K LPM: 16K EM: 64K, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "custom-profile" ( /* Partition the shared banks, needs reboot for VC; restarts PFE if standalone */ c( "l2-entries" ( /* Customize l2 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "l3-entries" ( /* Customize l3 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "exact-match-entries" ( /* Customize exact match entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "lpm-entries" ( /* Customize lpm banks needed */ c( "num-banks" ( /* Number of banks needed for entries of this type */ ("0" | "2" | "4") ), "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */ ) ), "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ) ) ) ), "pic" ( /* Physical Interface Card number */ chassis_pic_type /* Physical Interface Card number */ ), "optical-options" ( /* Integrated Photonic Line Card settings */ c( "disable-edfa" /* Disable both EDFA */, "no-disable-edfa" /* Don't disable both EDFA */, "disable-osc" /* Disable OSC */, "no-disable-osc" /* Don't disable OSC */, "wavelength" ("1568.77" | "1568.36" | "1568.26" | "1568.16" | "1568.05" | "1567.95" | "1567.85" | "1567.75" | "1567.64" | "1567.54" | "1567.44" | "1567.34" | "1567.23" | "1567.13" | "1567.03" | "1566.93" | "1566.83" | "1566.72" | "1566.62" | "1566.52" | "1566.42" | "1566.31" | "1566.21" | "1566.11" | "1566.01" | "1565.90" | "1565.80" | "1565.70" | "1565.60" | "1565.50" | "1565.39" | "1565.29" | "1565.19" | "1565.09" | "1564.99" | "1564.88" | "1564.78" | "1564.68" | "1564.58" | "1564.47" | "1564.37" | "1564.27" | "1564.17" | "1564.07" | "1563.96" | "1563.86" | "1563.76" | "1563.66" | "1563.56" | "1563.45" | "1563.35" | "1563.25" | "1563.15" | "1563.05" | "1562.95" | "1562.84" | "1562.74" | "1562.64" | "1562.54" | "1562.44" | "1562.33" | "1562.23" | "1562.13" | "1562.03" | "1561.93" | "1561.83" | "1561.72" | "1561.62" | "1561.52" | "1561.42" | "1561.32" | "1561.22" | "1561.11" | "1561.01" | "1560.91" | "1560.81" | "1560.71" | "1560.61" | "1560.50" | "1560.40" | "1560.30" | "1560.20" | "1560.10" | "1560.00" | "1559.90" | "1559.79" | "1559.69" | "1559.59" | "1559.49" | "1559.39" | "1559.29" | "1559.19" | "1559.08" | "1558.98" | "1558.88" | "1558.78" | "1558.68" | "1558.58" | "1558.48" | "1558.38" | "1558.27" | "1558.17" | "1558.07" | "1557.97" | "1557.87" | "1557.77" | "1557.67" | "1557.57" | "1557.46" | "1557.36" | "1557.26" | "1557.16" | "1557.06" | "1556.96" | "1556.86" | "1556.76" | "1556.66" | "1556.55" | "1556.45" | "1556.35" | "1556.25" | "1556.15" | "1556.05" | "1555.95" | "1555.85" | "1555.75" | "1555.65" | "1555.55" | "1555.44" | "1555.34" | "1555.24" | "1555.14" | "1555.04" | "1554.94" | "1554.84" | "1554.74" | "1554.64" | "1554.54" | "1554.44" | "1554.34" | "1554.23" | "1554.13" | "1554.03" | "1553.93" | "1553.83" | "1553.73" | "1553.63" | "1553.53" | "1553.43" | "1553.33" | "1553.23" | "1553.13" | "1553.03" | "1552.93" | "1552.83" | "1552.73" | "1552.62" | "1552.52" | "1552.42" | "1552.32" | "1552.22" | "1552.12" | "1552.02" | "1551.92" | "1551.82" | "1551.72" | "1551.62" | "1551.52" | "1551.42" | "1551.32" | "1551.22" | "1551.12" | "1551.02" | "1550.92" | "1550.82" | "1550.72" | "1550.62" | "1550.52" | "1550.42" | "1550.32" | "1550.22" | "1550.12" | "1550.02" | "1549.92" | "1549.82" | "1549.72" | "1549.62" | "1549.52" | "1549.42" | "1549.32" | "1549.21" | "1549.11" | "1549.01" | "1548.91" | "1548.81" | "1548.71" | "1548.61" | "1548.51" | "1548.41" | "1548.31" | "1548.21" | "1548.11" | "1548.02" | "1547.92" | "1547.82" | "1547.72" | "1547.62" | "1547.52" | "1547.42" | "1547.32" | "1547.22" | "1547.12" | "1547.02" | "1546.92" | "1546.82" | "1546.72" | "1546.62" | "1546.52" | "1546.42" | "1546.32" | "1546.22" | "1546.12" | "1546.02" | "1545.92" | "1545.82" | "1545.72" | "1545.62" | "1545.52" | "1545.42" | "1545.32" | "1545.22" | "1545.12" | "1545.02" | "1544.92" | "1544.82" | "1544.72" | "1544.63" | "1544.53" | "1544.43" | "1544.33" | "1544.23" | "1544.13" | "1544.03" | "1543.93" | "1543.83" | "1543.73" | "1543.63" | "1543.53" | "1543.43" | "1543.33" | "1543.23" | "1543.13" | "1543.04" | "1542.94" | "1542.84" | "1542.74" | "1542.64" | "1542.54" | "1542.44" | "1542.34" | "1542.24" | "1542.14" | "1542.04" | "1541.94" | "1541.84" | "1541.75" | "1541.65" | "1541.55" | "1541.45" | "1541.35" | "1541.25" | "1541.15" | "1541.05" | "1540.95" | "1540.85" | "1540.76" | "1540.66" | "1540.56" | "1540.46" | "1540.36" | "1540.26" | "1540.16" | "1540.06" | "1539.96" | "1539.86" | "1539.77" | "1539.67" | "1539.57" | "1539.47" | "1539.37" | "1539.27" | "1539.17" | "1539.07" | "1538.98" | "1538.88" | "1538.78" | "1538.68" | "1538.58" | "1538.48" | "1538.38" | "1538.28" | "1538.19" | "1538.09" | "1537.99" | "1537.89" | "1537.79" | "1537.69" | "1537.59" | "1537.50" | "1537.40" | "1537.30" | "1537.20" | "1537.10" | "1537.00" | "1536.90" | "1536.81" | "1536.71" | "1536.61" | "1536.51" | "1536.41" | "1536.31" | "1536.22" | "1536.12" | "1536.02" | "1535.92" | "1535.82" | "1535.72" | "1535.63" | "1535.53" | "1535.43" | "1535.33" | "1535.23" | "1535.13" | "1535.04" | "1534.94" | "1534.84" | "1534.74" | "1534.64" | "1534.54" | "1534.45" | "1534.35" | "1534.25" | "1534.15" | "1534.05" | "1533.96" | "1533.86" | "1533.76" | "1533.66" | "1533.56" | "1533.47" | "1533.37" | "1533.27" | "1533.17" | "1533.07" | "1532.98" | "1532.88" | "1532.78" | "1532.68" | "1532.58" | "1532.49" | "1532.39" | "1532.29" | "1532.19" | "1532.09" | "1532.00" | "1531.90" | "1531.80" | "1531.70" | "1531.60" | "1531.51" | "1531.41" | "1531.31" | "1531.21" | "1531.12" | "1531.02" | "1530.92" | "1530.82" | "1530.72" | "1530.63" | "1530.53" | "1530.43" | "1530.33" | "1530.24" | "1530.14" | "1530.04" | "1529.94" | "1529.85" | "1529.75" | "1529.65" | "1529.55" | "1529.46" | "1529.36" | "1529.26" | "1529.16" | "1529.07" | "1528.97" | "1528.87" | "1528.77" | "1528.38") ( /* Wavelength Selective Switch */ c( c( "switch" ( /* Switch the wavelength to an optical interface */ c( arg /* Name of physical interface */ ) ), "wss-express-in" /* Express-in this wavelength to another optical card */ ) ) ), "tca" ( /* Set tca for optical properties */ c( "osc-tx-power-high-tca" ( /* OSC TX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power high TCA in dBm */ ) ), "osc-tx-power-low-tca" ( /* OSC TX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power low TCA in dBm */ ) ), "osc-rx-power-high-tca" ( /* OSC RX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power high TCA in dBm */ ) ), "osc-rx-power-low-tca" ( /* OSC RX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power low TCA in dBm */ ) ), "osc-fiber-loss-high-tca" ( /* OSC fiber loss high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss high TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss high TCA in dB */ ) ), "osc-fiber-loss-low-tca" ( /* OSC fiber loss low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss low TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss low TCA in dB */ ) ), "lout-voa-high-tca" ( /* LOUT VOA high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute LOUT VOA high TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour LOUT VOA high TCA in dB */ ) ), "lout-voa-low-tca" ( /* LOUT VOA low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute LOUT VOA low TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour LOUT VOA low TCA in dB */ ) ), "edfa1-in-power-high-tca" ( /* Ingress EDFA input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA input power high TCA in dBm */ ) ), "edfa1-in-power-low-tca" ( /* Ingress EDFA input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA input power low TCA in dBm */ ) ), "edfa1-out-power-high-tca" ( /* Ingress EDFA output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA output power high TCA in dBm */ ) ), "edfa1-out-power-low-tca" ( /* Ingress EDFA output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA output power low TCA in dBm */ ) ), "edfa1-sig-power-high-tca" ( /* Ingress EDFA signal power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA signal power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA signal power high TCA in dBm */ ) ), "edfa1-sig-power-low-tca" ( /* Ingress EDFA signal power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA signal power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA signal power low TCA in dBm */ ) ), "edfa1-awg-high-tca" ( /* Ingress EDFA pump AWG high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump AWG high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump AWG high TCA in mW */ ) ), "edfa1-awg-low-tca" ( /* Ingress EDFA pump AWG low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump AWG low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump AWG low TCA in mW */ ) ), "edfa1-express-high-tca" ( /* Ingress EDFA pump express high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump express high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump express high TCA in mW */ ) ), "edfa1-express-low-tca" ( /* Ingress EDFA pump express low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump express low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump express low TCA in mW */ ) ), "edfa2-in-power-high-tca" ( /* Egress EDFA input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA input power high TCA in dBm */ ) ), "edfa2-in-power-low-tca" ( /* Egress EDFA input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA input power low TCA in dBm */ ) ), "edfa2-out-power-high-tca" ( /* Egress EDFA output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA output power high TCA in dBm */ ) ), "edfa2-out-power-low-tca" ( /* Egress EDFA output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA output power low TCA in dBm */ ) ), "edfa2-sig-power-high-tca" ( /* Egress EDFA signal power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA signal power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA signal power high TCA in dBm */ ) ), "edfa2-sig-power-low-tca" ( /* Egress EDFA signal power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA signal power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA signal power low TCA in dBm */ ) ), "edfa2-awg-high-tca" ( /* Egress EDFA pump AWG high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump AWG high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump AWG high TCA in mW */ ) ), "edfa2-awg-low-tca" ( /* Egress EDFA pump AWG low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump AWG low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump AWG low TCA in mW */ ) ), "edfa2-express-high-tca" ( /* Egress EDFA pump express high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump express high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump express high TCA in mW */ ) ), "edfa2-express-low-tca" ( /* Egress EDFA pump express low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump express low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump express low TCA in mW */ ) ), "ocm-power-high-line-out-tca" ( /* OCM Power Line Out high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute OCM Power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour OCM Power high TCA in dBm */ ) ), "ocm-power-low-line-out-tca" ( /* OCM Power Line Out low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute OCM Power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour OCM Power low TCA in dBm */ ) ) ) ), "expansion-card" ( /* Associate an expansion card with the IPLC card */ c( "fpc" ( c( arg ) ) ) ), "express-in" ( /* Associate an express-in card with the IPLC card */ c( "fpc" ( c( arg ) ) ) ), "amplifier-chain" ( /* In-line amplifier options */ c( "anchor-iplc" /* Mark IPLC as anchor for In-line amplifier chain */, "no-anchor-iplc" /* Don't mark IPLC as anchor for In-line amplifier chain */, "osc-ip" arg /* IPLC OSC path IPv4 address format w.x.y.z/a */, "osc-mac" arg /* IPLC OSC path MAC address format a:b:c:d:e:f */, "ila" arg ( /* Configure In-line amplifier number */ c( "ila-options" ( /* In-line amplifier settings */ c( "ila-ipv4-address" arg /* In-line amplifier IPV4 address format w.x.y.z/a */, "ila-user" arg /* ILA User Name */, "ila-password" ( /* ILA password string */ unreadable /* ILA password string */ ), "edfa-a-b" ( /* Configure edfa-a-b */ c( "tca-input-power-low" ( /* Input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power low TCA in dBm */ ) ), "tca-input-power-high" ( /* Input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power high TCA in dBm */ ) ), "tca-output-power-low" ( /* Output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power low TCA in dBm */ ) ), "tca-output-power-high" ( /* Output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power high TCA in dBm */ ) ), "tca-signal-output-power-low" ( /* Signal output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power low TCA in dBm */ ) ), "tca-signal-output-power-high" ( /* Signal output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power high TCA in dBm */ ) ), "tca-pump0-current-low" ( /* Pump0 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current low TCA in mA */ ) ), "tca-pump0-current-high" ( /* Pump0 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current high TCA in mA */ ) ), "tca-pump1-current-low" ( /* Pump1 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current low TCA in mA */ ) ), "tca-pump1-current-high" ( /* Pump1 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current high TCA in mA */ ) ), "tca-pump0-temperature-low" ( /* Pump0 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature low TCA in C */ ) ), "tca-pump0-temperature-high" ( /* Pump0 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature high TCA in C */ ) ), "tca-pump1-temperature-low" ( /* Pump1 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature low TCA in C */ ) ), "tca-pump1-temperature-high" ( /* Pump1 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature high TCA in C */ ) ) ) ), "voa-a" ( /* Configure voa-a */ c( "tca-attenuation-low" ( /* Attenuation low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation low TCA in dBm */ ) ), "tca-attenuation-high" ( /* Attenuation high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation high TCA in dBm */ ) ) ) ), "osc-a" ( /* Configure osc-a */ c( "osc-tx-power-high-tca" ( /* OSC TX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power high TCA in dBm */ ) ), "osc-tx-power-low-tca" ( /* OSC TX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power low TCA in dBm */ ) ), "osc-rx-power-high-tca" ( /* OSC RX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power high TCA in dBm */ ) ), "osc-rx-power-low-tca" ( /* OSC RX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power low TCA in dBm */ ) ), "osc-fiber-loss-high-tca" ( /* OSC fiber loss high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss high TCA in dBm */ ) ), "osc-fiber-loss-low-tca" ( /* OSC fiber loss low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss low TCA in dBm */ ) ) ) ), "edfa-b-a" ( /* Configure edfa-b-a */ c( "tca-input-power-low" ( /* Input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power low TCA in dBm */ ) ), "tca-input-power-high" ( /* Input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power high TCA in dBm */ ) ), "tca-output-power-low" ( /* Output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power low TCA in dBm */ ) ), "tca-output-power-high" ( /* Output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power high TCA in dBm */ ) ), "tca-signal-output-power-low" ( /* Signal output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power low TCA in dBm */ ) ), "tca-signal-output-power-high" ( /* Signal output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power high TCA in dBm */ ) ), "tca-pump0-current-low" ( /* Pump0 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current low TCA in dBm */ ) ), "tca-pump0-current-high" ( /* Pump0 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current high TCA in dBm */ ) ), "tca-pump1-current-low" ( /* Pump1 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current low TCA in dBm */ ) ), "tca-pump1-current-high" ( /* Pump1 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current high TCA in dBm */ ) ), "tca-pump0-temperature-low" ( /* Pump0 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature low TCA in C */ ) ), "tca-pump0-temperature-high" ( /* Pump0 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature high TCA in C */ ) ), "tca-pump1-temperature-low" ( /* Pump1 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature low TCA in C */ ) ), "tca-pump1-temperature-high" ( /* Pump1 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature high TCA in C */ ) ) ) ), "voa-b" ( /* Configure voa-b */ c( "tca-attenuation-low" ( /* Attenuation low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation low TCA in dBm */ ) ), "tca-attenuation-high" ( /* Attenuation high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation high TCA in dBm */ ) ) ) ), "osc-b" ( /* Configure osc-b */ c( "osc-tx-power-high-tca" ( /* OSC TX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power high TCA in dBm */ ) ), "osc-tx-power-low-tca" ( /* OSC TX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power low TCA in dBm */ ) ), "osc-rx-power-high-tca" ( /* OSC RX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power high TCA in dBm */ ) ), "osc-rx-power-low-tca" ( /* OSC RX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power low TCA in dBm */ ) ), "osc-fiber-loss-high-tca" ( /* OSC fiber loss high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss high TCA in dBm */ ) ), "osc-fiber-loss-low-tca" ( /* OSC fiber loss low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss low TCA in dBm */ ) ) ) ) ) ) ) ) ) ) ) ), "power" ( /* Power FPCs on or off */ ("off" | "on") ), "traffic-manager" ( /* Configure traffic-manager attributes */ c( "queue-threshold" ( /* Set queue thresholds */ c( "fabric-queue" ( /* Set fabric queue thresholds */ c( "priority" enum(("low" | "high")) ( /* Queue priority */ c( "threshold" arg /* Threshold percentage to be set */ ) ) ) ), "wan-queue" ( /* Set wan queue thresholds */ c( "priority" enum(("low" | "medium-low" | "medium-high" | "high")) ( /* Queue Priority */ c( "threshold" arg /* Threshold percentage to be set */ ) ) ) ) ) ), "enhanced-priority-mode" /* Enable enhanced priority mode */, "packet-timestamp" ( /* Configure collecting CoS last packet enqueued timestamp */ ("enable" | "disable") ) ) ), "route-localization" ( /* Route-Localization fib-remote or fib-local */ ("fib-remote" | "fib-local") ), "vpn-localization" ( /* VPN-localization core-facing-only or core-facing-default */ ("vpn-core-facing-only" | "vpn-core-facing-default") ), "power-budget-priority" arg /* FPC priority number */, c( "disable-power" /* Do not provide power to the card */, "allow-sram-parity-errors" /* Do not power cycle FPC when SRAM parity errors occur */ ), c( "performance-mode" ( /* Enable performance mode, FPC will restart if mode changes from lite mode to performance mode */ c( "number-of-ucode-workers" arg /* Configure number of ucode worker cores, FPC will restart if there is a change in number of ucode worker cores */ ) ), "lite-mode" /* Enable lite mode, FPC will restart if mode changes from performance mode to lite mode */ ), "services-offload" /* Enable services offload on fpc */, "np-cache" /* Enable NP cache and services offload on fpc */, "offline" /* Keep FPC offline */, "offline-on-fabric-bandwidth-reduction" /* Bring FPC offline when running with reduced fabric bandwidth */, "ir-mode" ( /* Configure IR or R mode for MPC4 and above cards */ ("IR" | "R") ), "license-mode" ( /* Configure license mode for PTX FPC3 and later cards */ ("r" | "ir") ), "fabric" ( c( "blackhole-action" ( /* Action taken upon fabric plane blackhole involving the FPC */ ("log-only" | "offline" | "restart" | "restart-then-offline") ), "bandwidth-degradation" ( /* Take FPC recovery action when FPC running with reduced fabric bandwidth */ c( "percentage" arg /* The percentage of PFE bandwidth degradation to trigger action */, "no-fabric-switchover" /* Do not perform switchover to spare CB */, "action" ( /* Type of action to trigger */ ("log-only" | "offline" | "restart" | "restart-then-offline") ) ) ) ) ), "port-mirror-instance" arg, "sampling-instance" arg, "inline-services" ( c( "report-zero-oif-gw-on-discard" /* Jflow reports value zero in OIF and GW when traffic is not forwarded */, "flex-flow-sizing" /* No fixed size allocation of flow tables for proto families */, "use-extended-flow-memory" /* Use extended memory for flow records */, "flow-table-size" ( c( "ipv4-flow-table-size" arg /* IPv4 flow table size in units of 256k */, "ipv6-flow-table-size" arg /* IPv6 flow table size in units of 256k */, "vpls-flow-table-size" arg /* VPLS flow table size in units of 256k */, "ipv6-extended-attrib" /* Enable extended flow attribute */, "mpls-flow-table-size" arg /* MPLS flow table size in units of 256k */ ) ) ) ), "inline-video-monitoring" ( c( "maximum-flows-count" arg /* Maximum number of inline video monitoring flows per PFE instance. */, "flow-table-size" arg /* Size of flow table size per PFE instance */ ) ), "application-services" ( /* Application services configuration */ c( "package" arg /* Package selection */ ) ), "slamon-services" ( /* SLA monitoring services */ c( "rfc2544" /* Enable sla monitoring services */ ) ), "flexible-queuing-mode" /* Enable flexible queuing mode */, "loopback-device-count" arg /* Number of loopbacks */, "interasic-linkerror-recovery-enable" /* Enable inter-asic link error recovery */, "number-of-ports" ( /* Number of physical ports to enable on FPC */ ("8" | "12") ), "pfe" ( /* Packet forwarding engine parameters */ chassis_pfe_type /* Packet forwarding engine parameters */ ), "service-package" ( /* Service package to be loaded on FPC */ ("bundle-rfc2544" | "bundle-nat-ipsec") ), "max-queues" ( /* Maximum number of queues configurable on FPC */ ("8k" | "16k" | "32k" | "64k" | "128k" | "256k" | "512k" | "1M") ), "bandwidth" ( /* Configure bandwidth of FPC */ ("1.6T") ), "error" ( /* Error level configuration for FPC */ chassis_fpc_error_type /* Error level configuration for FPC */ ) ) ) end rule(:chassis_pem_type) do c( "minimum" arg /* Minimum number of power supplies required for normal operation */, "feeds" arg /* Number of input feeds required */, "input-current" ( /* Input current (Amps) in each feed */ ("40" | "60") ) ) end rule(:chassis_pfe_type) do arg.as(:arg) ( c( "forwarding-packages" ( /* Associated forwarding package configuration */ c( "mobility" ( /* Mobility related PFE configuration */ c( c( "ggsn-pgw" /* GGSN packet gateway */, "sgw" /* Serving gateway */ ) ) ) ) ), "tunnel-services" /* Tunnel services configuration */ ) ) end rule(:chassis_pic_type) do arg.as(:arg) ( c( "pic-mode" ( /* PIC mode configuration */ ("10G" | "40G" | "100G") ), "tunnel-port" ( /* Tunnel port number */ chassis_port_type /* Tunnel port number */ ), "tunnel-services" ( /* Tunnel services configuration */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ), "tunnel-only" /* Support only tunnel traffic */, "priority" ( /* Specify bandwidths with priorities */ c( "high" ( /* High Priority */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ) ) ), "medium" ( /* Medium Priority */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ) ) ), "low" ( /* Low Priority */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ) ) ) ) ), "port" arg /* Front panel port number - ACX5048: [16-53], ACX5096: [64-95, 100-103] */ ) ), "interface-type" ( /* Interface prefix */ ("ge" | "xe" | "et") ), "inline-services" ( /* Inline services configuration */ c( "bandwidth" ( /* Amount of bandwidth reserved for inline service */ ("1g" | "10g" | "20g" | "30g" | "40g") ), "fragmentation-mtu" arg /* Set the fragmentation MTU size */, "reassembly-context-age" arg /* Set the re-assembly context age millisecond timeout */, "service-plane-recovery" ( /* Service plane recovery configuration */ c( "disable", "downtime-gap-seconds" arg /* Gap between successive downtime events for recovery */, "downtime-events" arg /* Number of downtime events after which recovery is disabled */ ) ) ) ), c( "adaptive-services" ( /* Adaptive services configuration */ c( "service-package" ( /* AS PIC service package */ c( c( "layer-3" /* Layer 3 service package */, "layer-2" /* Layer 2 service package */, "layer-2-3" /* Combined Layer 2 and Layer 3 service package */, "extension-provider" ( /* Extension provider package configuration */ c( "data-pollers" arg /* Number of cpus dedicated to poll data packets */, "data-flow-affinity" ( /* Enable flow affinity on data cores */ c( "hash-key" ( ("layer-3" | "layer-4") ) ) ), "session-offload" /* Enable session offload */, "no-default-packages" /* Do not load default packages */, "package" arg /* Extension provider package to run on the PIC */, "syslog" enum(("external" | "pfe" | "daemon" | "kernel")) ( /* System logging facility */ c( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ), "destination" ( /* Sylog destination */ ("routing-engine" | "pic-console") ) ) ) ) ) ) ) ) ) ), "monitoring-services" ( /* Monitoring services configuration */ c( "application" ( /* Application mode */ ("dynamic-flow-capture" | "flow-collector" | "monitor") ) ) ) ), "no-mcast-replication" /* No mcast replication */, "ggsn-services" ( /* GGSN services configuration */ c( "application" ( /* Application mode */ ("ggsn-data" | "ggsn-inspection" | "ggsn-tunnel") ) ) ), "framing" ( /* Framing mode */ ("sonet" | "sdh" | "t3" | "e3" | "t1" | "e1" | "lan") ), "synchronization" ( /* PIC synchronization source */ c( c( "port" arg /* Port Number */ ) ) ), "recovered-clock" ( /* Select recovered clock for this port */ c( "port" arg /* Port Number */, "channel" arg /* Channel Number */ ) ), "vtmapping" ( /* Virtual tunnel mapping mode */ ("klm" | "itu-t") ), "no-concatenate" /* Do not concatenate channels */, "no-multi-rate" /* Disable multi-rate mode */, "channelization" /* Enable Channelization */, "linerate-mode" /* Disable oversubscription. PIC operates in line rate mode */, "speed" ( /* Port speed */ ("1G") ), "mixed-rate-mode" /* PIC operates in mixed-rate-mode. Speed and AE configurable for PIC Ports */, "no-pre-classifier" /* No pre-classification of packets */, "aggregate-ports" /* Aggregate multiple ports on a PIC as a single port */, "number-of-ports" arg /* Number of physical ports to enable on PIC */, "power" ( /* Power off PIC */ ("off") ), "pic-type" arg /* OID of PIC type to be configured */, "aggregated-devices" ( /* Aggregated devices configuration */ c( "ima" ( /* Aggregated device options for Inverse Multiplexing for ATM */ c( "device-count" arg /* Number of IMA groups */ ) ) ) ), "sparse-dlcis" /* Run in sparse data-link connection identifier mode */, "multi-link-layer-2-inline" /* Enable inline layer-2 services */, "q-pic-large-buffer" ( /* Run in large delay buffer mode */ c( c( "small-scale" /* Supports less number of interfaces */, "large-scale" /* Supports large number of interfaces */ ) ) ), "red-buffer-occupancy" ( /* Computation type for RED buffer occupancy */ c( "weighted-averaged" ( /* Weighted-average computation */ c( "instant-usage-weight-exponent" arg /* Weight for instant buffer usage (negative exponent of 2) */ ) ) ) ), "traffic-manager" ( /* Configure traffic manager attributes */ c( "ingress-shaping-overhead" arg /* Number of CoS shaping overhead bytes in ingress */, "egress-shaping-overhead" arg /* Number of CoS shaping overhead bytes in egress */, "mode" ( /* Configure traffic manager mode */ ("egress-only" | "session-shaping" | "ingress-and-egress") ) ) ), "idle-cell-format" ( /* ATM idle cell configuration */ c( "itu-t" /* ITU-T idle cell header format */, "payload-pattern" arg /* Payload pattern byte (0x00-0xff) */ ) ), "atm-l2circuit-mode" ( /* Enable ATM Layer 2 circuit transport mode */ c( c( "aal5" /* ATM Layer 2 circuit AAL5 mode */, "cell" /* ATM Layer 2 circuit cell mode */, "trunk" ( /* Set ATM Layer 2 circuit trunk mode */ c( c( "uni" /* ATM Layer 2 circuit user-to-network interface trunk mode */, "nni" /* ATM Layer 2 circuit network-to-network interface trunk mode */ ) ) ) ) ) ), "atm-cell-relay-accumulation" /* Enable ATM cell-relay accumulation mode */, "services-offload" ( /* Enable services offload */ c( "per-session-statistics" /* Keep per session statistics in NP */, "low-latency" /* Bypass Traffic Management stage to achieve low latency */ ) ), "mlfr-uni-nni-bundles" arg /* Number of multilink Frame Relay UNI NNI (FRF.16) bundles to allocate on PIC */, "mlfr-uni-nni-bundles-inline" arg /* Number of inline multilink frame relay UNI NNI bundles */, "ct3" ( /* CT3 NxDS0 PIC configuration */ c( "port" ( /* CT3 port */ ct3_port_type /* CT3 port */ ) ) ), "ce1" ( /* CE1 NxDS0 PIC configuration */ c( "e1" ( /* E1 link */ ce1_channel_type /* E1 link */ ) ) ), "max-queues-per-interface" ( /* Maximum number of queues per interface on QOS-capable PIC */ ("4" | "8") ), "shdsl" ( /* SHDSL chassis configuration */ c( "pic-mode" ( /* PIC mode */ ("1-port-atm" | "2-port-atm" | "4-port-atm" | "efm") ) ) ), "ethernet" ( /* J-series Ethernet PIM mode configuration */ c( "pic-mode" ( /* PIC mode */ ("switching" | "routing" | "enhanced-switching") ) ) ), "tunnel-queuing" /* Enable queueing for GRE/IPIP tunnels */, "port-mirror-instance" arg, "port" ( /* Port number */ chassis_pic_port_framing /* Port number */ ), "port-range" ( /* Physical ports to channelize */ s( arg, arg, c( "short-reach-mode" ( /* Short reach mode (For ports 0..47) */ ("disable" | "enable") ), "channel-speed" ( /* Port channel speed */ ("10g" | "25g" | "50g" | "disable-auto-speed-detection") ) ) ) ), "fibre-channel" ( /* Fibre channel configuration option */ chassis_fibre_channel_type /* Fibre channel configuration option */ ), "xe" ( /* Ports configurable in 10G mode */ c( "port" ( /* Attribute port */ s( arg ) ), "port-range" ( /* Attribute port range */ s( arg, arg ) ) ) ), "xle" ( /* Ports configurable in 40G mode */ c( "port" ( /* Attribute port */ s( arg ) ), "port-range" ( /* Attribute port range */ s( arg, arg ) ) ) ), "fte" ( /* Ports configurable in 40G HIGIG mode */ c( "port" ( /* Attribute port */ s( arg ) ), "port-range" ( /* Attribute port range */ s( arg, arg ) ) ) ), "qsfp-port" arg ( /* Qsfp port to configure */ c( "port-mode" ( /* Select mode for port-group */ ("40g" | "10g") ) ) ), "sfpplus" ( /* Sfpplus configuration option */ c( "pic-mode" ( /* PIC mode */ ("1g" | "10g") ) ) ), "hash-key" ( /* Select data used in the hash key */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 protocol family */ c( "layer-3" ( /* Include Layer 3 (IP) data in the hash key */ c( "destination-address" /* Include IP destination address in the hash key */ ) ), "layer-4" /* Include Layer 4 (TCP or UDP) data in the hash key */, "symmetric-hash" ( /* Create symmetric hash-key with source & dest ports */ c( "complement" /* Create complement of symmetric hash-key */ ) ) ) ), "multiservice" ( /* Multiservice protocol family */ c( "source-mac" /* Include source MAC address in hash key */, "destination-mac" /* Include destination MAC address in hash key */, "payload" ( /* Include payload data in the hash key */ c( "ip" ( /* Include IPv4 payload data in the hash key */ c( "layer-3" ( /* Include layer-3 ip info for VPLS/Bridge */ c( c( "source-ip-only" /* Include source IP only in hash-key */, "destination-ip-only" /* Include desintation IP only in hash-key */ ) ) ), "layer-4" /* Include layer-4 IP information for VPLS/Bridge */ ) ) ) ), "symmetric-hash" ( /* Create a/symmetric hash-key with any attributes */ c( "complement" /* Create complement of symmetric hash-key */ ) ) ) ) ) ) ) ), "ingress-policer-overhead" arg /* Number of policer overhead bytes in ingress */, "egress-policer-overhead" arg /* Number of policer overhead bytes in egress */, "account-layer2-overhead" /* Account Layer2 overhead in egress and ingress IFD/IFL stats */, "forwarding-mode" ( /* Set 100GE PIC packet distribution mode */ c( c( "sa-multicast" /* Used for Juniper CGE to Juniper 100GE PIC back to back connection */, "vlan-steering" ( /* Steer packet by VLAN id, interoperate with other vendors */ c( "vlan-rule" ( /* Set 100GE PIC forwarding VLAN rule */ ("odd-even" | "high-low") ) ) ) ) ) ) ) ) end rule(:ce1_channel_type) do arg.as(:arg) ( c( "channel-group" arg ( /* Define channel group */ sc( "timeslots" arg /* DS0 timeslots (1..31); for example, 1-3,4,9,22-24 (no spaces) */ ) ).as(:oneline) ) ) end rule(:chassis_fibre_channel_type) do c( "port" arg /* Fibre channel port */, "port-range" ( /* Fibre channel port range */ s( arg, arg ) ) ) end rule(:chassis_pic_port_framing) do arg.as(:arg) ( c( "short-reach-mode" ( /* Short reach mode (For ports 0...47) */ ("disable" | "enable") ), "framing" ( /* Framing mode */ ("sonet" | "sdh" | "t3" | "e3" | "t1" | "e1") ), "speed" ( /* Port speed */ ("oc3-stm1" | "oc12-stm4" | "oc48-stm16" | "1G" | "10g" | "40g" | "100g") ), "channel-speed" ( /* Port channel speed */ ("10g" | "25g" | "50g" | "disable-auto-speed-detection") ), "forwarding-mode" ( /* PIC packet distribution mode - Brooklyn interop mode */ c( "sa-multicast" /* SA multicast mode - interop with 100G Brooklyn PIC */ ) ), "no-mcast-replication" /* No multicast replication */, "number-of-sub-ports" arg /* Number of subports per physical port */ ) ) end rule(:chassis_port_type) do arg.as(:arg) ( c( "tunnel-services" /* Tunnel services configuration */ ) ) end rule(:chassis_redundancy_type) do c( "routing-engine" ( /* Redundancy options for Routing Engines */ chassis_rdd_re_type /* Redundancy options for Routing Engines */ ), "ssb" ( /* Redundancy options for System Switch Boards */ chassis_rdd_id_type /* Redundancy options for System Switch Boards */ ), "cfeb" ( /* Redundancy options for Compact Forwarding Engine Boards */ chassis_rdd_cfeb_id_type /* Redundancy options for Compact Forwarding Engine Boards */ ), "sfm" ( /* Redundancy options for Switching and Forwarding Modules */ chassis_rdd_sfm_id_type /* Redundancy options for Switching and Forwarding Modules */ ), "failover" ( /* Failover to other Routing Engine */ chassis_rdd_failover_type /* Failover to other Routing Engine */ ), "keepalive-time" arg /* Time before Routing Engine failover */, "graceful-switchover" ( /* Enable graceful switchover on supported hardware */ chassis_non_stop_forwarding_type /* Enable graceful switchover on supported hardware */ ), "feb" ( /* Forwarding Engine Board redundancy configuration */ c( "redundancy-group" arg ( c( "description" arg /* Text description of FEB redundancy group */, "feb" arg ( /* Redundancy settings for a Forwarding Engine Board */ c( c( "primary" /* FEB is default master in the redundancy group */, "backup" /* FEB is backup in the redundancy group */ ) ) ), "no-auto-failover" /* Disable automatic FEB failover */ ) ) ) ) ) end rule(:chassis_non_stop_forwarding_type) do c( "traceoptions" ( /* Graceful switchover trace options */ c( "flag" enum(("update" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:chassis_rdd_cfeb_id_type) do arg.as(:arg) ( c( c( "always" /* Sole device */, "preferred" /* Preferred device */ ) ) ).as(:oneline) end rule(:chassis_rdd_failover_type) do c( "on-loss-of-keepalives" /* Failover on loss of keepalives */, "on-re-to-fpc-stale" /* Failover on loss of communication between the re and fpc */, "on-disk-failure" /* Failover on disk failure */, "not-on-disk-underperform" /* Prevent gstatd from initiating failovers in response to slow disks */, "disk-read-threshold" arg /* Read threshold (ms) on disk underperform monitoring */, "disk-write-threshold" arg /* Write threshold (ms) on disk underperform monitoring */ ) end rule(:chassis_rdd_id_type) do arg.as(:arg) ( c( c( "always" /* Sole device */, "preferred" /* Preferred device */ ) ) ).as(:oneline) end rule(:chassis_rdd_re_type) do arg.as(:arg) ( c( c( "master" /* Master Routing Engine */, "backup" /* Backup Routing Engine */, "disabled" /* Routing Engine disabled */ ) ) ).as(:oneline) end rule(:chassis_rdd_sfm_id_type) do arg.as(:arg) ( c( c( "always" /* Sole device */, "preferred" /* Preferred device */ ) ) ).as(:oneline) end rule(:chassis_routing_engine_type) do c( "on-disk-failure" ( /* Action to take when Routing Engine disk fails */ chassis_re_on_disk_failure /* Action to take when Routing Engine disk fails */ ), "control-interface" ( /* Configure recovery method and pause frame for control interface */ c( "recovery-method" ( /* Select the recovery method */ ("disable-recovery" | "socket" | "counter") ), "pause-frame" /* Enable or disable Pause frame generation */ ) ), "bios" ( /* Routing Engine BIOS */ c( "no-auto-upgrade" /* Disable routing-engine BIOS auto-upgrade */, "uninterrupt" /* Set routing-engine BIOS uninterruptable */ ) ), "usb-wwan" ( /* Enable WWAN (3G) access on the USB port */ c( "port" ( /* Select the port */ ("0" | "1") ) ) ) ) end rule(:chassis_re_on_disk_failure) do c( c( "reboot" /* Reboot on disk failure */, "disk-failure-action" ( ("reboot" | "halt") ) ) ).as(:oneline) end rule(:chassis_sfm_type) do arg.as(:arg) ( c( "power" ( /* Power SFMs on or off */ ("off" | "on") ), c( "disable-power" /* Do not enable power to the card */ ) ) ) end rule(:chassis_sib_type) do c( "minimum" arg /* Minimum number of Switch Interface Boards required for normal operation */, "power-off" ( /* Power off the SIB slot */ c( "slot" arg /* SIB slot number to be powered off */ ) ) ) end rule(:chassisd_redundancy_group_type) do c( "interface-type" ( c( "redundant-logical-tunnel" ( /* Redundant logical tunnel interface group */ c( "device-count" arg /* Number of devices */ ) ), "redundant-virtual-tunnel" ( /* Redundant virtual tunnel interface group */ c( "device-count" arg /* Number of devices */ ) ) ) ) ) end rule(:chassisd_agg_container_type) do c( "device-count" arg /* Number of container devices */ ) end rule(:chassisd_agg_enet_type) do c( "device-count" arg /* Number of aggregated Ethernet devices */, "lacp" ( /* Global Link Aggregation Control Protocol configuration */ c( "system-priority" arg /* Priority of the system (0 ... 65535) */, "link-protection" ( c( "non-revertive" /* Don't revert links when better priority link comes up */ ) ) ) ) ) end rule(:chassisd_agg_pos_type) do c( "device-count" arg /* Number of aggregated SONET devices */ ) end rule(:chassisd_provider_instance_type) do c( "device-count" arg /* Number of provider instance port devices */ ) end rule(:client_address_object) do arg.as(:arg) ( c( "restrict" /* Deny access */ ) ) end rule(:collector_destinations_type) do arg.as(:arg) ( c( "password" ( /* Password for accessing URL */ unreadable /* Password for accessing URL */ ) ) ) end rule(:collector_transfer_log_archive_type) do c( "filename-prefix" arg /* Filename prefix for transfer log */, "maximum-age" arg /* Maximum age of transfer log file */, "archive-sites" arg ( sc( "password" ( /* Password to log in to the archive site */ unreadable /* Password to log in to the archive site */ ) ) ).as(:oneline) ) end rule(:comm_object) do c( "snmp-community" arg /* Specify community name */, "no-default-comm-to-v3-config" /* No default snmp-community and v3 configuration */ ) end rule(:cos_application_profile_object) do arg.as(:arg) ( c( "sip" ( /* CoS treatment of Session Initiation Protocol data */ c( "voice" ( /* CoS treatment of SIP voice data */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */ ) ), "video" ( /* CoS treatment of SIP video data */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */ ) ) ) ), "ftp" ( /* CoS treatment for FTP data */ c( "data" ( c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */ ) ) ) ) ) ) end rule(:cos_policer) do arg.as(:arg) ( c( "premium" ( /* Policer to apply to premium traffic */ ethernet_policer /* Policer to apply to premium traffic */ ), "aggregate" ( /* Policer to apply to aggregate traffic */ ethernet_policer /* Policer to apply to aggregate traffic */ ) ) ) end rule(:cos_policer_input_priority_map) do c( "ieee-802.1p" ( /* Use IEEE 802.1p to determine policer priority map */ c( "premium" arg /* Input traffic's IEEE 802.1p value to which premium policer is applied */ ) ) ) end rule(:cos_policer_output_priority_map) do c( "classifier" ( /* Use classifier as policer priority map */ c( "premium" ( /* Output traffic classifier to which premium policer is applied */ c( "forwarding-class" arg ( /* Select a classification for this priority map */ c( "loss-priority" enum(("low" | "high")) /* Select a loss priority */.as(:oneline) ) ) ) ) ) ) ) end rule(:cos_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* One or more terms in CoS rule */ c( "from" ( /* Match criteria */ sfw_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "application-profile" arg /* CoS application profile */, "syslog" /* System log information about the packet */, c( "reflexive" /* Apply mirror rule to reverse traffic */, "reverse" ( /* CoS treatment for reverse traffic */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "application-profile" arg /* CoS application profile */, "syslog" /* System log information about the packet */ ) ) ) ) ) ) ) ) ) end rule(:cpcd_rule_object_type) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define a captive portal content delivery term */ c( "from" ( /* Define match criteria */ cpcd_match_object_type /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ cpcd_action_object_type /* Action to take if the 'from' condition is matched */ ) ) ) ) ) end rule(:cpcd_action_object_type) do c( c( "accept" /* Accept the packet */, "rewrite" ( /* Rewrite the IP-DA of the packet */ c( "destination-address" ( /* The destination IP address */ ipaddr /* The destination IP address */ ), "destination-port" arg /* The destination port */ ) ), "redirect" ( /* Redirect the http packet */ sc( arg /* URL of the captive portal file */ ) ).as(:oneline) ), "syslog" /* System log information about the packet */ ) end rule(:cpcd_match_object_type) do c( "destination-address" ("any-unicast" | arg) ( /* Match IP destination address */ sc( "except" /* Match address not in this prefix */ ) ).as(:oneline), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "applications" arg ( /* Match one or more applications */ c( "application-protocol" ( /* Application protocol type */ ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet") ), "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ) end rule(:cpcd_trace_options_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "clicommand" | "general" | "rtsock" | "statistics" | "rules" | "ssets" | "ipc" | "gres" | "re-services" | "re-svc-debug-stat" | "all")) /* Captive portal operations to include in debugging trace */.as(:oneline) ) end rule(:ct3_port_type) do arg.as(:arg) ( c( "t1" ( /* T1 link */ ct3_channel_type /* T1 link */ ) ) ) end rule(:ct3_channel_type) do arg.as(:arg) ( c( "channel-group" arg ( /* Define channel group */ sc( "timeslots" arg /* DS0 timeslots (1..24); for example, 1-3,4,9,22-24 (no spaces) */ ) ).as(:oneline) ) ) end rule(:custom_attack_group_type) do arg.as(:arg) ( c( "attack-group-description" arg /* Attack group description in xml format */, "group-members" arg /* List of attacks/attack groups belonging to this group */ ) ) end rule(:custom_attack_type) do arg.as(:arg) ( c( "attack-description" arg /* Attack description in xml format */, "recommended-action" ( /* Recommended Action */ ("none" | "ignore" | "drop-packet" | "drop" | "close-client" | "close-server" | "close") ), "severity" ( /* Select the severity that matches the lethality of this attack on your network */ ("info" | "warning" | "minor" | "major" | "critical") ), "time-binding" ( /* Time binding params */ c( "count" arg /* Number of times this attack is to be triggered */, "scope" ( /* Scope within which the count occurs */ ("peer" | "source" | "destination") ) ) ), "attack-type" ( /* Type of attack */ c( "signature" ( /* Signature based attack */ c( "protocol-binding" ( /* Protocol binding over which attack will be detected */ c( c( "tcp" ( /* Attack is for TCP packets only */ c( "minimum-port" ( /* Multiple sets of (single port/port ranges) can be specified */ port_range /* Multiple sets of (single port/port ranges) can be specified */ ) ) ), "udp" ( /* Attack is for UDP packets only */ c( "minimum-port" ( /* Either single port or port ranges can be specified */ port_range /* Either single port or port ranges can be specified */ ) ) ), "rpc" ( /* Attack is for RPC packets only */ c( "program-number" arg /* RPC Program Number */ ) ), "icmp" /* Attack is for ICMP packets only */, "icmpv6" /* Attack is for ICMPv6 packets only */, "ip" ( /* Attack is for all IP based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "ipv6" ( /* Attack is for all IPv6 based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "application" arg /* Application name */, "nested-application" arg /* Nested application name */ ) ) ), "context" arg /* Context */, "pattern" arg /* Pattern is the signature of the attack you want to detect */, "pattern-pcre" arg /* Attack signature pattern in PCRE format */, "regexp" arg /* Regular expression used for matching repetition of patterns */, "negate" /* Trigger the attack if condition is not met */, "direction" ( /* Connection direction of the attack */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ), "protocol" ( /* Protocol header matches */ c( "ipv4" ( /* IPv4 protocol parameters */ c( "tos" ( /* Type of Service */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ihl" ( /* Header length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "total-length" ( /* Total Length of IP datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Fragment Identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ip-flags" ( /* IP Flag bits */ sc( "rb" /* Reserved bit */, "no-rb" /* Don't reserved bit */, "mf" /* More Fragment bit */, "no-mf" /* Don't more Fragment bit */, "df" /* Don't Fragment bit */, "no-df" /* Don't don't Fragment bit */ ) ).as(:oneline), "ttl" ( /* Time to live */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "protocol" ( /* Transport layer protocol */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "ipv6" ( /* IPv6 protocol parameters */ c( "traffic-class" ( /* Traffic class. Similar to TOS in IPv4 */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "payload-length" ( /* Length of the payload in the IPv6 datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "flow-label" ( /* Flow label identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "hop-limit" ( /* Hop limit */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "next-header" ( /* The header following the basic IPv6 header */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "extension-header" ( /* IPv6 Extension headers */ c( "routing-header" ( /* IPv6 Routing extension header */ c( "header-type" ( /* Routing header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "destination-option" ( /* IPv6 Destination option extension header */ c( "option-type" ( /* Destination option header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "home-address" ( /* IPv6 Home address of the mobile node */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ) ) ) ) ) ) ), "tcp" ( /* TCP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ack-number" ( /* Acknowledgement Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "header-length" ( /* Header Length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "reserved" ( /* Three reserved bits */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-size" ( /* Window Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "urgent-pointer" ( /* Urgent Pointer */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "tcp-flags" ( /* TCP header flags */ sc( "r1" /* Set Reserverd bit 1 */, "no-r1" /* Don't set Reserverd bit 1 */, "r2" /* Set Reserved bit 2 */, "no-r2" /* Don't set Reserved bit 2 */, "urg" /* Set Urgent bit */, "no-urg" /* Don't set Urgent bit */, "ack" /* Set Acknowledge bit */, "no-ack" /* Don't set Acknowledge bit */, "psh" /* Set Push bit */, "no-psh" /* Don't set Push bit */, "rst" /* Set Reset bit */, "no-rst" /* Don't set Reset bit */, "syn" /* Set SYN bit */, "no-syn" /* Don't set SYN bit */, "fin" /* Set FINish bit */, "no-fin" /* Don't set FINish bit */ ) ).as(:oneline), "option" ( /* Kind */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by TCP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-scale" ( /* Window scale */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "mss" ( /* Maximum Segment Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "udp" ( /* UDP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by UDP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmp" ( /* ICMP protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by ICMP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmpv6" ( /* ICMPv6 protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IPv6 datagram subtracted by ICMPv6 header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ) ) ) ) ), "anomaly" ( /* Protocol anomaly */ c( "service" arg /* Service name */, "test" arg /* Protocol anomaly condition to be checked */, "direction" ( /* Direction */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ) ) ), "chain" ( /* Chain attack */ c( "protocol-binding" ( /* Protocol binding over which attack will be detected */ c( c( "tcp" ( /* Attack is for TCP packets only */ c( "minimum-port" ( /* Multiple sets of (single port/port ranges) can be specified */ port_range /* Multiple sets of (single port/port ranges) can be specified */ ) ) ), "udp" ( /* Attack is for UDP packets only */ c( "minimum-port" ( /* Either single port or port ranges can be specified */ port_range /* Either single port or port ranges can be specified */ ) ) ), "rpc" ( /* Attack is for RPC packets only */ c( "program-number" arg /* RPC Program Number */ ) ), "icmp" /* Attack is for ICMP packets only */, "icmpv6" /* Attack is for ICMPv6 packets only */, "ip" ( /* Attack is for all IP based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "ipv6" ( /* Attack is for all IPv6 based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "application" arg /* Application name */, "nested-application" arg /* Nested application name */ ) ) ), "scope" ( /* Scope of the attack */ ("session" | "transaction") ), "order" /* Attacks should match in the order in which they are defined */, "reset" /* Repeat match should generate a new alert */, "expression" arg /* Boolean Expression */, "member" ( /* List of member attacks. */ chain_member_type /* List of member attacks. */ ) ) ) ) ) ) ) end rule(:chain_member_type) do arg.as(:arg) ( c( "attack-type" ( /* Type of attack */ c( "signature" ( /* Signature based attack */ c( "context" arg /* Context */, "pattern" arg /* Pattern is the signature of the attack you want to detect */, "pattern-pcre" arg /* Attack signature pattern in PCRE format */, "regexp" arg /* Regular expression used for matching repetition of patterns */, "negate" /* Trigger the attack if condition is not met */, "direction" ( /* Connection direction of the attack */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ), "protocol" ( /* Protocol header matches */ c( "ipv4" ( /* IPv4 protocol parameters */ c( "tos" ( /* Type of Service */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ihl" ( /* Header length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "total-length" ( /* Total Length of IP datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Fragment Identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ip-flags" ( /* IP Flag bits */ sc( "rb" /* Reserved bit */, "no-rb" /* Don't reserved bit */, "mf" /* More Fragment bit */, "no-mf" /* Don't more Fragment bit */, "df" /* Don't Fragment bit */, "no-df" /* Don't don't Fragment bit */ ) ).as(:oneline), "ttl" ( /* Time to live */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "protocol" ( /* Transport layer protocol */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "ipv6" ( /* IPv6 protocol parameters */ c( "traffic-class" ( /* Traffic class. Similar to TOS in IPv4 */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "payload-length" ( /* Length of the payload in the IPv6 datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "flow-label" ( /* Flow label identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "hop-limit" ( /* Hop limit */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "next-header" ( /* The header following the basic IPv6 header */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "extension-header" ( /* IPv6 Extension headers */ c( "routing-header" ( /* IPv6 Routing extension header */ c( "header-type" ( /* Routing header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "destination-option" ( /* IPv6 Destination option extension header */ c( "option-type" ( /* Destination option header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "home-address" ( /* IPv6 Home address of the mobile node */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ) ) ) ) ) ) ), "tcp" ( /* TCP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ack-number" ( /* Acknowledgement Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "header-length" ( /* Header Length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "reserved" ( /* Three reserved bits */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-size" ( /* Window Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "urgent-pointer" ( /* Urgent Pointer */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "tcp-flags" ( /* TCP header flags */ sc( "r1" /* Set Reserverd bit 1 */, "no-r1" /* Don't set Reserverd bit 1 */, "r2" /* Set Reserved bit 2 */, "no-r2" /* Don't set Reserved bit 2 */, "urg" /* Set Urgent bit */, "no-urg" /* Don't set Urgent bit */, "ack" /* Set Acknowledge bit */, "no-ack" /* Don't set Acknowledge bit */, "psh" /* Set Push bit */, "no-psh" /* Don't set Push bit */, "rst" /* Set Reset bit */, "no-rst" /* Don't set Reset bit */, "syn" /* Set SYN bit */, "no-syn" /* Don't set SYN bit */, "fin" /* Set FINish bit */, "no-fin" /* Don't set FINish bit */ ) ).as(:oneline), "option" ( /* Kind */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by TCP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-scale" ( /* Window scale */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "mss" ( /* Maximum Segment Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "udp" ( /* UDP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by UDP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmp" ( /* ICMP protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by ICMP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmpv6" ( /* ICMPv6 protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IPv6 datagram subtracted by ICMPv6 header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ) ) ) ) ), "anomaly" ( /* Protocol anomaly */ c( "test" arg /* Protocol anomaly condition to be checked */, "direction" ( /* Direction */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ) ) ) ) ) ) ) end rule(:dcd_rx_bucket_config) do c( "overflow" ( /* Overflow behavior */ ("tag" | "discard") ), "rate" arg /* Bucket rate */, "threshold" arg /* Bucket threshold */ ) end rule(:dcd_shaping_config) do c( c( "cbr" ( /* Constant bandwidth utilization */ sc( arg /* Constant bandwidth utilization */, "cdvt" arg /* Cell Delay Variation Tolerance */ ) ).as(:oneline), "vbr" ( /* Variable bandwidth utilization */ sc( "peak" arg /* Peak rate */, "sustained" arg /* Sustained rate */, "burst" arg /* Burst size */, "cdvt" arg /* Cell Delay Variation Tolerance */ ) ).as(:oneline), "rtvbr" ( /* ATM2 real-time variable bandwidth utilization */ sc( "peak" arg /* Peak rate */, "sustained" arg /* Sustained rate */, "burst" arg /* Burst size */, "cdvt" arg /* Cell Delay Variation Tolerance */ ) ).as(:oneline) ), "queue-length" arg /* Queue length */ ) end rule(:dcd_tx_bucket_config) do c( "overflow" ( /* Overflow behavior */ ("discard") ), "rate" arg /* Bucket rate */, "threshold" arg /* Bucket threshold */ ) end rule(:demux_options_type) do c( "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | "$junos-interface-ifd-name" | arg) ) ) end rule(:dfc_group_type) do arg.as(:arg) ( c( "interfaces" ( /* DFC PIC(s) in this group */ interface_device /* DFC PIC(s) in this group */ ), "input-packet-rate-threshold" arg /* Input pps (max 300k on MO-III, 1M on MS-400) */, "max-duplicates" arg /* Maximum content destinations for the capture group */, "duplicates-dropped-periodicity" arg /* Periodicity of DuplicatesDropped notification in secs */, "pic-memory-threshold" ( /* PIC memory threshold */ sc( "percentage" arg /* Threshold in percentage */ ) ).as(:oneline), "control-source" ( /* Configure control source parameters */ dfc_control_source_type /* Configure control source parameters */ ), "content-destination" ( /* Configure content destination parameters */ content_destination_type /* Configure content destination parameters */ ) ) ) end rule(:content_destination_type) do arg.as(:arg) ( c( "address" ( /* Content destination IP address */ ipv4addr /* Content destination IP address */ ), "ttl" arg /* Time to live */, "soft-limit-clear" arg /* Soft limit clear threshold */, "soft-limit" arg /* Soft limit threshold */, "hard-limit-target" arg /* Hard limit target threshold */, "hard-limit" arg /* Hard limit threshold */ ) ) end rule(:dfc_control_source_type) do arg.as(:arg) ( c( "source-addresses" ( /* Allowed control source IP address list */ ipv4addr /* Allowed control source IP address list */ ), "service-port" arg /* Service port */, "notification-targets" ( /* Notification target list */ dfc_notification_target_type /* Notification target list */ ).as(:oneline), "no-syslog" /* Disable syslog */, "shared-key" arg /* Shared key with control source */, "allowed-destinations" arg /* Allowed destinations */, "minimum-priority" arg /* Minimum priority of the control source */ ) ) end rule(:dfc_notification_target_type) do arg.as(:arg) ( c( "port" arg /* Notification target port */ ) ).as(:oneline) end rule(:dhcp_client_type) do c( "client-identifier" ( /* DHCP server identifies a client by client-identifier value */ c( c( "ascii" arg /* Client identifier as an ASCII string */, "hexadecimal" arg /* Client identifier as a hexadecimal string */ ), "user-id" ( /* Add user id to client-id option */ sc( c( "ascii" arg /* Client identifier as an ASCII string */, "hexadecimal" arg /* Client identifier as a hexadecimal string */ ) ) ).as(:oneline), "prefix" ( /* Add prefix to client-id option */ c( "host-name" /* Add router host name to client-id option */, "logical-system-name" /* Add logical system name to client-id option */, "routing-instance-name" /* Add routing instance name to client-id option */ ) ), "use-interface-description" ( /* Use the interface description */ ("logical" | "device") ) ) ), "no-dns-install" /* Do not install DNS information learned from DHCP server */, "lease-time" ( /* Lease time in seconds requested in DHCP client protocol packet */ ("infinite" | arg) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCP client protocol packet */, "retransmission-interval" arg /* Number of seconds between successive retransmission */, "server-address" ( /* DHCP Server-address */ ipv4addr /* DHCP Server-address */ ), "update-server" /* Propagate TCP/IP settings to DHCP server */, "vendor-id" arg /* Vendor class id for the DHCP Client */, "options" ( /* DHCP options */ c( "no-hostname" /* Do not carry hostname (RFC option code is 12) in packet */ ) ) ) end rule(:drop_policy_term) do arg.as(:arg) ( c( "from" ( /* Define match criteria */ c( "source-address" ( /* Source IP Address */ li_policy_addr_simple_object /* Source IP Address */ ), "destination-address" ( /* Destination IP Address */ li_policy_addr_simple_object /* Destination IP Address */ ), c( "source-port" ( /* Match source port */ match_li_simple_port_value /* Match source port */ ) ), c( "destination-port" ( /* Match destination port */ match_li_simple_port_value /* Match destination port */ ) ), c( "protocol" ( /* Match IP protocol type */ match_li_simple_protocol_value /* Match IP protocol type */ ) ), c( "dscp" ( /* Match Differentiated Services (DiffServ) code point */ match_li_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ) ) ) ) ) end rule(:drop_policy6_term) do arg.as(:arg) ( c( "from" ( /* Define match criteria */ c( "source-address" ( /* Source IPv6 Address or Prefix */ li_policy_addr6_simple_object /* Source IPv6 Address or Prefix */ ), "destination-address" ( /* Destination IPv6 Address or Prefix */ li_policy_addr6_simple_object /* Destination IPv6 Address or Prefix */ ), c( "source-port" ( /* Match source port */ match_li_simple_port_value /* Match source port */ ) ), c( "destination-port" ( /* Match destination port */ match_li_simple_port_value /* Match destination port */ ) ), c( "protocol" ( /* Match IP protocol type */ match_li_simple_protocol_value /* Match IP protocol type */ ) ), c( "dscp" ( /* Match Differentiated Services (DiffServ) code point */ match_li_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ) ) ) ) ) end rule(:dslite_object) do arg.as(:arg) ( c( "softwire-address" ( /* Softwire concentrator address */ ipv6addr /* Softwire concentrator address */ ), "mtu-v6" arg /* MTU for the softwire tunnel */, "copy-dscp" /* Copy DSCP (type of service) from IPv6 to IPv4 header */, "auto-update-mtu" /* Auto update MTU from received ICMPv6 messages */, "flow-limit" arg /* Max Number of IPv4 flows per Softwire */, "session-limit-per-prefix" arg /* Max number of sessions allowed per Softwire prefix */ ) ) end rule(:dynamic_attack_group_type) do arg.as(:arg) ( c( "attack-group-description" arg /* Filter name/value in xml format */, "filters" ( /* Configure filters */ c( "direction" ( /* Direction of attack */ c( "expression" ( /* Boolean AND/OR to be used for values */ ("and" | "or") ), "values" ( /* Values for direction field */ ("client-to-server" | "server-to-client" | "any" | "exclude-client-to-server" | "exclude-server-to-client" | "exclude-any") ) ) ), "severity" ( /* Severity of attack */ c( "values" ( /* Values for severity field */ ("info" | "warning" | "minor" | "major" | "critical") ) ) ), "type" ( /* Type of attack */ c( "values" ( /* Values for type field */ ("signature" | "anomaly") ) ) ), "recommended" /* Recommended flag */, "no-recommended" /* Don't recommended flag */, "performance" ( /* Performance of attack */ c( "values" ( /* Values for performance field */ ("unknown" | "fast" | "normal" | "slow") ) ) ), "category" ( /* Category of attack */ c( "values" arg /* Values for category field */ ) ), "service" ( /* Service/Application of attack */ c( "values" arg /* Values for service field */ ) ), "false-positives" ( /* False positive field in attack */ c( "values" ( /* Values for false-positives field */ ("unknown" | "rarely" | "occasionally" | "frequently") ) ) ), "products" ( /* Products this attack belongs to */ c( "values" arg /* Values for products field */ ) ) ) ) ) ) end rule(:dynamic_ifbw_parms_type) do c( "capacity" arg /* Weight of current (vs. maximum) data rate */, "margin" arg /* Maximum reduction in bandwidth due to low link quality */, "delay" arg /* Bandwidth reduction when delay is announced as 1 second */, "bandwidth" arg /* Weight of current (vs. maximum) data rate */, "resource" arg /* Resource weight */, "latency" arg /* Latency weight */, "quality" arg /* Relative Link Quality weight */, "data-rate" arg /* Data rate weight */, "threshold" arg /* Percentage bandwidth change required for routing updates */, "credit" ( /* Credit-based scheduling parameters */ c( "interval" arg /* Grant rate interval */ ) ) ) end rule(:epd_threshold_config) do c( arg /* Early packet discard threshold value */, "plp1" arg /* Early packet drop threshold value for PLP 1 */ ).as(:oneline) end rule(:es_filter) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "source-mac-address" ( /* Match MAC source address */ firewall_mac_addr_object /* Match MAC source address */ ), "destination-mac-address" ( /* Match MAC destination address */ firewall_mac_addr_object /* Match MAC destination address */ ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "l2-encap-type" ( ("llc-non-snap" | arg) ), "l2-encap-type-except" ( ("llc-non-snap" | arg) ) ), c( "vlan" arg, "vlan-except" arg ), c( "dot1q-tag" arg, "dot1q-tag-except" arg ), c( "dot1q-user-priority" ( ("best-effort" | "background" | "standard" | "excellent-load" | "controlled-load" | "video" | "voice" | "network-control" | arg) ), "dot1q-user-priority-except" ( ("best-effort" | "background" | "standard" | "excellent-load" | "controlled-load" | "video" | "voice" | "network-control" | arg) ) ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-options" ( ("any") ), "ip-options-except" ( ("any") ) ), "fragment-flags" arg /* Match fragment flags (in symbolic or hex formats) - (Ingress only) */, "is-fragment" /* Match if packet is a fragment */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), "ipv6-destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "ipv6-source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "ipv6-address" ( /* Match IPv6 address */ firewall_addr6_object /* Match IPv6 address */ ), c( "ipv6-next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "ipv6-traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ipv6-source-prefix-list" ( /* Match IPV6 source prefixes in named list */ firewall_prefix_list /* Match IPV6 source prefixes in named list */ ), "ipv6-destination-prefix-list" ( /* Match IPV6 destination prefixes in named list */ firewall_prefix_list /* Match IPV6 destination prefixes in named list */ ), "ipv6-prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "interface-group" arg, "interface-group-except" arg ), c( "vlan-ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "vlan-ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "learn-vlan-dei" arg, "learn-vlan-dei-except" arg ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), c( "traffic-type" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ), "traffic-type-except" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ) ), "ip-address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "isid" arg, "isid-except" arg ), c( "isid-priority-code-point" arg, "isid-priority-code-point-except" arg ), c( "isid-dei" arg, "isid-dei-except" arg ), c( "forwarding-class" arg, "forwarding-class-except" arg ), "to-fabric" ( /* Match packets going to fabric */ to_fabric_object /* Match packets going to fabric */ ), "from-fabric" /* Match packets coming from fabric */, c( "arp-type" ( ("arp-request" | "arp-reply" | arg) ) ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), "ip-version" ( /* Define IP version */ c( "ipv4" ( /* Define L3/L4 match items to match IPv4 packets */ c( "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-options" ( ("any") ), "ip-options-except" ( ("any") ) ), "fragment-flags" arg /* Match fragment flags (in symbolic or hex formats) - (Ingress only) */, "is-fragment" /* Match if packet is a fragment */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) - (Ingress only) */, "tcp-initial" /* Match initial packet of a TCP connection - (Ingress only) */, "tcp-established" /* Match packet of an established TCP connection */, c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ) ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), c( "traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "extension-header-except" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, c( "icmp-type" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ), "icmp-type-except" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ) ), c( "icmp-code" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "icmp-code-except" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "ip6-source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "ip6-destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ) ) ) ) ), "vxlan" ( /* Define vxlan match items */ c( c( "vni" arg, "vni-except" arg ), c( "rsvd1" arg, "rsvd1-except" arg ), c( "rsvd2" arg, "rsvd2-except" arg ), "flags" ( /* Match VXlan flag field */ match_flags_value /* Match VXlan flag field */ ) ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ), "log" /* Log the packet */, "pkt-trace" /* Trace the packet */, "syslog" /* System log (syslog) information about the packet */, "forwarding-class" arg /* Classify packet to forwarding class */, "analyzer" arg /* Name of analyzer - (Ingress only) */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "next-hop-group" arg /* Use specified next-hop group */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "count" arg /* Count the packet in the named counter */, c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), "vlan" arg /* Name of VLAN - (Ingress only) */, "interface" ( /* Switch traffic to the specified interface by-passing switching lookup - (Ingress only) */ interface_unit /* Switch traffic to the specified interface by-passing switching lookup - (Ingress only) */ ), "vxlan" ( /* Vxlan related data */ c( "flags" arg /* Set vxlan flags value (8..255 or 0x08..0xFF) */, "rsvd1" arg /* Set vxlan reserved-1 value */, "rsvd2" arg /* Set vxlan reserved-2 value */ ) ) ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:es_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "ip-version" ( /* Define IP version */ c( "ipv4" ( /* Define L3/L4 match items to match IPv4 packets */ c( "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "dscp" /* Match Differentiated Services (DiffServ) code point */, "fragment-flags" /* Match fragment flags */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "ip-destination-address" /* Match IP destination address */, "ip-precedence" /* Match IP precedence value */, "ip-protocol" /* Match IP protocol type */, "ip-source-address" /* Match IP source address */, "is-fragment" /* Match if packet is a fragment */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */ ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "ip6-destination-address" /* Match destination address */, "ip6-source-address" /* Match source address */, "next-header" /* Match next header protocol type */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "traffic-class" /* Match Differentiated Services (DiffServ) code point */ ) ) ) ), "arp-type" /* Match ARP type */, "destination-mac-address" /* Match MAC destination address */, "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "dscp" /* Match Differentiated Services (DiffServ) code point */, "ether-type" /* Match Ethernet Type */, "fragment-flags" /* Match fragment flags */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "interface" /* Match interface name */, "ip-destination-address" /* Match IP destination address */, "ip-precedence" /* Match IP precedence value */, "ip-protocol" /* Match IP protocol type */, "ip-source-address" /* Match IP source address */, "is-fragment" /* Match if packet is a fragment */, "l2-encap-type" /* Match Ethernet Encapsulation Type */, "learn-vlan-id" /* Match Learnt VLAN ID */, "source-mac-address" /* Match MAC source address */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "user-vlan-1p-priority" /* Match User 802.1p VLAN priority */, "user-vlan-id" /* Match User VLAN ID */ ) ) ) ) end rule(:ethernet_switching_type) do c( "port-mode" ( /* Type of port mode */ ("access" | "tagged-access" | "trunk") ), "interface-mode" ( /* Type of interface mode */ ("access" | "trunk") ), "inter-switch-link" /* PVLAN inter switch link */, "reflective-relay" /* Reflective-relay mode for this interface */, c( "vlan" ( /* Virtual LAN parameters */ c( "members" ( /* Membership for this interface (name or id) */ ("all" | arg) ) ) ), "inner-vlan" ( /* Trunk mode vlan membership for this interface */ c( "members" ( /* Membership for this interface (name or id) */ ("all" | arg) ) ) ), "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type */ ("svlan" | "bvlan") ), "vlan-rewrite" ( /* Specify VLAN translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), "native-vlan-id" arg /* Untagged packets on a trunk/tagged-access interface belong to this vlan */, c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "input-precedence" arg /* Precedence of the filter */, "input-list" arg /* List of filter modules applied to received packets */, "output" arg /* Name of filter applied to transmitted packets */, "output-precedence" arg /* Precedence of the filter */, "output-list" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline) ) end rule(:ethernet_policer) do c( c( "bandwidth-limit" arg /* Bandwidth limit */ ), "burst-size-limit" arg /* Burst size limit */ ) end rule(:family) do c( "inet" ( /* IPv4 parameters */ c( c( "dhcp" /* Enable DHCP on ethernet interface */, "address" ( /* Interface address/destination prefix */ ipv4prefix /* Interface address/destination prefix */ ) ) ) ) ) end rule(:fibre_channel_type) do c( "port-mode" ( /* Port mode */ ("f-port" | "e-port" | "np-port" | "auto") ), "no-npiv" /* Disable NPIV */, "fc-fabric" ( /* Virtual fabric parameters */ c( "members" ( /* Virtual Fabric Membership for this interface (name or id) */ ("all" | arg) ) ) ), "native-fabric" arg /* FC frames with no virtual fabric header on a interface belong to this fabric */ ) end rule(:file_specification_type) do arg.as(:arg) ( c( "name-format" arg /* Format string for filename (allows {text} macros) */, "data-format" ( /* Data format for flow collection output */ ("flow-compressed") ), "transfer" ( sc( "timeout" arg /* Timeout in seconds when the file is transferred */, "record-level" arg /* Number of records at which the file is transferred */ ) ).as(:oneline) ) ) end rule(:firewall_addr6_object) do arg.as(:arg) ( c( "except" /* Match address not in this prefix */ ) ).as(:oneline) end rule(:firewall_addr_object) do arg.as(:arg) ( c( "except" /* Match address not in this prefix */ ) ).as(:oneline) end rule(:firewall_flexible_match) do arg.as(:arg) ( c( "match-start" ( /* Start point to match in packet */ ("layer-2" | "layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits, not needed for string input */ ) ) end rule(:firewall_hierpolicer) do arg.as(:arg) ( c( c( "logical-interface-policer" /* Hierarchical policer is a logical interface policer */, "physical-interface-policer" /* Hierarchical policer is a physical interface policer */ ), "shared-bandwidth-policer" /* Share policer bandwidth among bundle links */, "filter-specific" /* Hierarchical policer is filter-specific */, "aggregate" ( /* Aggregate definition */ hierarchical_policer_aggregate_bucket /* Aggregate definition */ ), "premium" ( /* Premium definition */ hierarchical_policer_premium_bucket /* Premium definition */ ) ) ) end rule(:firewall_load_balance_group) do arg.as(:arg) ( c( "next-hop-group" arg /* Use specified next-hop group */ ) ) end rule(:firewall_mac_addr_object) do arg.as(:arg) ( c( "except" /* Match MAC address not in this range */ ) ).as(:oneline) end rule(:firewall_policer) do arg.as(:arg) ( c( "filter-specific" /* Policer is filter-specific */, "logical-interface-policer" /* Policer is logical interface policer */, "physical-interface-policer" /* Policer is physical interface policer */, "logical-bandwidth-policer" /* Policer uses logical interface bandwidth */, "shared-bandwidth-policer" /* Share policer bandwidth among bundle links */, c( "if-exceeding" ( /* Define rate limits */ c( c( "bandwidth-limit" arg /* Bandwidth limit */, "bandwidth-percent" arg /* Bandwidth limit in percentage */ ), "burst-size-limit" arg /* Burst size limit */, "aggregate-policing" ( /* Configure Aggregate Policer */ c( "policer" arg ( /* Two-color policer to be used as aggregate */ c( "aggregate-sharing-mode" ( /* Hierarchical Metering model */ ("guarantee" | "peak") ) ) ) ) ) ) ), "if-exceeding-pps" ( /* Define pps limits */ c( c( "pps-limit" arg /* PPS limit */ ), "packet-burst" arg /* PPS burst size limit */ ) ) ), "counter" ( /* Define policer counter configuration */ c( "counter-id" arg /* Counter Index */ ) ), "then" ( /* Action to take if the rate limits are exceeded */ c( "discard" /* Discard the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "out-of-profile" /* Discard packets only if both congested and over threshold */ ) ), "aggregate" ( /* Aggregate policer used in Extended Hierarchical Policers */ c( c( "global" /* Single global instance of aggregate policer */ ) ) ) ) ) end rule(:firewall_prefix_list) do arg.as(:arg) ( c( "except" /* Match addresses not in this prefix list */ ) ).as(:oneline) end rule(:flow_group_type) do arg.as(:arg) ( c( "node-device" arg /* Node device(s) associated with this flow group */, "interconnect-device" arg /* Interconnect device(s) associated with this flow group */ ) ) end rule(:gateway_type) do arg.as(:arg) ( c( "service-interface" ( /* Associated services interface */ interface_device /* Associated services interface */ ), "sip" ( c( "timers" ( /* Timers configuration */ sip_timers_type /* Timers configuration */ ), "new-transaction-policy" ( /* Definition of a new-transaction policy */ transaction_policy_type /* Definition of a new-transaction policy */ ), "new-transaction-policy-set" ( /* Definition of a new-transaction policy set */ new_transaction_set_type /* Definition of a new-transaction policy set */ ), "new-registration-policy" ( /* Definition of a new-registration policy */ registration_policy_type /* Definition of a new-registration policy */ ), "new-registration-policy-set" ( /* Definition of a new-registration policy set */ new_registration_set_type /* Definition of a new-registration policy set */ ), "new-call-usage-policy" ( /* Definition of a new-call usage policy */ call_usage_policy_type /* Definition of a new-call usage policy */ ), "new-call-usage-policy-set" ( /* Definition of a new-call usage policy set */ new_call_usage_set_type /* Definition of a new-call usage policy set */ ), "routing-destinations" ( /* Definition of routing destinations */ routing_destinations /* Definition of routing destinations */ ), "message-manipulation-rules" ( /* Definition of manipulation rules */ header_manipulation_message_manipulation_rules_type /* Definition of manipulation rules */ ), "local-tag-prefix" arg /* Local tag prefix */, "signaling-realms" ( /* Signaling realm */ signaling_realm /* Signaling realm */ ), "local-uri-prefix" arg /* Local URI prefix */ ) ), "admission-control" ( /* Definition of an admission controller */ admission_control_type /* Definition of an admission controller */ ), "service-point" ( service_point_type ), "name-resolution-cache" ( name_resolution_cache_type ), "embedded-spdf" ( c( "service-class" arg ( /* Definition of service class policies */ c( "term" arg ( /* Service class settings by media type */ c( "from" ( /* The media-related filter that the rate limiting and DSCP marking are based on */ c( "media-type" ( /* Media types to filter on */ ("any-media" | "audio" | "video") ) ) ), "then" ( /* The action to take based on the 'from' filter */ c( "reject" /* Reject the request */, "committed-information-rate" ( /* Committed information rate value per stream */ enum(arg) ), "committed-burst-size" ( /* Committed burst size value per stream */ enum(arg) ), "dscp" arg /* Code point alias or 6-bit pattern */ ) ) ) ) ) ) ) ), "traceoptions" ( /* Trace options for border signaling gateway */ c( "flag" ( /* Per-component trace options */ c( "minimum" ( /* Minimum trace level for all the components */ ("trace" | "debug" | "info" | "warning" | "error") ), "session-trace" ( /* Trace level for the session tracing component */ ("trace" | "debug" | "info" | "warning" | "error") ), "sip-stack" ( /* Sip stack trace level options */ c( "event-tracing" /* Event tracing */, "ips-tracing" /* IPS tracing */, "per-tracing" /* Performance tracing */, "dev-logging" /* Development tracing */, "verbose-logging" /* Verbose tracing */, "pd-log-level" ( /* Set pd trace level */ ("problem" | "exception" | "audit") ), "pd-log-detail" ( /* Set detail level for DC logs */ ("full" | "summary") ) ) ), "signaling" ( /* Signaling component sub-components */ c( "minimum" ( /* Minimum trace level for the signaling subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "sip-stack-wrapper" ( /* Sip stack wrapper trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "b2b-wrapper" ( /* B2B wrapper trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "ua" ( /* UA trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "b2b" ( /* B2B trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "topology-hiding" ( /* Topology hiding trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "policy" ( /* Policy trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "name-resolution-cache" ( /* Name resolution cache trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "accounting-trigger" ( /* Accounting trigger trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "event-trigger" ( /* Event trigger trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "packet-capture" ( /* Packet capture trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "framework" ( /* Framework component sub-components */ c( "minimum" ( /* Minimum trace level for the framework subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "executor" ( /* Executor trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "action" ( /* Action trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "event" ( /* Event trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "freezer" ( /* Freezer trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-pool" ( /* Memory pool trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "datastore" ( /* Datastore component sub-components */ c( "minimum" ( /* Minimum trace level for the datastore subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "data" ( /* Data trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "handle" ( /* Handle trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "db" ( /* DB trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "sbc-utils" ( /* SBC utils component sub-components */ c( "minimum" ( /* Minimum trace level for the sbc-utils subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "configuration" ( /* Configuration trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "ipc" ( /* IPC trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "device-monitor" ( /* Device-monitor trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-management" ( /* Memory mgmt trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "message" ( /* Messaging trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Common utils trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "user-interface" ( /* User-interface trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-pool" ( /* Memory-pool trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "packet-capture" ( /* Trace packet capture events */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ) ) ), "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ) ) ) end rule(:admission_control_type) do arg.as(:arg) ( c( "dialogs" ( /* Dialog admission control rules */ c( "maximum-concurrent" arg /* Maximum concurrent dialogs allowed */, "committed-attempts-rate" arg /* Committed rate of dialog admission attempts */, "committed-burst-size" arg /* Committed burst size of dialog admission attempts */ ) ), "transactions" ( /* Transaction admission control rules */ c( "maximum-concurrent" arg /* Maximum concurrent transactions allowed */, "committed-attempts-rate" arg /* Committed rate of transaction admission attempts */, "committed-burst-size" arg /* Committed burst size of transaction admission attempts */ ) ) ) ) end rule(:call_usage_policy_type) do arg.as(:arg) ( c( "term" arg ( /* Term definition */ c( "from" ( c( "source-address" ( /* Source addresses and masks */ ipaddr /* Source addresses and masks */ ), "method" ( /* Methods */ call_usage_method_type /* Methods */ ), "request-uri" ( /* Request URI field */ c( "regular-expression" ( /* Regular expression matched on incoming Request-URI */ regular_expression /* Regular expression matched on incoming Request-URI */ ) ) ), "contact" ( /* Contact field */ c( "regular-expression" ( /* Regular expression matched on incoming contact */ regular_expression /* Regular expression matched on incoming contact */ ) ) ) ) ), "then" ( /* Action */ new_call_then_type /* Action */ ) ) ) ) ) end rule(:call_usage_method_type) do enum(("method-invite")).as(:arg) end rule(:ggsn_pgw_apn_services) do c( "apns" ( /* Apn configuration */ c( ggsn_pgw_apn ) ) ) end rule(:ggsn_pgw_apn) do arg.as(:arg) ( c( "maximum-bearers" arg /* Maximum bearers for the APN */, "wait-accounting" /* Wait for accounting response for session creation */, "block-visitors" /* Do not allow visitors connect to the APN */, "allow-network-behind-mobile" /* Allow routing behind MS */, "local-policy-profile" arg /* Local profile for the apn */, "apn-type" ( /* Specify APN type */ ("real" | "virtual" | "virtual-pre-authenticate") ), "description" arg /* Text description of APN */, "apn-data-type" ( /* Specify APN data type */ ("ipv4" | "ipv6" | "ipv4v6") ), "mobile-interface" ( interface_unit ), "address-assignment" ( /* Specify address assignment options */ c( c( "aaa" /* AAA assigns addresses */, "local" ( /* Gateway assigns addresses locally */ c( "aaa-override" /* Override local address by address from AAA */ ) ), "dhcp-proxy-client" ( /* Gateway assigns address received when acting as DHCP proxy client */ c( "aaa-override" /* Override address received from DHCP proxy client mechanism by address from AAA */ ) ) ), "inet-pool" ( /* Specify address group name or pool name for IPv4 */ c( "group" arg, "pool" arg, "exclude-pools" arg /* Names of pool to exclude */ ) ), "inet6-pool" ( /* Specify address group name or pool name for IPv6 */ c( "group" arg, "pool" arg, "exclude-v6pools" arg /* Names of pool to exclude */ ) ), "dhcpv4-proxy-client-profile" ( /* DHCPv4 proxy client profile for this APN */ c( "logical-system" arg /* Logical system where this DHCP proxy client profile is defined. If this option is not specified, default logical-system will be used */, "routing-instance" arg /* Routing-instance where this DHCP proxy client profile is defined. If this option is not specified, default routing-instance will be used */, "profile-name" arg /* Name of DHCP proxy client profile */, "pool-name" arg /* Name of the pool to be sent to DHCP server. It is optional */ ) ), "dhcpv6-proxy-client-profile" ( /* DHCPv6 proxy client profile for this APN */ c( "logical-system" arg /* Logical system where this DHCP proxy client profile is defined. If this option is not specified, default logical-system will be used */, "routing-instance" arg /* Routing-instance where this DHCP proxy client profile is defined. If this option is not specified, default routing-instance will be used */, "profile-name" arg /* Name of DHCP proxy client profile */, "pool-name" arg /* Name of the pool to be sent to DHCP server. It is optional */ ) ), "allow-static-ip-address" ( /* Allow user equipment provided static address */ c( "no-aaa-verify" /* Do not verify the address provided by user equipment through AAA */ ) ) ) ), "session-timeout" arg /* Session timeout value */, "idle-timeout" arg /* Idle timeout value */, "idle-timeout-direction" ( /* Specific idle timeout direction */ ("uplink" | "both") ), "restriction-value" arg /* Restriction value */, "aaa-profile" arg /* Specify AAA profile for Authorization and Accounting */, "user-options" ( /* Specify user options */ c( c( "user-name" arg /* Default user name for user authentication */, "use-msisdn" /* Use msisdn for user authentication */, "use-imsi" /* Use imsi for user authentication */, "use-apnname" /* Use APN name for user authentication */ ), "password" ( /* Default user password for user authentication */ unreadable /* Default user password for user authentication */ ), "override-pco" /* Override the username and password received in PCO */ ) ), "charging" ( /* Default charging profiles */ c( "default-profile" arg /* Default charging profile for the APN */, "home-profile" arg /* Default home profile for the APN */, "roamer-profile" arg /* Default roamer profile for the APN */, "visitor-profile" arg /* Default visitor profile for the APN */, "profile-selection-order" ( /* Default charging profile selection order */ ("radius" | "static" | "serving") ) ) ), "dns-server" ( /* Specify DNS servers */ c( "primary-v4" ( /* Primary IPv4 DNS server address */ ipv4addr /* Primary IPv4 DNS server address */ ), "secondary-v4" ( /* Secondary IPv4 DNS server address */ ipv4addr /* Secondary IPv4 DNS server address */ ), "primary-v6" ( /* Primary IPv6 DNS server address */ ipv6addr /* Primary IPv6 DNS server address */ ), "secondary-v6" ( /* Secondary IPv6 DNS server address */ ipv6addr /* Secondary IPv6 DNS server address */ ) ) ), "nbns-server" ( /* Specify NBNS servers */ c( "primary-v4" ( /* Primary IPv4 NBNS server address */ ipv4addr /* Primary IPv4 NBNS server address */ ), "secondary-v4" ( /* Secondary IPv4 NBNS server address */ ipv4addr /* Secondary IPv4 NBNS server address */ ) ) ), "p-cscf" arg /* Specify IPv4 or IPv6 P-CSCF server */, "selection-mode" ( /* Specify APN access options */ c( "no-subscribed" /* Reject subscribed verified Users */, "from-ms" /* Admit MS provided APN, subscription not verified */, "from-sgsn" /* Admit Network provided APN, subscription not verified */ ) ), "service-selection-profile" arg /* Service selection profile for this APN */, "network-behind-mobile" ( /* Specify IMSI nbm-address */ c( "imsi" arg ( /* Prefixes for a given IMSI */ c( "prefix-v4" ( /* IPv4 Prefix Address */ ipv4prefix /* IPv4 Prefix Address */ ), "prefix-v6" ( /* IPv6 Prefix Address */ ipv6prefix /* IPv6 Prefix Address */ ) ) ) ) ), "service-mode" ( /* Service mode */ ("maintenance") ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "pcef-profile" arg /* PCEF profile for the apn */, "verify-source-address" ( /* UE address verification - default is enabled */ c( "disable" /* Disable UE address verification */ ) ), "inter-mobile-traffic" ( /* Inter mobile traffic redirect options */ c( "redirect" ( /* Redirect options */ c( "redirect-ip" ( /* Redirect destination address */ ipv4addr /* Redirect destination address */ ), c( "routing-instance" arg /* Routing instance used for redirect */ ) ) ), "deny" /* Do not allow inter mobile traffic */ ) ) ) ) end rule(:gtpp_peer) do arg.as(:arg) ( c( "destination-ipv4-address" ( /* CGF Server IP address */ ipv4addr /* CGF Server IP address */ ), "source-interface" ( /* Source interface from which GTPP packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "destination-port" arg /* Destination port number of the CGF Server */, "transport-protocol" ( /* Default Transport protocol(udp/tcp) used */ ("udp" | "tcp") ), "version" ( /* GTPP version V0|V1|V2 */ ("v0" | "v1" | "v2") ), "echo-interval" arg /* GTPP echo-interval in seconds */, "n3-requests" arg /* Number of retries of GTPP messages upon timeout */, "t3-response" arg /* Response timeout value for GTPP request message */, "header-type" ( /* GTPP protocol header type short|long */ ("short" | "long") ), "pending-queue-size" arg /* Maximum number of DRT messages awaiting an ack */, "down-detect-time" arg /* Time (in sec) to wait before declaring a CGF as Down */, "reconnect-time" arg /* Time (in sec) after which connection to the CGF server should be retried */, "no-path-management" /* Disables path management */ ) ) end rule(:hcm_tag_rule_object) do arg.as(:arg) ( c( "term" arg ( /* One or more terms in HCM tag rule */ c( "from" ( /* Match criteria */ hcm_tag_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "tag" arg ( /* One or more terms in HCM tag rule */ c( "tag-header" arg /* Tag header string */, "do-not-rename-existing-tag-header" /* Disable renaming of the tag header */, "tag-separator" arg /* Tag separator character */, "tag-attribute" ( /* One or more tag attributes */ ("msisdn" | "imsi" | "apn" | "imei" | "ipv4addr" | "ipv6addr" | "ggsnipv4" | "ggsnipv6" | "radiusclass") ), "encrypt" ( /* Specify encryption or hashing algorithm */ c( "hash" ( /* Hashing algorithm */ ("md5") ), "prefix" arg /* Hash prefix key */ ) ), "ipv4-mask" ( /* Specify a logical and mask for the x-forwarded-for address */ ipv4addr /* Specify a logical and mask for the x-forwarded-for address */ ), "ipv4-or-value" ( /* Specify a logical or mask for x-forwarded address */ ipv4addr /* Specify a logical or mask for x-forwarded address */ ), "ipv6-mask" ( /* Specify a logical and mask for the x-forwarded-for address */ ipv6addr /* Specify a logical and mask for the x-forwarded-for address */ ), "ipv6-or-value" ( /* Specify a logical or mask for x-forwarded address */ ipv6addr /* Specify a logical or mask for x-forwarded address */ ) ) ), "count" /* Enable statistics for term */ ) ) ) ) ) ) end rule(:hcm_tag_match_object) do c( "destination-address" ( /* Match IP destination address */ sfw_addr_object /* Match IP destination address */ ), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-ports" arg /* Destination port list specification */, "destination-port-range" ( /* Match destination port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline) ) end rule(:hcm_url_list_object) do arg.as(:arg) ( c( "host" arg /* One or more host(s) */, "request-uri" arg /* One or more uri's */ ) ) end rule(:hcm_url_rule_object) do arg.as(:arg) ( c( "term" arg ( /* One or more terms in HCM url_rule */ c( "from" ( /* Match criteria */ hcm_url_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "count" /* Enable statistics for term */, "log-request" /* Enable logging for term */, c( "accept" /* Accept the URL */, "discard" /* Discard the URL */ ) ) ) ) ) ) ) end rule(:hcm_url_match_object) do c( "url-list" arg /* List of Url lists to referance */, "url" arg ( /* Rule specific url list */ c( "host" arg /* One or more host(s) */, "request-uri" arg /* One or more uri's */ ) ) ) end rule(:header_manipulation_message_manipulation_rules_type) do c( "manipulation-rule" ( /* Definition of manipulation rules */ header_manipulation_manipulation_rule_type /* Definition of manipulation rules */ ) ) end rule(:header_manipulation_manipulation_rule_type) do arg.as(:arg) ( c( "actions" ( /* Header manipulation actions */ header_manipulation_actions_type /* Header manipulation actions */ ) ) ) end rule(:header_manipulation_actions_type) do c( "sip-header" arg ( /* Manipulation of the SIP header */ c( "field-value" ( /* Manipulation on the header's field value */ header_manipulation_sip_header_field_value_type /* Manipulation on the header's field value */ ) ) ), "request-uri" ( /* Manipulation of the message request-uri */ c( "field-value" ( /* Manipulation on the request-uri field value */ c( "modify-regular-expression" ( /* Set modify regular expression and patterns */ header_manipulation_modify_type /* Set modify regular expression and patterns */ ) ) ) ) ) ) end rule(:header_manipulation_modify_type) do arg.as(:arg) ( c( "with" arg /* Modification string */ ) ).as(:oneline) end rule(:header_manipulation_sip_header_field_value_type) do c( "remove-all" /* Remove all headers */, "remove-regular-expression" ( /* Remove field-value */ header_manipulation_remove_type /* Remove field-value */ ), "reject-regular-expression" ( /* Reject message using regular expression */ header_manipulation_reject_type /* Reject message using regular expression */ ), "modify-regular-expression" ( /* Modify field-value using regular expression */ header_manipulation_modify_type /* Modify field-value using regular expression */ ), "add" ( /* Add field-value to header */ header_manipulation_add_type /* Add field-value to header */ ), "add-missing" ( /* Add field-value only if header is missing */ header_manipulation_add_missing_type /* Add field-value only if header is missing */ ), "add-overwrite" ( /* Overwrite headers field-value */ header_manipulation_add_overwrite_type /* Overwrite headers field-value */ ) ) end rule(:header_manipulation_add_missing_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_add_overwrite_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_add_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_reject_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_remove_type) do arg.as(:arg).as(:oneline) end rule(:hierarchical_policer_aggregate_bucket) do c( c( "if-exceeding" ( /* Define rate limits */ c( c( "bandwidth-limit" arg /* Bandwidth limit */ ), "burst-size-limit" arg /* Burst size limit */ ) ), "if-exceeding-pps" ( /* Define pps limits */ c( c( "pps-limit" arg /* PPS limit */ ), "packet-burst" arg /* PPS burst size limit */ ) ) ), "then" ( /* Action to take if the rate limits are exceeded */ c( c( "discard" /* Discard the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */ ) ) ) ) end rule(:hierarchical_policer_premium_bucket) do c( c( "if-exceeding" ( /* Define rate limits */ c( c( "bandwidth-limit" arg /* Bandwidth limit */ ), "burst-size-limit" arg /* Burst size limit */ ) ), "if-exceeding-pps" ( /* Define pps limits */ c( c( "pps-limit" arg /* PPS limit */ ), "packet-burst" arg /* PPS burst size limit */ ) ) ), "then" ( /* Action to take if the rate limits are exceeded */ c( c( "discard" /* Discard the packet */ ) ) ) ) end rule(:idp_policy_type) do arg.as(:arg) ( c( "rulebase-ips" ( /* IPS rulebase */ c( "rule" arg ( /* Configure IPS rule */ c( "description" arg /* Rule description */, "match" ( /* Rule match criteria */ c( "from-zone" ( /* Match from zone */ ("any" | arg) ), c( "source-address" ( /* Match source address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "source-except" ( /* Don't match source address */ (arg) ), "source-prefix" ( /* Match source address */ ipv4prefix /* Match source address */ ), "source-prefix-except" ( /* Don't match source address */ ipv4prefix /* Don't match source address */ ) ), "to-zone" ( /* Match to zone */ ("any" | arg) ), c( "destination-address" ( /* Match destination address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "destination-except" ( /* Don't match destination address */ (arg) ), "destination-prefix" ( /* Match destination address */ ipv4prefix /* Match destination address */ ), "destination-prefix-except" ( /* Don't match destination address */ ipv4prefix /* Don't match destination address */ ) ), "application" ( /* Specify application or application-set name to match */ ("any" | "default" | arg) ), "attacks" ( /* Match attack objects */ c( "custom-attacks" arg /* Custom attacks */, "custom-attack-groups" arg /* Custom attack groups */, "dynamic-attack-groups" arg /* Dynamic attack groups */, "predefined-attacks" arg /* Predefined attacks */, "predefined-attack-groups" arg /* Predefined attack groups */ ) ) ) ), "then" ( c( "action" ( c( c( "no-action" /* No action */, "ignore-connection" /* Ignore */, "mark-diffserv" ( /* Mark differentiated services codepoint (DSCP) */ c( arg ) ), "class-of-service" ( /* Classification of traffic based on class-of-service */ c( "forwarding-class" arg /* Forwarding class for outgoing packets */, "dscp-code-point" arg /* Differentiated services code point value */ ) ), "drop-packet" /* Drop packet */, "drop-connection" /* Drop connection */, "close-client" /* Close client */, "close-server" /* Close server */, "close-client-and-server" /* Close client and server */, "recommended" /* Recommended */ ) ) ), "ip-action" ( c( c( "ip-notify" /* Notify about future traffic */, "ip-close" /* Close future conenctions */, "ip-block" /* Block future conenctions */ ), "target" ( ("service" | "source-zone-address" | "source-address" | "destination-address" | "zone-service" | "source-zone") ), "log" /* Log IP action taken */, "log-create" /* Log IP action creation */, "timeout" arg /* Number of seconds IP action should remain effective */, "refresh-timeout" /* Refresh timeout when future connections match installed ip-action filter */ ) ), "notification" ( /* Configure notification/logging options */ c( "log-attacks" ( /* Enable attack logging */ c( "alert" /* Set alert flag in attack log */ ) ), "packet-log" ( c( "pre-attack" arg /* No of packets to capture before attack */, "post-attack" arg /* No of packets to capture after attack */, "post-attack-timeout" arg /* Timeout (seconds) after attack before stopping packet capture */ ) ) ) ), "severity" ( /* Set rule severity level */ ("info" | "warning" | "minor" | "major" | "critical") ) ) ), "terminal" /* Set/Unset terminal flag */ ) ) ) ), "rulebase-exempt" ( /* Exempt rulebase */ c( "rule" arg ( /* Configure exempt rule */ c( "description" arg /* Rule description */, "match" ( /* Rule match criteria */ c( "from-zone" ( /* Match from zone */ ("any" | arg) ), c( "source-address" ( /* Match source address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "source-except" ( /* Don't match source address */ (arg) ), "source-prefix" ( /* Match source address */ ipv4prefix /* Match source address */ ), "source-prefix-except" ( /* Don't match source address */ ipv4prefix /* Don't match source address */ ) ), "to-zone" ( /* Match to zone */ ("any" | arg) ), c( "destination-address" ( /* Match destination address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "destination-except" ( /* Don't match destination address */ (arg) ), "destination-prefix" ( /* Match destination address */ ipv4prefix /* Match destination address */ ), "destination-prefix-except" ( /* Don't match destination address */ ipv4prefix /* Don't match destination address */ ) ), "attacks" ( /* Match attack objects */ c( "custom-attacks" arg /* Custom attacks */, "custom-attack-groups" arg /* Custom attack groups */, "dynamic-attack-groups" arg /* Dynamic attack groups */, "predefined-attacks" arg /* Predefined attacks */, "predefined-attack-groups" arg /* Predefined attack groups */ ) ) ) ) ) ) ) ) ) ) end rule(:idpd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) end rule(:ids_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define an IDS term */ c( "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "force-entry" /* Force entries in IDS tables for matching traffic */, "ignore-entry" /* Ignore IDS events for matching traffic */, "user-interface" ( /* User-interface trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ), "aggregation" ( /* Define aggregation parameters */ c( "source-prefix" arg /* Prefix length for IPv4 source addresses */, "destination-prefix" arg /* Prefix length for IPv4 destination addresses */, "source-prefix-ipv6" arg /* Prefix length for IPv6 source addresses */, "destination-prefix-ipv6" arg /* Prefix length for IPv6 destination addresses */ ) ), "logging" ( /* Define system logging parameters */ c( "threshold" arg /* Threshold above which events should be logged */, "syslog" /* System log information about the packet */ ) ), "syn-cookie" ( /* Define SYN cookie parameters */ c( "threshold" arg /* Threshold above which SYN cookies are enabled */, "mss" arg /* MSS value for TCP delayed binding */ ) ), "session-limit" ( /* Define IDS session limit parameters */ c( "by-source" ( /* Define IDS session limit parameters by source */ ids_limit_type /* Define IDS session limit parameters by source */ ), "by-destination" ( /* Define IDS session limit parameters by destination */ ids_limit_type /* Define IDS session limit parameters by destination */ ), "by-pair" ( /* Define IDS session limit parameters by source-destination pair */ ids_limit_type /* Define IDS session limit parameters by source-destination pair */ ) ) ), "allow-ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "allow-ipv6-extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "tcp-syn-defense" /* Enable tcp-syn-defense */, "tcp-syn-fragment-check" /* Enable tcp syn fragment check */, "tcp-winnuke-check" /* Enable tcp winnuke check */, "icmp-fragment-check" /* Enable icmp fragment check */, "icmp-large-packet-check" /* Enable icmp large packet check */, "land-attack-check" ( /* Enable land attack checks */ ("ip-only" | "ip-port") ) ) ) ) ) ) ) end rule(:ids_limit_type) do c( "maximum" arg /* Maximum number of open sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "packets" arg /* Maximum number of packets allowed per second */, "hold-time" arg /* How long to keep limit information after session is deleted */, "by-protocol" ( /* Define IDS session limit parameters */ c( "tcp" ( /* Define TCP IDS session limits */ ids_proto_limit_type /* Define TCP IDS session limits */ ), "udp" ( /* Define UDP IDS session limits by source */ ids_proto_limit_type /* Define UDP IDS session limits by source */ ), "icmp" ( /* Define ICMP IDS session limits by source */ ids_proto_limit_type /* Define ICMP IDS session limits by source */ ) ) ) ) end rule(:ids_proto_limit_type) do c( "maximum" arg /* Maximum number of open sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "packets" arg /* Maximum number of packets allowed per second */ ) end rule(:inet6_dialer_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), "address" ( /* Match source or destination address */ firewall_addr6_object /* Match source or destination address */ ), "source-prefix-list" ( /* Match source prefixes in named list */ firewall_prefix_list /* Match source prefixes in named list */ ), "destination-prefix-list" ( /* Match destination prefixes in named list */ firewall_prefix_list /* Match destination prefixes in named list */ ), "prefix-list" ( /* Match source or destination prefixes in named list */ firewall_prefix_list /* Match source or destination prefixes in named list */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "icmp-type" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ), "icmp-type-except" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ) ), c( "icmp-code" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "icmp-code-except" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, c( "note" /* Interested ISDN packet */, "ignore" /* Non-interested ISDN packet */ ) ) ) ) ) ) ) end rule(:inet6_filter) do arg.as(:arg) ( c( "promote" ( /* Promote a firewall match to PFM */ ("gre-key" | "traffic-class") ), "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "enhanced-mode" /* Define filter for chassis network-services enhanced mode */, "interface-shared" /* Filter is interface-shared */, "enhanced-mode-override" /* Override the default chassis network-services enhanced mode for dynamic filter */, "physical-interface-filter" /* Filter is physical interface filter */, "fast-lookup-filter" /* Configure filter in the fast lookup hardware block */, "instance-shared" /* Filter is routing-instance shared */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "destination-class" arg, "destination-class-except" arg ), c( "source-class" arg, "source-class-except" arg ), c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), "address" ( /* Match source or destination address */ firewall_addr6_object /* Match source or destination address */ ), "source-prefix-list" ( /* Match source prefixes in named list */ firewall_prefix_list /* Match source prefixes in named list */ ), "destination-prefix-list" ( /* Match destination prefixes in named list */ firewall_prefix_list /* Match destination prefixes in named list */ ), "prefix-list" ( /* Match source or destination prefixes in named list */ firewall_prefix_list /* Match source or destination prefixes in named list */ ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "extension-header-except" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ) ), c( "packet-length" arg, "packet-length-except" arg ), c( "traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "icmp-type" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ), "icmp-type-except" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ) ), c( "icmp-code" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "icmp-code-except" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ) ), "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), "service-filter-hit" /* Match if service-filter-hit is set */, c( "hop-limit" arg, "hop-limit-except" arg ), "is-fragment" /* Match if packet is a fragment */, "first-fragment" /* Match if packet is first fragment */, "last-fragment" /* Match if packet is last fragment */, c( "flexible-match-mask" ( /* Match flexible mask */ match_l3_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l3_flexible_range /* Match flexible range */ ) ), c( "gre-key" arg, "gre-key-except" arg ), c( "policy-map" arg, "policy-map-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), c( "traffic-class-count" arg /* Count the packet in the named traffic-class counter */, "count" arg /* Count the packet in the named counter */ ), "service-accounting" /* Count the packets for service accounting */, "service-accounting-deferred" /* Count the packets for deferred service accounting */, "log" /* Log the packet */, "pkt-trace" /* Trace packet forwarding */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "analyzer" arg /* Name of analyzer */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "traffic-class" ( /* Set traffic-class code point */ ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "skip-services" /* Skip the services */, "service-filter-hit" /* Marked when packet processing by the current type of chained filters is done, the packet is directed to the next type of filters */, "force-premium" /* When this bit is marked, traffic is considered as premium by the following hierarchical policer */, "exclude-accounting" /* When this is marked, traffic is excluded from accurate accounting */, c( "decapsulate" ( /* Terminate a tunnel */ sc( c( "gre" ( /* GRE protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "gre-in-udp" ( /* GRE-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "mpls-in-udp" ( /* MPLS-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "l2tp" ( /* L2TP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, "cookie" arg /* L2TPv3 cookie */, c( "output-interface" ( /* Interface name */ interface_unit /* Interface name */ ) ) ) ) ) ) ).as(:oneline), "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ), "next-hop-group" arg /* Use specified next-hop group */, "logical-system" ( /* Packets are directed to specified logical system */ s( arg, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */ ) ) ).as(:oneline), "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */, "next-ip6" ( /* Packets are directed to specified the specified ipv6 address */ sc( ipv6prefix /* Address to route */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ).as(:oneline), "next-interface" ( /* Packets are to be routed through the specified interface */ c( arg, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), c( "accept" /* Accept the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "reject" ( /* Reject the packet */ sc( c( "no-route" /* Send ICMPv6 No Route message */, "administratively-prohibited" /* Send ICMPv6 Administratively Prohibited message */, "beyond-scope" /* Send ICMPv6 Beyond Scope of Source Address message */, "address-unreachable" /* Send ICMPv6 Address Unreachable message */, "port-unreachable" /* Send ICMPv6 Port Unreachable message */, "tcp-reset" /* Send TCP Reset message */, "network-unreachable" /* Send ICMPv4 Network Unreachable message */, "host-unreachable" /* Send ICMPv4 Host Unreachable message */, "protocol-unreachable" /* Send ICMPv4 Protocol Unreachable message */, "source-route-failed" /* Send ICMPv4 Source Route Failed message */, "network-unknown" /* Send ICMPv4 Network Unknown message */, "host-unknown" /* Send ICMPv4 Host Unknown message */, "source-host-isolated" /* Send ICMPv4 Source Host Isolated message */, "network-prohibited" /* Send ICMPv4 Network Prohibited message */, "host-prohibited" /* Send ICMPv4 Host Prohibited message */, "bad-network-tos" /* Send ICMPv4 Bad Network ToS message */, "bad-host-tos" /* Send ICMPv4 Bad Host ToS message */, "precedence-violation" /* Send ICMPv4 Precedence Violation message */, "precedence-cutoff" /* Send ICMPv4 Precedence Cutoff message */ ) ) ).as(:oneline) ) ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:inet6_fuf) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "match-order" ( ("next-header" | "payload-protocol" | "source-address" | "destination-address" | "source-port" | "destination-port" | "traffic-class") ), "term" arg ( /* One or more firewall terms */ c( "only-at-create" /* Add term only when filter is first created. */, "from" ( /* Match criteria */ c( "source-address" ( /* Match source IP address */ firewall_addr6_simple_object /* Match source IP address */ ), "destination-address" ( /* Match destination IP address */ firewall_addr6_simple_object /* Match destination IP address */ ), c( "source-port" ( /* Match TCP/UDP source port */ match_simple_port_value /* Match TCP/UDP source port */ ) ), c( "destination-port" ( /* Match TCP/UDP destination port */ match_simple_port_value /* Match TCP/UDP destination port */ ) ), c( "next-header" ( /* Match next header protocol type */ match_simple_protocol_value /* Match next header protocol type */ ) ), c( "payload-protocol" ( /* Match payload protocol type */ match_simple_payload_protocol_value /* Match payload protocol type */ ) ), c( "traffic-class" ( /* Match Differentiated Services (DiffServ) code point */ match_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ), "match-terms" arg /* Dynamically supplied list of match criteria */ ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */ ), "count" arg /* Count the packet in the named counter */, "service-accounting" /* Count the packets for service accounting */, "log" /* Log the packet */, "port-mirror" /* Port-mirror the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "action-terms" arg /* Dynamically supplied list of actions */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:firewall_addr6_simple_object) do c( ipv6prefix /* Prefix to match */ ) end rule(:inet6_service_filter) do arg.as(:arg) ( c( "term" arg ( /* Service filter term */ c( "from" ( /* Match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), "address" ( /* Match source or destination address */ firewall_addr6_object /* Match source or destination address */ ), "source-prefix-list" ( /* Match source prefixes in named list */ firewall_prefix_list /* Match source prefixes in named list */ ), "destination-prefix-list" ( /* Match destination prefixes in named list */ firewall_prefix_list /* Match destination prefixes in named list */ ), "prefix-list" ( /* Match source or destination prefixes in named list */ firewall_prefix_list /* Match source or destination prefixes in named list */ ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "extension-header-except" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ) ), c( "esp-spi" arg, "esp-spi-except" arg ), c( "ah-spi" arg, "ah-spi-except" arg ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "forwarding-class" arg, "forwarding-class-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "count" arg /* Count the packet in the named counter */, "log" /* Log the packet */, "pkt-trace" /* Pkt-Trace the packet */, "sample" /* Sample the packet */, "port-mirror" /* Port-mirror the packet */, c( "service" /* Forward packets to service processing */, "skip" /* Skip service processing */, "accept" /* Accept the packet */ ) ) ) ) ) ) ) end rule(:inet6_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "destination-address" /* Match destination address */, "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match destination prefixes in named list */, "flexible-match-mask" /* Match flexible mask */, "flexible-match-range" /* Match ICMP message code */, "hop-limit" /* Match Hop Limit */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message code */, "interface" /* Match interface name */, "next-header" /* Match next header protocol type */, "source-address" /* Match source address */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "traffic-class" /* Match Differentiated Services (DiffServ) code point */ ) ) ) ) end rule(:inet_dialer_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "ip-options-except" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ) ), "is-fragment" /* Match if packet is a fragment */, "first-fragment" /* Match if packet is the first fragment */, c( "fragment-offset" arg, "fragment-offset-except" arg ), "fragment-flags" arg /* Match fragment flags */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ttl" arg, "ttl-except" arg ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "esp-spi" arg, "esp-spi-except" arg ), c( "ah-spi" arg, "ah-spi-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, c( "note" /* Interested ISDN packet */, "ignore" /* Non-interested ISDN packet */ ) ) ) ) ) ) ) end rule(:inet_filter) do arg.as(:arg) ( c( "promote" ( /* Promote a firewall match to PFM */ ("gre-key" | "dscp") ), "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "enhanced-mode" /* Define filter for chassis network-services enhanced mode */, "interface-shared" /* Filter is interface-shared */, "enhanced-mode-override" /* Override the default chassis network-services enhanced mode for dynamic filter */, "instance-shared" /* Filter is routing-instance shared */, "fast-lookup-filter" /* Configure filter in the fast lookup hardware block */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "destination-class" arg, "destination-class-except" arg ), c( "source-class" arg, "source-class-except" arg ), c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "ip-options-except" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ) ), "is-fragment" /* Match if packet is a fragment */, "first-fragment" /* Match if packet is the first fragment */, "service-filter-hit" /* Match if service-filter-hit is set */, c( "fragment-offset" arg, "fragment-offset-except" arg ), "fragment-flags" arg /* Match fragment flags (in symbolic or hex formats) - (Ingress only) */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ttl" arg, "ttl-except" arg ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "esp-spi" arg, "esp-spi-except" arg ), c( "ah-spi" arg, "ah-spi-except" arg ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), "source-port-range-optimize" /* Optimize the source port range */, "destination-port-range-optimize" /* Optimize the destination port range */, c( "rat-type" ( ("geran" | "utran" | "eutran" | arg) ), "rat-type-except" ( ("geran" | "utran" | "eutran" | arg) ) ), c( "redirect-reason" ( ("aoc" | "aolb" | "dpi") ), "redirect-reason-except" ( ("aoc" | "aolb" | "dpi") ) ), c( "gre-key" arg, "gre-key-except" arg ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l3_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l3_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ), "vxlan" ( /* Define vxlan match items */ c( c( "vni" arg, "vni-except" arg ), c( "rsvd1" arg, "rsvd1-except" arg ), c( "rsvd2" arg, "rsvd2-except" arg ), "flags" ( /* Match VXlan flag field */ match_flags_value /* Match VXlan flag field */ ) ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), c( "traffic-class-count" arg /* Count the packet in the named traffic-class counter */, "count" arg /* Count the packet in the named counter */ ), "service-accounting" /* Count the packets for service accounting */, "skip-services" /* Skip the services */, "service-accounting-deferred" /* Count the packets for deferred service accounting */, "log" /* Log the packet */, "pkt-trace" /* Trace the packet */, "packet-mode" /* Bypass flow mode for the packet */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "analyzer" arg /* Name of analyzer - (Ingress only) */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "service-filter-hit" /* Marked when packet processing by the current type of chained filters is done, the packet is directed to the next type of filters */, "force-premium" /* When this bit is marked, traffic is considered as premium by the following hierarchical policer */, "exclude-accounting" /* When this is marked, traffic is excluded from accurate accounting */, "virtual-channel" arg /* Set the output interface virtual channel */, c( "accept" /* Accept the packet */, "discard" ( /* Discard the packet */ c( "accounting" arg /* Named discard collector for packet */ ) ), "next" ( /* Continue to next term in a filter */ ("term") ), "logical-system" ( /* Packets are directed to specified logical system */ s( arg, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */ ) ) ).as(:oneline), "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */, "next-ip" ( /* Packets are directed to specified the specified ipv4 address */ sc( ipv4prefix /* Address to route */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ).as(:oneline), "next-interface" ( /* Packets are to be routed through the specified interface */ c( arg, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), c( "accept" /* Accept the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "ipsec-sa" arg /* Use specified IPSec security association */, "next-hop-group" arg /* Use specified next-hop group */, "decapsulate" ( /* Terminate a tunnel */ sc( c( "gre" ( /* GRE protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "gre-in-udp" ( /* GRE-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "mpls-in-udp" ( /* MPLS-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "l2tp" ( /* L2TP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, "cookie" arg /* L2TPv3 cookie */, c( "output-interface" ( /* Interface name */ interface_unit /* Interface name */ ) ) ) ) ) ) ).as(:oneline), "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "reject" ( /* Reject the packet */ sc( c( "network-unreachable" /* Send ICMP Network Unreachable message */, "host-unreachable" /* Send ICMP Host Unreachable message */, "protocol-unreachable" /* Send ICMP Protocol Unreachable message */, "port-unreachable" /* Send ICMP Port Unreachable message */, "fragmentation-needed" /* Send ICMP Fragmentation Needed message */, "source-route-failed" /* Send ICMP Source Route Failed message */, "network-unknown" /* Send ICMP Network Unknown message */, "host-unknown" /* Send ICMP Host Unknown message */, "source-host-isolated" /* Send ICMP Source Host Isolated message */, "network-prohibited" /* Send ICMP Network Prohibited message */, "host-prohibited" /* Send ICMP Host Prohibited message */, "bad-network-tos" /* Send ICMP Bad Network ToS message */, "bad-host-tos" /* Send ICMP Bad Host ToS message */, "administratively-prohibited" /* Send ICMP Administratively Prohibited message */, "precedence-violation" /* Send ICMP Precedence Violation message */, "precedence-cutoff" /* Send ICMP Precedence Cutoff message */, "tcp-reset" /* Send TCP Reset message */ ) ) ).as(:oneline), "load-balance" arg /* Use specified load balancing group */ ), "dscp" ( /* Set Differentiated Services (DiffServ) code point */ ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dont-fragment" ( /* Set or clear the DF bit flag of the IP header (ingress only) */ ("clear" | "set") ), "prefix-action" arg /* Police or count packets using named prefix action */ ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:inet_fuf) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "match-order" ( ("protocol" | "source-address" | "destination-address" | "source-port" | "destination-port" | "dscp") ), "term" arg ( /* One or more firewall terms */ c( "only-at-create" /* Add term only when filter is first created. */, "from" ( /* Match criteria */ c( "source-address" ( /* Match source IP address */ firewall_addr_simple_object /* Match source IP address */ ), "destination-address" ( /* Match destination IP address */ firewall_addr_simple_object /* Match destination IP address */ ), c( "source-port" ( /* Match TCP/UDP source port */ match_simple_port_value /* Match TCP/UDP source port */ ) ), c( "destination-port" ( /* Match TCP/UDP destination port */ match_simple_port_value /* Match TCP/UDP destination port */ ) ), c( "protocol" ( /* Match IP protocol type */ match_simple_protocol_value /* Match IP protocol type */ ) ), c( "dscp" ( /* Match Differentiated Services (DiffServ) code point */ match_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ), "match-terms" arg /* Dynamically supplied list of match criteria */ ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */ ), "count" arg /* Count the packet in the named counter */, "service-accounting" /* Count the packets for service accounting */, "log" /* Log the packet */, "port-mirror" /* Port-mirror the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "action-terms" arg /* Dynamically supplied list of actions */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:firewall_addr_simple_object) do c( ipv4prefix /* Prefix to match */ ) end rule(:inet_service_filter) do arg.as(:arg) ( c( "term" arg ( /* Service filter term */ c( "from" ( /* Match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ip-options" ( ("any") ), "ip-options-except" ( ("any") ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "esp-spi" arg, "esp-spi-except" arg ), "is-fragment" /* Match if packet is a fragment */, "first-fragment" /* Match if packet is the first fragment */, c( "fragment-offset" arg, "fragment-offset-except" arg ), "fragment-flags" arg /* Match fragment flags */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "ah-spi" arg, "ah-spi-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "redirect-reason" ( ("aoc" | "aolb" | "dpi") ), "redirect-reason-except" ( ("aoc" | "aolb" | "dpi") ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "count" arg /* Count the packet in the named counter */, "log" /* Log the packet */, "pkt-trace" /* Pkt-Trace the packet */, "sample" /* Sample the packet */, "port-mirror" /* Port-mirror the packet */, c( "service" /* Forward packets to service processing */, "skip" /* Skip service processing */, "accept" /* Accept the packet */ ) ) ) ) ) ) ) end rule(:inet_simple_filter) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "term" arg ( /* One or more firewall terms */ c( "from" ( /* Match criteria */ c( "source-address" ( /* Source IP address */ firewall_addr_simple_object /* Source IP address */ ), "destination-address" ( /* Destination IP address */ firewall_addr_simple_object /* Destination IP address */ ), c( "protocol" ( /* Match IP protocol type */ match_simple_protocol_value /* Match IP protocol type */ ) ), c( "source-port" ( /* Match TCP/UDP source port */ match_simple_port_value /* Match TCP/UDP source port */ ) ), c( "destination-port" ( /* Match TCP/UDP destination port */ match_simple_port_value /* Match TCP/UDP destination port */ ) ), c( "forwarding-class" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */ ) ) ) ), "loss-priority" ( /* Packet's loss priority */ ("low" | "medium-high" | "medium-low" | "high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "discard" /* Discard the packet */, "accept" /* Accept the packet */ ) ) ) ) ) ) end rule(:inet_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "destination-address" /* Match IP destination address */, "destination-port" /* Match TCP/UDP destination port */, "destination-port-range-optimize" /* Optimize the destination port range */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "dscp" /* Match Differentiated Services (DiffServ) code point */, "flexible-match-mask" /* Match flexible mask */, "flexible-match-range" /* Match flexible range */, "fragment-flags" /* Match fragment flags */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "interface" /* Match interface name */, "ip-options" /* Match IP options */, "is-fragment" /* Match if packet is a fragment */, "packet-length" /* Match packet length */, "precedence" /* Match IP precedence value */, "protocol" /* Match IP protocol type */, "rat-type" /* Match RAT Type */, "redirect-reason" /* Match Redirect Reason */, "source-address" /* Match IP source address */, "source-port" /* Match TCP/UDP source port */, "source-port-range-optimize" /* Optimize the source port range */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "ttl" /* Match IP ttl type */ ) ) ) ) end rule(:interface_map_type) do c( "file-specification" arg /* Default file specification */, "collector" ( /* Default Collector PIC to be used for flow manipulation */ interface_device /* Default Collector PIC to be used for flow manipulation */ ), input_intf_to_cpic_map_type ) end rule(:input_intf_to_cpic_map_type) do arg.as(:arg) ( c( "file-specification" arg /* File specification to use for this interface */, "collector" ( /* Collector PIC to be used for flow manipulation */ interface_device /* Collector PIC to be used for flow manipulation */ ) ) ) end rule(:interface_set_type) do arg.as(:arg) ( c( arg /* Interface list */ ) ) end rule(:interface_type) do ("all" | arg).as(:arg) ( c( "queue-statistics" /* Enable queue statistics collection */, "no-queue-statistics" /* Don't enable queue statistics collection */, "traffic-statistics" /* Enable traffic statistics collection */, "no-traffic-statistics" /* Don't enable traffic statistics collection */, "resource-profile" arg /* Resouce profile name */ ) ) end rule(:interfaces_type) do ("$junos-interface-ifd-name" | arg).as(:arg) ( c( "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */ ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "10g" | "40g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ) ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */ ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ service_set_syslog_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( ipaddr /* Source IP */, "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ) ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( ipaddr /* Dest IP */, "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ) ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( ipv6addr /* Source softwire IP */, "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ) ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( ipaddr /* Destination softwire IP */, "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ) ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ) ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.26" | "1568.16" | "1568.05" | "1567.95" | "1567.85" | "1567.75" | "1567.64" | "1567.54" | "1567.44" | "1567.34" | "1567.23" | "1567.13" | "1567.03" | "1566.93" | "1566.83" | "1566.72" | "1566.62" | "1566.52" | "1566.42" | "1566.31" | "1566.21" | "1566.11" | "1566.01" | "1565.90" | "1565.80" | "1565.70" | "1565.60" | "1565.50" | "1565.39" | "1565.29" | "1565.19" | "1565.09" | "1564.99" | "1564.88" | "1564.78" | "1564.68" | "1564.58" | "1564.47" | "1564.37" | "1564.27" | "1564.17" | "1564.07" | "1563.96" | "1563.86" | "1563.76" | "1563.66" | "1563.56" | "1563.45" | "1563.35" | "1563.25" | "1563.15" | "1563.05" | "1562.95" | "1562.84" | "1562.74" | "1562.64" | "1562.54" | "1562.44" | "1562.33" | "1562.23" | "1562.13" | "1562.03" | "1561.93" | "1561.83" | "1561.72" | "1561.62" | "1561.52" | "1561.42" | "1561.32" | "1561.22" | "1561.11" | "1561.01" | "1560.91" | "1560.81" | "1560.71" | "1560.61" | "1560.50" | "1560.40" | "1560.30" | "1560.20" | "1560.10" | "1560.00" | "1559.90" | "1559.79" | "1559.69" | "1559.59" | "1559.49" | "1559.39" | "1559.29" | "1559.19" | "1559.08" | "1558.98" | "1558.88" | "1558.78" | "1558.68" | "1558.58" | "1558.48" | "1558.38" | "1558.27" | "1558.17" | "1558.07" | "1557.97" | "1557.87" | "1557.77" | "1557.67" | "1557.57" | "1557.46" | "1557.36" | "1557.26" | "1557.16" | "1557.06" | "1556.96" | "1556.86" | "1556.76" | "1556.66" | "1556.55" | "1556.45" | "1556.35" | "1556.25" | "1556.15" | "1556.05" | "1555.95" | "1555.85" | "1555.75" | "1555.65" | "1555.55" | "1555.44" | "1555.34" | "1555.24" | "1555.14" | "1555.04" | "1554.94" | "1554.84" | "1554.74" | "1554.64" | "1554.54" | "1554.44" | "1554.34" | "1554.23" | "1554.13" | "1554.03" | "1553.93" | "1553.83" | "1553.73" | "1553.63" | "1553.53" | "1553.43" | "1553.33" | "1553.23" | "1553.13" | "1553.03" | "1552.93" | "1552.83" | "1552.73" | "1552.62" | "1552.52" | "1552.42" | "1552.32" | "1552.22" | "1552.12" | "1552.02" | "1551.92" | "1551.82" | "1551.72" | "1551.62" | "1551.52" | "1551.42" | "1551.32" | "1551.22" | "1551.12" | "1551.02" | "1550.92" | "1550.82" | "1550.72" | "1550.62" | "1550.52" | "1550.42" | "1550.32" | "1550.22" | "1550.12" | "1550.02" | "1549.92" | "1549.82" | "1549.72" | "1549.62" | "1549.52" | "1549.42" | "1549.32" | "1549.21" | "1549.11" | "1549.01" | "1548.91" | "1548.81" | "1548.71" | "1548.61" | "1548.51" | "1548.41" | "1548.31" | "1548.21" | "1548.11" | "1548.02" | "1547.92" | "1547.82" | "1547.72" | "1547.62" | "1547.52" | "1547.42" | "1547.32" | "1547.22" | "1547.12" | "1547.02" | "1546.92" | "1546.82" | "1546.72" | "1546.62" | "1546.52" | "1546.42" | "1546.32" | "1546.22" | "1546.12" | "1546.02" | "1545.92" | "1545.82" | "1545.72" | "1545.62" | "1545.52" | "1545.42" | "1545.32" | "1545.22" | "1545.12" | "1545.02" | "1544.92" | "1544.82" | "1544.72" | "1544.63" | "1544.53" | "1544.43" | "1544.33" | "1544.23" | "1544.13" | "1544.03" | "1543.93" | "1543.83" | "1543.73" | "1543.63" | "1543.53" | "1543.43" | "1543.33" | "1543.23" | "1543.13" | "1543.04" | "1542.94" | "1542.84" | "1542.74" | "1542.64" | "1542.54" | "1542.44" | "1542.34" | "1542.24" | "1542.14" | "1542.04" | "1541.94" | "1541.84" | "1541.75" | "1541.65" | "1541.55" | "1541.45" | "1541.35" | "1541.25" | "1541.15" | "1541.05" | "1540.95" | "1540.85" | "1540.76" | "1540.66" | "1540.56" | "1540.46" | "1540.36" | "1540.26" | "1540.16" | "1540.06" | "1539.96" | "1539.86" | "1539.77" | "1539.67" | "1539.57" | "1539.47" | "1539.37" | "1539.27" | "1539.17" | "1539.07" | "1538.98" | "1538.88" | "1538.78" | "1538.68" | "1538.58" | "1538.48" | "1538.38" | "1538.28" | "1538.19" | "1538.09" | "1537.99" | "1537.89" | "1537.79" | "1537.69" | "1537.59" | "1537.50" | "1537.40" | "1537.30" | "1537.20" | "1537.10" | "1537.00" | "1536.90" | "1536.81" | "1536.71" | "1536.61" | "1536.51" | "1536.41" | "1536.31" | "1536.22" | "1536.12" | "1536.02" | "1535.92" | "1535.82" | "1535.72" | "1535.63" | "1535.53" | "1535.43" | "1535.33" | "1535.23" | "1535.13" | "1535.04" | "1534.94" | "1534.84" | "1534.74" | "1534.64" | "1534.54" | "1534.45" | "1534.35" | "1534.25" | "1534.15" | "1534.05" | "1533.96" | "1533.86" | "1533.76" | "1533.66" | "1533.56" | "1533.47" | "1533.37" | "1533.27" | "1533.17" | "1533.07" | "1532.98" | "1532.88" | "1532.78" | "1532.68" | "1532.58" | "1532.49" | "1532.39" | "1532.29" | "1532.19" | "1532.09" | "1532.00" | "1531.90" | "1531.80" | "1531.70" | "1531.60" | "1531.51" | "1531.41" | "1531.31" | "1531.21" | "1531.12" | "1531.02" | "1530.92" | "1530.82" | "1530.72" | "1530.63" | "1530.53" | "1530.43" | "1530.33" | "1530.24" | "1530.14" | "1530.04" | "1529.94" | "1529.85" | "1529.75" | "1529.65" | "1529.55" | "1529.46" | "1529.36" | "1529.26" | "1529.16" | "1529.07" | "1528.97" | "1528.87" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25") ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ) ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP server mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec")) /* DHCPV6 client requested option configuration */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-propagation" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ) end rule(:ipr_profile_object) do arg.as(:arg) ( c( "timeout" arg /* IP-reassembly timeout value */, "max-reassembly-pending-packets" arg /* IP-reassembly pending packets */ ) ) end rule(:ipr_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input") ) ) ) end rule(:ipsec_services_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("timer" | "routing-socket" | "parse" | "ike" | "policy-manager" | "general" | "database" | "certificates" | "snmp" | "ams" | "lic" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:ipsec_vpn_rule_object) do arg.as(:arg) ( c( "term" arg ( /* Define an IPSec term */ c( "from" ( /* Define match criteria */ ipsec_vpn_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "syslog" /* System log information about the packet */, "remote-gateway" ( /* Remote gateway address */ ipaddr /* Remote gateway address */ ), "backup-remote-gateway" ( /* Backup remote gateway address */ ipaddr /* Backup remote gateway address */ ), c( "manual" ( /* Define a manual security association */ c( "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ), "dynamic" ( /* Define a dynamic security association */ c( "ike-policy" arg /* Name of the IKE policy */, "ipsec-policy" arg /* Name of the IPSec policy */ ) ) ), "clear-dont-fragment-bit" /* Clear the do not fragment bit */, "copy-dont-fragment-bit" /* Copy the do not fragment bit */, "set-dont-fragment-bit" /* Set the do not fragment bit */, "no-anti-replay" /* Disable the anti-replay check */, "tunnel-mtu" arg /* Maximum transmit packet size */, "copy-ttl-from-inner-ip-header" /* Copy the inner ip ttl value to outer ip header */, "ttl" arg /* TTL value to be used for outer IP header */, "copy-tos-from-inner-ip-header" /* Copy the inner ip tos value to outer ip header */, "tos" arg /* ToS value to be used for outer IP header */, "initiate-dead-peer-detection" /* Initiate dead peer detection */, "dead-peer-detection" ( /* Dead peer detection options */ c( "interval" arg /* Interval at which the DPD messages should be sent */, "threshold" arg /* Maximum number of DPD messages */ ) ), "anti-replay-window-size" arg /* Size of the anti-replay window */ ) ) ) ), "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output") ) ) ) end rule(:ipsec_vpn_match_object) do c( "source-address" ( /* Match IP source address */ ipsec_vpn_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ ipsec_vpn_addr_object /* Match IP destination address */ ), "ipsec-inside-interface" ( /* IPSec interface to internal network */ interface_unit /* IPSec interface to internal network */ ) ) end rule(:ipsec_vpn_addr_object) do arg.as(:arg).as(:oneline) end rule(:jsrc_options) do c( "partition" arg ( /* JSRC partition definition */ c( "diameter-instance" arg /* JSRC diameter instance */, "destination-realm" arg /* JSRC destination realm */, "destination-host" arg /* JSRC destination host */ ) ) ) end rule(:juniper_access_options) do c( "radius-server" ( /* RADIUS server configuration */ access_radius_server_object /* RADIUS server configuration */ ), "radius-disconnect-port" arg /* Server port on which to access disconnect requests from RADIUS client */, "radius-disconnect" ( /* RADIUS-initiated disconnect configuration for dynamic termination of user sessions by external entity */ radius_disconnect_object /* RADIUS-initiated disconnect configuration for dynamic termination of user sessions by external entity */ ), "domain-name-server" arg /* Default DNS server's IPv4 address */, "domain-name-server-inet" arg /* DNS server's IPv4 address */, "domain-name-server-inet6" arg /* DNS server's IPv6 address */, "address-pool" ( /* Address pool */ address_pool_object /* Address pool */ ), "group-profile" ( /* Group profile to use for this client */ group_profile_object /* Group profile to use for this client */ ), "profile" arg ( /* Set of attributes that define access */ c( "accounting-order" ( /* Order in which accounting mechanisms are used */ ("radius") ), "authentication-order" ( /* Order in which authentication mechanisms are used */ ("radius" | "password" | "none" | "nasreq" | "ldap" | "securid") ), "authorization-order" ( /* Order in which authorization mechanisms are used */ ("jsrc" | "nasreq" | "none") ), "provisioning-order" ( /* Order in which provisioning mechanisms are used */ ("jsrc" | "gx-plus" | "pcrf") ), "preauthentication-order" ( /* Order in which preauthentication mechanisms are used */ ("radius") ), "charging-service-list" ( /* List of used 3gpp charging servicess */ ("ocs") ), "domain-name-server" arg /* Default DNS server's IPv4 address */, "domain-name-server-inet" arg /* DNS server's IPv4 address */, "domain-name-server-inet6" arg /* DNS server's IPv6 address */, "client" ( /* Entity requesting access */ access_client_object /* Entity requesting access */ ), "address-assignment" ( /* Address assignment pool */ c( "pool" arg /* Name of address-assignment pool */ ) ), "local" ( /* Set configuration for local reporting */ c( "flat-file-profile" arg /* Specifies that the service accounting will be reported as per flat-file profile */ ) ), "radius" ( /* Set of RADIUS configurations */ c( "authentication-server" ( /* The authentication server list to use in the specified order to send authentication messages */ ipaddr /* The authentication server list to use in the specified order to send authentication messages */ ), "accounting-server" ( /* The accounting server list to use in the specified order to send accounting messages */ ipaddr /* The accounting server list to use in the specified order to send accounting messages */ ), "preauthentication-server" ( /* The preauthentication server list to use in the specified order to send preauthentication messages */ ipv4addr /* The preauthentication server list to use in the specified order to send preauthentication messages */ ), "options" ( /* Specifies the RADIUS options */ c( "ethernet-port-type-virtual" /* Type of physical port to authenticate the user is virtual (RADIUS attribute 61) */, "interface-description-format" ( /* Interface description in the NAS-port-ID attribute */ c( "exclude-sub-interface" /* Exclude sub-interface from interface description */, "exclude-adapter" /* Exclude adapter from interface description */ ) ), "nas-identifier" arg /* NAS-Identifier to be used for authentication and accounting requests (RADIUS attribute 32) */, "nas-port-extended-format" ( /* RADIUS client's use of an extended format for RADIUS attribute 5 */ c( "ae-width" arg /* Number of bits for the aggregated ethernet identifier field */, "slot-width" arg /* Number of bits for the slot field */, "adapter-width" arg /* Number of bits for the adapter field */, "port-width" arg /* Number of bits for the port field */, "pw-width" arg /* Number of bits for the pseudo-wire field */, "stacked-vlan-width" arg /* Number of bits for the S-VLAN subinterface field */, "vlan-width" arg /* Number of bits for the VLAN subinterface field */, "atm" ( /* ATM specific parameters for NAS Port */ c( "slot-width" arg /* Number of bits for the ATM slot field */, "adapter-width" arg /* Number of bits for the ATM adapter field */, "port-width" arg /* Number of bits for the ATM port field */, "vpi-width" arg /* Number of bits for the ATM VPI field */, "vci-width" arg /* Number of bits for the ATM VCI field */ ) ) ) ), "nas-port-id-delimiter" arg /* Single character delimiter character to use in the NAS-Port-Id */, "nas-port-id-format" ( /* Format methods for building the NAS-Port-Id radius attribute */ c( "nas-identifier" /* Include the nas-identifier value */, "interface-description" /* Include the interface-description value */, "agent-circuit-id" /* Include (ACI) agent-circuit-id value */, "agent-remote-id" /* Include (ARI) agent-remote-id value */, "postpend-vlan-tags" /* Include the vlan tag(s) using :- */, "interface-text-description" /* Include the interfaces description string */, "order" ( /* Order of options for appearance in the NAS-Port-Id string */ ("nas-identifier" | "agent-circuit-id" | "agent-remote-id" | "interface-description" | "interface-text-description" | "postpend-vlan-tags") ) ) ), "nas-port-type" ( /* Translation mechanism for changing the NAS-Port-Type radius attribute */ c( "ethernet" ( /* Translation mechanism for changing the Ethernet value */ ("async" | "sync" | "isdn-sync" | "isdn-v120" | "isdn-v110" | "virtual" | "piafs" | "hdlc-clear-channel" | "x25" | "x75" | "g3-fax" | "sdsl" | "adsl-cap" | "adsl-dmt" | "idsl" | "ethernet" | "xdsl" | "cable" | "wireless" | "wireless-ieee80211" | "token-ring" | "fddi" | "wireless-cdma2000" | "wireless-umts" | "wireless-1x-ev" | "iapp" | arg) ) ) ), "calling-station-id-delimiter" arg /* Single character separator for calling-station-id */, "calling-station-id-format" ( /* Format method for building the calling-station-id */ c( "nas-identifier" /* Include the nas-identifier value */, "interface-description" /* Include the interface-description value */, "agent-circuit-id" /* Include agent-circuit-id value */, "agent-remote-id" /* Include agent-remote-id value */, "interface-text-description" /* Include the interfaces description string */, "stacked-vlan" /* Include the stacked vlan tag value */, "vlan" /* Include the vlan tag value */ ) ), "remote-circuit-id-delimiter" arg /* Single delimiter character to use in the remote-circuit-id */, "remote-circuit-id-format" ( /* Format method for building the remote-circuit-id attribute */ c( "agent-circuit-id" /* Include agent-circuit-id (ACI) value */, "agent-remote-id" /* Include agent-remote-id (ARI) value */ ) ), "remote-circuit-id-fallback" ( /* Configure the fallback for remote-circuit-id attribute */ ("default" | "configured-calling-station-id") ), "override" ( /* Configure RADIUS to override the standard use of an attribute */ sc( "calling-station-id" ( /* Configure RADIUS value for calling-station-id attribute */ sc( "remote-circuit-id" /* Configure RADIUS to use remote-circuit-id */ ) ).as(:oneline) ) ).as(:oneline), "accounting-session-id-format" ( /* Decimal format or description format for the accounting session ID */ ("decimal" | "description") ), "revert-interval" arg /* Time after which to revert to primary server */, "vlan-nas-port-stacked-format" /* Include the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces */, "client-authentication-algorithm" ( /* Algorithm to access the RADIUS servers for authentication */ ("direct" | "round-robin") ), "client-accounting-algorithm" ( /* Algorithm to access the RADIUS servers for accounting */ ("direct" | "round-robin") ), "juniper-dsl-attributes" /* Include the Juniper (IANA 4874) DSL VSAs in requests to RADIUS servers */, "ip-address-change-notify" ( /* Include IPv4-Release-Control VSA (26-164) in requests to RADIUS server */ sc( "message" arg /* Message to be added in IPv4-Release-Control VSA (26-164) */ ) ).as(:oneline), "coa-dynamic-variable-validation" /* Enable strict dynamic variable validation (no undefined variable) in CoA processing */, "chap-challenge-in-request-authenticator" /* Use 16-byte CHAP challenge as Request Authenticator */, "service-activation" ( /* Service activation requirement for successful login */ c( "extensible-service" ( /* Service activation of extensible services requirement for successful login */ ("required-at-login" | "optional-at-login") ), "dynamic-profile" ( /* Service activation of dynamic-profile services requirement for successful login */ ("required-at-login" | "optional-at-login") ) ) ), "accounting-username-original" /* Use orignal (un-modified) username in accounting messages */ ) ), "attributes" ( /* Specifies how RADIUS attributes should be handled */ c( "ignore" ( /* Ignores the specified attribute in RADIUS Access-Accept messages */ c( "output-filter" /* Output-filter/egress-Policy-Name (VSA 26-11) */, "input-filter" /* Input-filter/ingress-Policy-Name (VSA 26-10) */, "framed-ip-netmask" /* Framed-ip-netmask/framed-Ip-Netmask (attribute 9) */, "logical-system-routing-instance" /* Logical-system-routing-instance/virtual-Router (VSA 26-1) */, "dynamic-iflset-name" /* Interface-set/Dynamic-Iflset-name (VSA 26-130) */ ) ), "exclude" ( /* Configures the exclusion of RADIUS attributes in RADIUS messages */ c( "accounting-authentic" ( /* Excludes RADIUS attribute 45, Acct-Authentic */ ("accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "accounting-delay-time" ( /* Excludes RADIUS attribute 41, Acct-Delay-Time */ ("accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "accounting-session-id" ( /* Excludes RADIUS attribute 44, Acct-Session-ID */ ("access-request") ), "accounting-terminate-cause" ( /* Excludes RADIUS attribute 49, Acct-Terminate-Cause */ ("accounting-off") ), "called-station-id" ( /* Excludes RADIUS attribute 30, Called-Station-ID */ ("access-request" | "accounting-start" | "accounting-stop") ), "calling-station-id" ( /* Excludes RADIUS attribute 31, Calling-Station-ID */ ("access-request" | "accounting-start" | "accounting-stop") ), "class" ( /* Excludes RADIUS attribute 25, Class */ ("accounting-start" | "accounting-stop") ), "delegated-ipv6-prefix" ( /* Excludes RADIUS attribute 123, Delegated-IPv6-Prefix */ ("accounting-start" | "accounting-stop") ), "dhcp-options" ( /* Excludes RADIUS attribute 26-55, DHCP-Options */ ("access-request" | "accounting-start" | "accounting-stop") ), "dhcp-gi-address" ( /* Excludes RADIUS attribute 26-57, DHCP-GI-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "dhcp-mac-address" ( /* Excludes RADIUS attribute 26-56, DHCP-MAC-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "output-filter" ( /* Excludes RADIUS attribute 26-11, Egress-Policy-Name */ ("accounting-start" | "accounting-stop") ), "event-time-stamp" ( /* Excludes RADIUS attribute 55, Event-Timestamp */ ("accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "filter-id" ( /* Excludes RADIUS attribute 11, Filter-Id */ ("accounting-start" | "accounting-stop") ), "framed-ip-address" ( /* Excludes RADIUS attribute 8, Framed-IP-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "framed-ip-netmask" ( /* Excludes RADIUS attribute 9, Framed-IP-Netmask */ ("access-request" | "accounting-start" | "accounting-stop") ), "framed-ip-route" ( /* Excludes RADIUS attribute 22, Framed-Route */ ("accounting-start" | "accounting-stop") ), "framed-ipv6-pool" ( /* Excludes RADIUS attribute 100, Framed-IPv6-Pool */ ("accounting-start" | "accounting-stop") ), "framed-ipv6-prefix" ( /* Excludes RADIUS attribute 97, Framed-IPv6-Prefix */ ("accounting-start" | "accounting-stop") ), "framed-ipv6-route" ( /* Excludes RADIUS attribute 99, Framed-IPv6-Route */ ("accounting-start" | "accounting-stop") ), "framed-pool" ( /* Excludes RADIUS attribute 88, Framed-Pool */ ("accounting-start" | "accounting-stop") ), "input-filter" ( /* Excludes RADIUS attribute 26-10, Ingress-Policy-Name */ ("accounting-start" | "accounting-stop") ), "input-gigapackets" ( /* Excludes Juniper (IANA 4874) VSA 26-42, Acct-Input-Gigapackets */ ("accounting-stop") ), "input-gigawords" ( /* Excludes RADIUS attribute 52, Acct-Input-Gigawords */ ("accounting-stop") ), "input-ipv6-packets" ( /* Excludes Juniper (IANA 4874) VSA 26-153, Acct-Input-IPv6-Packets */ ("accounting-stop") ), "input-ipv6-gigawords" ( /* Excludes Juniper (IANA 4874) VSA 26-155, Acct-Input-IPv6-Gigawords */ ("accounting-stop") ), "input-ipv6-octets" ( /* Excludes Juniper (IANA 4874) VSA 26-151, Acct-Input-IPv6-Octets */ ("accounting-stop") ), "interface-description" ( /* Excludes RADIUS attribute 26-63, Interface-Desc */ ("access-request" | "accounting-start" | "accounting-stop") ), "nas-identifier" ( /* Excludes RADIUS attribute 32, NAS-identifier */ ("access-request" | "accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "nas-port" ( /* Excludes RADIUS attribute 5, NAS-Port */ ("access-request" | "accounting-start" | "accounting-stop") ), "nas-port-id" ( /* Excludes RADIUS attribute 87, NAS-Port-ID */ ("access-request" | "accounting-start" | "accounting-stop") ), "nas-port-type" ( /* Excludes RADIUS attribute 61, NAS-Port-Type */ ("access-request" | "accounting-start" | "accounting-stop") ), "output-gigapackets" ( /* Excludes Juniper (IANA 4874) VSA 26-43, Acct-Output-Gigapackets */ ("accounting-stop") ), "output-gigawords" ( /* Excludes RADIUS attribute 53, Acct-Output-Gigawords */ ("accounting-stop") ), "output-ipv6-packets" ( /* Excludes Juniper (IANA 4874) VSA 26-154, Acct-Output-IPv6-Packets */ ("accounting-stop") ), "output-ipv6-gigawords" ( /* Excludes Juniper (IANA 4874) VSA 26-156, Acct-Output-IPv6-Gigawords */ ("accounting-stop") ), "output-ipv6-octets" ( /* Excludes Juniper (IANA 4874) VSA 26-152, Acct-Output-IPv6-Octets */ ("accounting-stop") ), "dynamic-iflset-name" ( /* Excludes RADIUS attribute 26-130, Dynamic-Iflset-Name */ ("accounting-start" | "accounting-stop") ), "dsl-forum-attributes" ( /* Excludes DSL Forum RADIUS attributes (RFC 4679) */ ("access-request" | "accounting-start" | "accounting-stop") ), "l2c-upstream-data" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-92, L2C-Upstream-Data */ ("access-request" | "accounting-start" | "accounting-stop") ), "l2c-downstream-data" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-93, L2C-Downstream-Data */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-loop-cir-id" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-110, Acc-Loop-Cir-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-aggr-cir-id-bin" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-111, Acc-Aggr-Cir-Id-Bin */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-aggr-cir-id-asc" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-112, Acc-Aggr-Cir-Id-Asc */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-113, Act-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-114, Act-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-115, Min-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-116, Min-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "att-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-117, Att-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "att-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-118, Att-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-119, Max-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-120, Max-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-lp-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-121, Min-Lp-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-lp-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-122, Min-Lp-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-interlv-delay-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-123, Max-Interlv-Delay-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-interlv-delay-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-124, Act-Interlv-Delay-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-interlv-delay-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-125, Max-Interlv-Delay-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-interlv-delay-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-126, Act-Interlv-Delay-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "dsl-line-state" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-127, DSL-Line-State */ ("access-request" | "accounting-start" | "accounting-stop") ), "dsl-type" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-128, DSL-Type */ ("access-request" | "accounting-start" | "accounting-stop") ), "downstream-calculated-qos-rate" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-141, Downstream-Calculated-QoS-Rate */ ("access-request" | "accounting-start" | "accounting-stop") ), "upstream-calculated-qos-rate" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-142, Upstream-Calculated-QoS-Rate */ ("access-request" | "accounting-start" | "accounting-stop") ), "cos-shaping-rate" ( /* Excludes Juniper (IANA 4874) VSA 26-177, Cos-Shaping-Rate */ ("accounting-start" | "accounting-stop") ), "framed-interface-id" ( /* Excludes RADIUS attribute 96, Framed-Interface-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "chargeable-user-identity" ( /* Excludes RADIUS attribute 89, Chargeable-User-Identity */ ("access-request") ), "l2tp-tx-connect-speed" ( /* Excludes Juniper (IANA 4874) VSA 26-162, , L2TP-Tx-Connect-Speed */ ("access-request" | "accounting-start" | "accounting-stop") ), "l2tp-rx-connect-speed" ( /* Excludes Juniper (IANA 4874) VSA 26-163, , L2TP-Rx-Connect-Speed */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-type" ( /* Excludes RADIUS attribute 64, Tunnel-Type */ ("accounting-start" | "accounting-stop") ), "tunnel-medium-type" ( /* Excludes RADIUS attribute 65, Tunnel-Medium-Type */ ("accounting-start" | "accounting-stop") ), "tunnel-client-endpoint" ( /* Excludes RADIUS attribute 66, Tunnel-Client-Endpoint */ ("accounting-start" | "accounting-stop") ), "tunnel-server-endpoint" ( /* Excludes RADIUS attribute 67, Tunnel-Server-Endpoint */ ("accounting-start" | "accounting-stop") ), "tunnel-assignment-id" ( /* Excludes RADIUS attribute 82, Tunnel-Assignment-Id */ ("accounting-start" | "accounting-stop") ), "tunnel-client-auth-id" ( /* Excludes RADIUS attribute 90, Tunnel-Client-Auth-Id */ ("accounting-start" | "accounting-stop") ), "tunnel-server-auth-id" ( /* Excludes RADIUS attribute 91, Tunnel-Server-Auth-Id */ ("accounting-start" | "accounting-stop") ), "acct-tunnel-connection" ( /* Excludes RADIUS attribute 68, Acct-Tunnel-Connection */ ("accounting-start" | "accounting-stop") ), "acc-loop-remote-id" ( /* Excludes Juniper (IANA 4874) VSA 26-XXX, ERX-Acc-Loop-Remote-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-loop-encap" ( /* Excludes Juniper (IANA 4874) VSA 26-182, ERX-Acc-Loop-Encap */ ("access-request" | "accounting-start" | "accounting-stop") ), "pppoe-description" ( /* Excludes RADIUS attribute 26-24, PPPOE-Description */ ("access-request" | "accounting-start" | "accounting-stop") ), "virtual-router" ( /* Excludes Juniper (IANA 4874) VSA 26-1, Virtual-Router */ ("access-request" | "accounting-start" | "accounting-stop") ), "first-relay-ipv4-address" ( /* Excludes RADIUS attribute 26-189, DHCP-First-Relay-IPv4-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "first-relay-ipv6-address" ( /* Excludes RADIUS attribute 26-190, DHCP-First-Relay-IPv6-Address */ ("access-request" | "accounting-start" | "accounting-stop") ) ) ) ) ) ) ), "session-options" ( /* Options for an authenticated client's session */ c( "client-group" arg /* One or more groups to which client belongs */, "client-idle-timeout" arg /* Time in minutes of idleness after which access is denied */, "client-idle-timeout-ingress-only" /* Idle timeout applies to ingress traffic only */, "client-session-timeout" arg /* Time in minutes since initial access after which access is denied */, "strip-user-name" ( /* Options for stripping user name string */ c( "delimiter" ( /* Allowable delimiter characters for strip user name separation */ sc( arg ) ).as(:oneline), "parse-direction" ( /* Strip user name parsing direction */ sc( c( "right-to-left" /* Parse the username from right to left */, "left-to-right" /* Parse the username field from left to right */ ) ) ).as(:oneline) ) ) ) ), "client-name-filter" ( /* Restrictions on client names */ access_client_name_filter_object /* Restrictions on client names */ ), "ldap-options" ( /* Lightweight Directory Access Protocol options */ access_ldap_options /* Lightweight Directory Access Protocol options */ ), "ldap-server" ( /* Lightweight Directory Access Protocol server */ ldap_server_object /* Lightweight Directory Access Protocol server */ ), "radius-server" ( /* RADIUS server configuration */ profile_radius_server_object /* RADIUS server configuration */ ), "radius-options" ( /* RADIUS options */ access_radius_options /* RADIUS options */ ), "accounting" ( /* Specifies the accounting options */ c( "order" ( /* Order in which accounting mechanisms are used */ ("radius") ), "accounting-stop-on-failure" /* Send an Acct-Stop message if a user fails authentication, but AAA-server grants access */, "accounting-stop-on-access-deny" /* Send an Acct-Stop message if AAA-server denies access */, "immediate-update" /* Send an Acct-Update message on receipt of a Acct-response for the Acct-Start message */, "coa-immediate-update" /* Send an Acct-Update message on completion of processing a change of authorization */, "address-change-immediate-update" /* Send an Acct-Update message to notify address change */, "update-interval" arg /* The interval in min btw accounting updates(Interim-stats off,if unspecified) */, "statistics" ( /* Reports set of statistics attributes based on reporting type */ ("volume-time" | "time") ), "wait-for-acct-on-ack" /* Wait for ACCT-ON-ACK */, "send-acct-status-on-config-change" /* Send ACCT-ON/OFF on config change */, "duplication" /* Send duplicated accounting reports if applied */, "duplication-filter" ( /* Configure duplication filters */ ("interim-original" | "interim-duplicated" | "exclude-attributes") ), "duplication-vrf" ( /* Duplication vrf configurations */ c( "vrf-name" arg /* VRF name */, "access-profile-name" arg /* Access profile name */ ) ), "duplication-attribute-format" ( /* Use attribute format defined under duplication accouting access-profile */ ("username") ) ) ), "service" ( /* Subscriber service configurations */ c( "accounting-order" ( /* Order in which accounting mechanism service is used */ ("activation-protocol" | "radius" | "local") ), "accounting" ( /* Specifies the service accounting options */ c( "update-interval" arg /* The interval in minutes between accounting updates(Interim-stats off, if not specified) */, "statistics" ( /* Reports set of statistics attributes based on reporting type */ ("time" | "volume-time") ) ) ) ) ), "jsrc" ( /* Set of JSRC configurations */ c( "attributes" ( /* Specifies how JSRC attributes should be handled */ c( "exclude" ( /* Configures the exclusion of JSRC attributes in DIAMETER messages */ c( "user-name" ( /* Excludes Diameter attribute 1, User-Name */ ("authorization-request" | "provisioning-request") ) ) ) ) ) ) ) ) ), "address-assignment" ( /* Address assignment configuration */ address_assignment_type /* Address assignment configuration */ ), "address-protection" /* Initiate Duplicate Address Protection */, "address-preservation" ( /* Enable address preservation */ c( "address-types" ( ("delegated-prefix") ), "aging-time" arg /* Time to hold address reservation */ ) ), "tunnel-profile" arg ( /* Set of attributes that define tunnel access */ c( "tunnel" arg ( /* Tunnel id 1 to 31 */ c( "preference" arg /* Preference value */, "remote-gateway" ( /* Tunnel remote gateway */ c( "address" ( /* IP address */ ipv4addr /* IP address */ ), "gateway-name" arg /* Gateway name */ ) ), "source-gateway" ( /* Tunnel source gateway */ c( "address" ( /* IP address */ ipv4addr /* IP address */ ), "gateway-name" arg /* Tunnel source name */ ) ), c( "routing-instance" arg /* Routing instance to be used for tunneled subscriber */, "logical-system" arg ( /* Logical system to be used for tunneled subscriber */ c( "routing-instance" arg /* Routing instance to be used for tunneled subscriber */ ) ) ), "secret" arg /* Tunnel password sent to remote gateway */, "medium" ( /* Tunnel medium */ ("ipv4") ), "tunnel-type" ( /* Tunnel type */ ("l2tp") ), "identification" arg /* Tunnel assignment identification */, "max-sessions" arg /* Maximum number of sessions per tunnel */, "nas-port-method" ( /* Tunnel network access server port method */ ("cisco-avp") ) ) ) ) ), "tunnel-switch-profile" arg ( /* Tunnel switch profile name */ c( "avp" ( /* L2TP AVPs action configuration */ c( "calling-number" ( /* Action for L2TP AVP calling number */ ("regenerate" | "relay" | "drop") ), "bearer-type" ( /* Action for L2TP AVP bearer type */ ("regenerate" | "relay" | "drop") ), "cisco-nas-port-info" ( /* Action for L2TP AVP Cisco NAS port information */ ("regenerate" | "relay" | "drop") ) ) ), "tunnel-profile" arg /* Tunnel profile name */ ) ), "domain" ( /* Domain map configuration */ domain_map_type /* Domain map configuration */ ), "ppp-options" ( /* Point-to-Point Protocol (PPP) specific options */ c( "compliance" ( /* Standards compliance definition */ c( "rfc" ( /* Enforce compliance with RFC standards */ ("2486") ) ) ) ) ), "gx-plus" ( /* GX-PLUS configuration */ gx_plus_definition /* GX-PLUS configuration */ ), "pcrf" ( /* PCRF configuration */ pcrf_definition /* PCRF configuration */ ), "ocs" ( /* OCS configuration */ ocs_definition /* OCS configuration */ ), "report-interface-descriptions" /* Support reporting of interface descriptions */, "nasreq" ( /* Nasreq configuration */ nasreq_definition /* Nasreq configuration */ ), "protocol-attributes" ( /* Protocol specific attribute configuration */ protocol_attribute_type /* Protocol specific attribute configuration */ ), "aaa-options" arg ( /* AAA option configurations */ c( "access-profile" arg /* Access profile name */, "aaa-context" arg /* AAA context */, "subscriber-context" arg /* Subscriber context */ ) ), "radius-options" ( /* RADIUS options */ access_radius_options /* RADIUS options */ ), "ldap-options" ( /* Lightweight Directory Access Protocol options */ access_ldap_options /* Lightweight Directory Access Protocol options */ ), "ldap-server" ( /* Lightweight Directory Access Protocol server options */ ldap_server_object /* Lightweight Directory Access Protocol server options */ ), "securid-server" ( /* SecurID server configuration */ securid_server_object /* SecurID server configuration */ ), "accounting-backup-options" ( /* Pending accounting backup-options */ c( "max-pending-accounting-stops" arg /* Max pending accouting stops */, "max-withhold-time" arg /* Maximum time in mins to hold the pending accounting stops */ ) ), "terminate-code" ( /* Terminate code mapping configuration */ c( "aaa" ( /* AAA terminate-code mapping configuration */ c( "deny" ( /* Terminate-code specification */ c( "authentication-denied" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "server-request-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "service-shutdown" ( /* Terminate-code specification */ c( "network-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "remote-reset" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "subscriber-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "time-limit" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "volume-limit" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "shutdown" ( /* Terminate-code specification */ c( "administrative-reset" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "idle-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "remote-reset" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "dhcp" ( /* DHCP terminate-code mapping configuration */ c( "client-request" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lost-carrier" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "nas-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-offers" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "l2tp" ( /* L2TP terminate-code mapping configuration */ c( "issu" ( /* Terminate-code specification */ c( "in-progress" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "session" ( /* Terminate-code specification */ c( "access-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "administrative-drain" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "call-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "call-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "create-failed" ( /* Terminate-code specification */ c( "icrq-to-initiator-tunnel" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "invalid-config" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "limit-reached" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "single-shot-tunnel-already-fired" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "too-busy" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "failover-protocol-resync-disconnect" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "hardware-unavailable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-server-port" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "not-ready" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-cdn" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-result-code" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-iccn" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-proxy-authen-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-unsupported-proxy-authen-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-connect-speed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-icrp" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-icrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-cisco-nas-port" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-call-serial-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-occn" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-connect-speed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-ocrp" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-ocrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-bearer-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-call-serial-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-called-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-maximum-bps" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-minimum-bps" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unsupported" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-sli" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unexpected-packet" ( /* Terminate-code specification */ c( "lac-incoming" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lac-outgoing" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lns-incoming" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lns-outgoing" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unknown-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-wen" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-call-errors" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "timeout-connection" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-inactivity" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-session" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-upper-create" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "transmit-speed-unavailable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-switch-profile-deleted" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunneled-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unknown-cause" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "upper-create-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "upper-removed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-not-operational" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-recovery-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-uppper-not-restacked" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "session-rx-icrq-issu-in-progress" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-rx-ocrq-issu-in-progress" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "administrative-drain" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "control-channel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "created-no-sessions" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "destination-address-changed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "destination-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failover-protocol" ( /* Terminate-code specification */ c( "no-resources-for-recovery-tunnel" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-for-session-resync" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "not-supported" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "not-supported-by-peer" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-control-channel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-tunnel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-tunnel-finished" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-tunnel-primary-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-resync-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "host-profile-changed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "host-profile-deleted" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-fsq" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-failover-session-state" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-fsr" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-failover-session-state" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-scccn" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-scccp" ( /* Terminate-code specification */ c( "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-scccp-avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-recovery-scccp-avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-recovery-sccrp" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-suggested-control-sequence" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-vendor-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-sccrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-tunnel" ( /* Terminate-code specification */ c( "recovery" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-tie-breaker" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-vendor-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-tunnel" ( /* Terminate-code specification */ c( "recovery" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-tie-breaker" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-max-tunnels" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-stopccn" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-result-code" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-unexpected-packet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-recovery-unknown-packet" ( /* Terminate-code specification */ c( "message-type-indecipherable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "message-type-unrecognized" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-scccn" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-sccrp" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-failover-capability" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-sccrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-failover-capability" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "bad-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "invalid-ns" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-max-tunnels" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-session-packet" ( /* Terminate-code specification */ c( "null-session-id-invalid" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "null-session-id-without-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-stopccn" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-result-code" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unexpected-packet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline), "for-session" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unknown-packet" ( /* Terminate-code specification */ c( "message-type-indecipherable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "message-type-unrecognized" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "timeout-connection" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-connection-recovery-tunnel" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-idle" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unknown-cause" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-not-operational" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-recovery-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "ppp" ( /* PPP terminate-code mapping configuration */ c( "admin-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-reconnect-request" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate" ( /* Terminate-code specification */ c( "authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "challenge-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "chap-no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "chap-peer-authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "chap-peer-challenge-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "deny-by-peer" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "eap-challenge-larger-than-mtu" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "eap-peer-authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "eap-request-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inactivity-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-requests" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-authenticator" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "pap-peer-authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "pap-request-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "too-many-requests" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-fail-immediate" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-unsupported-tunnel-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "bridging" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-bridging" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inhibited-by-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-sevice-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ieee802-tagged-frame-format" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-mac-frame-format" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ieee802-tagged-frame-format" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-mac-fram-fromat" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "bundle" ( /* Terminate-code specification */ c( "fail-activation" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-create" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-engine-add" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-fragment-size-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-fragmentation-location" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-fragmentation-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-hash-link-selection-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-join" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-local-mped-not-set-yet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-local-mrru-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-local-mru-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-peer-endpoint-discriminator-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-peer-mrru-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-profile-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-reassembly-location" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-reassembly-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-record-network" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-server-location-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-static-link" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-unrecoverable-ifl" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "dynamic-profile-instantiation-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failover-during-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "interface-admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "interface-no-hardware" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "ip" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-inet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-services" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-add-access-internal-route" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inhibited-by-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ip-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ip-address-mask" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-primary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-primary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-secondary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-secondary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ip-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ip-address-mask" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-primary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-primary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-secondary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-secondary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "ipv6" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-inet6" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-services" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inhibited-by-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "local-and-peer-interface-ids-identical" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ipv6-interface-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ipv6-interface-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "l2tp-session" ( /* Terminate-code specification */ c( "apply-link-attribute-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "lcp" ( /* Terminate-code specification */ c( "authenticate-terminate-hold" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-mrru-too-small" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-mru-invalid" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-mru-too-small" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "dynamic-interface-hold" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-services" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "keepalive-failure" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "loopback-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "loopback-rx-echo-reply" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "loopback-rx-echo-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "mru-changed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "negotiation-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-acfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-endpoint-discriminator" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-magic-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-mrru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-mru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-pfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-acfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-endpoint-discriminator" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-magic-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-mrru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-mru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-pfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-protocol-reject" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-disconnected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "license-limit-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-interface-no-hardware" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lower-interface-attach-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lower-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lower-interface-teardown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "mpls" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-mpls" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "network-interface-admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-bundle" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-link-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-ncps-available" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-network-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-upper-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "osi" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-osi" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-align-npdu" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-align-npdu" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "recovery" ( /* Terminate-code specification */ c( "active-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "init-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminated-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminating-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "session-init-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "subscriber-mgr" ( /* Terminate-code specification */ c( "activation-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "get-credentials-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-interface-not-found" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "set-state-active-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "vlan" ( /* VLAN terminate-code mapping configuration */ c( "admin-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-reconnect" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "other" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "out-of-band" ( /* Terminate-code specification */ c( "access-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-access-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-core-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "ancp" ( /* Terminate-code specification */ c( "port-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "port-vlan-id-change" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "core-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "l2-wholesale" ( /* Terminate-code specification */ c( "no-free-vlans" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "profile-request-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "sdb-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "subscriber-activate-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "radius" ( /* RADIUS server and network-element configuration */ juniper_radius /* RADIUS server and network-element configuration */ ), "diameter" ( /* Diameter server and network-element configuration */ juniper_mobile_diameter /* Diameter server and network-element configuration */ ) ) end rule(:access_client_name_filter_object) do c( "domain-name" arg /* Domain name to match (must be part of username) */, "separator" arg /* Separator character in domain name */, "count" arg /* Number of separator instances */ ) end rule(:access_client_object) do arg.as(:arg) ( c( "no-rfc2486" /* RFC2486 compliance is not enforced */, "chap-secret" ( /* CHAP secret */ unreadable /* CHAP secret */ ), "pap-password" ( /* PAP password */ unreadable /* PAP password */ ), c( "ppp" ( /* Configuration for Point-to-Point Protocol */ c( "framed-pool" arg /* Address pool used to assign an address for the user */, "idle-timeout" arg /* Idle timeout before termination of session */, "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ c( "pap" /* Password Authentication Protocol */, "chap" /* Challenge Handshake Authentication Protocol */ ) ), "keepalive" arg /* PPP keepalive interval */, "primary-dns" arg /* Primary DNS server name */, "secondary-dns" arg /* Secondary DNS server name */, "primary-wins" arg /* Primary wins server name */, "secondary-wins" arg /* Secondary wins server name */, "encapsulation-overhead" arg /* Encapsulation overhead for Class of Service calculation */, "cell-overhead" /* ATM cell overhead for Class of Service calculation */, "interface-id" arg /* Interface identifier to look up session information */, "framed-ip-address" ( /* Address to be configured for the user */ ipv4prefix /* Address to be configured for the user */ ), "keepalive-retries" arg /* PPP keepalive retries */ ) ), "l2tp" ( /* Configuration for Layer 2 Tunneling Protocol */ c( "maximum-sessions" arg /* Maximum number of sessions per client */, "maximum-sessions-per-tunnel" arg /* Maximum number of sessions per L2TP tunnel */, "interface-id" arg /* Interface identifier for PPP users missing one */, "lcp-renegotiation" /* Force renegotiation of LCP options */, "local-chap" /* Force local CHAP challenge */, "override-result-code" ( /* Override result code with admin value in CDN message at LNS */ c( "session-out-of-resource" /* Override result code for session out-of-resource due to permanent or temporary condition with admin value in CDN message at LNS */ ) ), "aaa-access-profile" arg /* AAA access profile name */, "multilink" ( /* Multilink Point-to-Point Protocol command options */ multilink_object /* Multilink Point-to-Point Protocol command options */ ), "session-limit-group" arg /* Session limit group name */, "ppp-authentication" ( /* Method for authenticating client */ ("chap" | "pap") ), "shared-secret" arg /* Shared secret for authenticating peer */, "ppp-profile" arg /* User profile name */, "dynamic-profile" arg /* Dynamic profile name */ ) ), "ike" ( /* Configuration for dynamic IKE peers */ c( "allowed-proxy-pair" ( /* List of local and remote proxy identity pairs */ s( "local" arg /* Local proxy identity */, "remote" arg /* Remote proxy identity */ ) ), "initiate-dead-peer-detection" /* Initiate dead peer detection */, "dead-peer-detection" ( /* Dead peer detection options */ c( "interval" arg /* Interval at which the DPD messages should be sent */, "threshold" arg /* Maximum number of DPD messages */ ) ), "respond-bad-spi" ( /* Respond to IPsec packets with bad security parameter index (SPI) values */ sc( arg ) ).as(:oneline), c( "pre-shared-key" ( /* Define pre-shared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline), "ike-policy" arg /* Name of IKE policy */ ), "ipsec-policy" arg /* Name of IPsec policy */, "reverse-route" ( /* Reverse route parameters */ c( "preference" ( /* Preference value */ sc( arg /* Metric value */ ) ).as(:oneline) ) ), "interface-id" arg /* Identity of logical service interface pool */ ) ) ), "group-profile" arg /* Group profile name */, "user-group-profile" arg /* User group profile name */, "xauth" ( /* Configure xauth attributes */ c( "ip-address" ( /* Specify the ip-address for client */ ipv4prefix /* Specify the ip-address for client */ ) ) ), "client-group" arg /* One or more groups to which the client belongs */, "firewall-user" ( /* Client is configured as a firewall user */ c( "password" arg /* Password for user */ ) ) ) ) end rule(:access_ldap_options) do c( "revert-interval" arg /* Time after which to revert to primary server */, "base-distinguished-name" arg /* Suffix when assembling user distinguished name (DN) or base DN under which to search for user DN */, c( "assemble" ( /* Derive user distinguished name from 'common-name' and 'base-distinguished-name' */ c( "common-name" arg /* Prefix in user distinguished name (for example, 'cn' or 'uid') */ ) ), "search" ( /* Search for user's distinguished name */ c( "search-filter" arg /* Filter to use in search (examples: 'cn=' or 'givenName=') */, "admin-search" ( /* Perform an administrator search to find user's distinguished name */ c( "distinguished-name" arg /* Administrator's distinguished name */, "password" ( /* Administrator password */ unreadable /* Administrator password */ ) ) ) ) ) ) ) end rule(:access_radius_options) do c( "revert-interval" arg /* Time after which to revert to primary server */, "timeout-grace" arg /* The period after a RADIUS server times out before marking the server as dead */, "request-rate" arg /* Maximum number of RADIUS requests sent per second */, "interim-rate" arg /* Maximum number of RADIUS requests sent per second */, "interim-update-tolerance" arg /* Maximum tolerance for Interim Updates to RADIUS */, "unique-nas-port" ( /* Use unique value for NAS-Port radius attribute */ c( "chassis-id" arg /* Configure chassis identifier field of NAS-Port */, "chassis-id-width" arg /* Number of bits for the chassis identifier field of NAS-Port */ ) ) ) end rule(:access_radius_server_object) do arg.as(:arg) ( c( "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* Port number to send RADIUS accounting messages */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */ ) ) end rule(:address_assignment_type) do c( "neighbor-discovery-router-advertisement" ( /* Designated NDRA pool for this instance */ sc( arg ) ).as(:oneline), "high-utilization" arg /* Generate an SNMP trap when address pool use surpasses this percentage */, "abated-utilization" arg /* Generate an SNMP clear trap when address pool use falls below this percentage */, "high-utilization-v6" arg /* Generate an SNMP trap when address pool use surpasses this percentage */, "abated-utilization-v6" arg /* Generate an SNMP clear trap when address pool use falls below this percentage */, "pool" arg ( /* Address pool */ c( "active-drain" /* Notify client of pool active drain mode */, "hold-down" /* Place pool in passive drain mode */, "link" arg /* Address pool link name */, "family" ( /* Address family */ c( c( "inet" ( /* IPv4 */ c( "network" ( /* Network address */ ipv4prefix /* Network address */ ), "range" arg ( /* Address range */ c( "low" ( /* Lower limit of address range */ ipv4addr /* Lower limit of address range */ ), "high" ( /* Upper limit of address range */ ipv4addr /* Upper limit of address range */ ) ) ), "dhcp-attributes" ( /* DHCP options and match criteria */ dhcp_attribute_type /* DHCP options and match criteria */ ), "xauth-attributes" ( /* Configure xauth attributes */ c( "primary-dns" ( /* Specify the primary-dns IP address */ ipv4prefix /* Specify the primary-dns IP address */ ), "secondary-dns" ( /* Specify the secondary-dns IP address */ ipv4prefix /* Specify the secondary-dns IP address */ ), "primary-wins" ( /* Specify the primary-wins IP address */ ipv4prefix /* Specify the primary-wins IP address */ ), "secondary-wins" ( /* Specify the secondary-wins IP address */ ipv4prefix /* Specify the secondary-wins IP address */ ) ) ), "host" arg ( /* Hostname for static reservations */ c( "hardware-address" ( /* Hardware address */ mac_addr /* Hardware address */ ), "ip-address" ( /* Reserved address */ ipv4addr /* Reserved address */ ) ) ), "excluded-address" arg /* Excluded Addresses */, "excluded-range" arg ( /* Excluded address range */ c( "low" ( /* Lower limit of excluded address range */ ipv4addr /* Lower limit of excluded address range */ ), "high" ( /* Upper limit of excluded address range */ ipv4addr /* Upper limit of excluded address range */ ) ) ) ) ), "inet6" ( /* IPv6 */ c( "prefix" ( /* IPv6 network prefix */ ipv6prefix_mandatory /* IPv6 network prefix */ ), "range" arg ( /* IPv6 address range */ c( "low" ( /* Lower limit of ipv6 address range */ ipv6prefix_mandatory /* Lower limit of ipv6 address range */ ), "high" ( /* Upper limit of ipv6 address range */ ipv6prefix_mandatory /* Upper limit of ipv6 address range */ ), "prefix-length" arg /* IPv6 delegated prefix length */ ) ), "dhcp-attributes" ( /* DHCP options and match criteria */ dhcp_attribute_type /* DHCP options and match criteria */ ), "excluded-address" arg /* Excluded Addresses */, "excluded-range" arg ( /* Excluded address range */ c( "low" ( /* Lower limit of excluded address range */ ipv6addr /* Lower limit of excluded address range */ ), "high" ( /* Upper limit of excluded address range */ ipv6addr /* Upper limit of excluded address range */ ) ) ) ) ) ) ) ) ) ), "location-pool" arg ( /* Location-based IP address pool */ c( "family" ( /* Address family */ c( "inet" ( /* IPv4 location pool */ c( "location" arg ( /* Relative location of router */ c( "address" ( /* IP address/destination prefix */ ipv4prefix /* IP address/destination prefix */ ) ) ) ) ) ) ) ) ), "address-pools" ( /* Address pools for subscribers */ sm_ippool_pool /* Address pools for subscribers */ ) ) end rule(:address_pool_object) do arg.as(:arg) ( c( c( "address" ( /* Address or address prefix */ ipv4prefix /* Address or address prefix */ ), "address-range" ( /* Range of addresses for pool */ sc( "low" ( /* Lower limit of address range */ ipv4addr /* Lower limit of address range */ ), "high" ( /* Upper limit of address range */ ipv4addr /* Upper limit of address range */ ) ) ).as(:oneline) ) ) ) end rule(:dhcp_attribute_type) do c( "option-match" ( /* Match */ c( "option-82" ( c( "circuit-id" arg ( /* Circuit ID portion of the option 82 */ sc( "range" arg /* Range name */ ) ).as(:oneline), "remote-id" arg ( /* Remote ID portion of the option 82 */ sc( "range" arg /* Range name */ ) ).as(:oneline) ) ) ) ), "maximum-lease-time" ( /* Maximum lease time advertised to clients */ ("infinite" | arg) ), "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* Server Identifier - IP address value */ ipv4addr /* Server Identifier - IP address value */ ), "grace-period" arg /* Grace period for leases */, "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "wins-server" arg /* WINS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "tftp-server" ( /* TFTP server IP address advertised to clients */ ipv4addr /* TFTP server IP address advertised to clients */ ), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* SIP server domain name available to clients */, "ip-address" arg /* SIP servers list of IPv4 addresses available to the client */ ) ), "netbios-node-type" ( /* Type of NETBIOS node advertised to clients */ ("b-node" | "p-node" | "m-node" | "h-node") ), "sip-server-domain-name" arg /* SIP server domain name available to clients */, "sip-server-address" arg /* SIP Servers list of IPv6 addresses available to the client */, "dns-server" arg /* Domain name servers available to the client */, "propagate-settings" arg /* Interface name for propagating TCP/IP Settings to pool */, "propagate-ppp-settings" ( /* PPP interface name for propagating DNS/WINS settings */ interface_name /* PPP interface name for propagating DNS/WINS settings */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "hex-string" arg /* Hexadecimal string */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "ipv6-address" ( /* IPV6 address value */ ipv6addr /* IPV6 address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "hex-string" arg /* Hexadecimal string */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ), "ipv6-address" ( /* Array of IPv6 address values */ ipv6addr /* Array of IPv6 address values */ ) ) ) ) ) ) ).as(:oneline), "valid-lifetime" ( /* Valid lifetime advertised to clients */ ("infinite" | arg) ), "preferred-lifetime" ( /* Preferred lifetime advertised to clients */ ("infinite" | arg) ), "t1-percentage" arg /* T1 time as percentage of preferred lifetime or max lease */, "t2-percentage" arg /* T2 time as percentage of preferred lifetime or max lease */, "exclude-prefix-len" arg /* Length of IPv6 prefix to be excluded from delegated prefix */, "t1-renewal-time" arg /* T1 renewal time */, "t2-rebinding-time" arg /* T2 rebinding time */ ) end rule(:domain_map_type) do c( "map" arg ( /* Domain map definitions */ c( c( "aaa-routing-instance" ( /* Routing instance to be used for applying AAA services */ ("default" | arg) ), "aaa-logical-system" arg ( /* Logical system to be used for applying AAA services */ c( "aaa-routing-instance" ( /* Routing instance to be used for applying AAA services */ ("default" | arg) ) ) ) ), "access-profile" arg /* Access profile to be used for applying AAA services */, "address-pool" arg /* Address pool to use for providing address-allocation services */, "dynamic-profile" arg /* Dynamic profile to be used for this client's session */, "override-password" arg /* Use this password for authentication */, "padn" arg ( /* PPPoE Active Discovery Network parameters to apply for this client's session */ c( "mask" ( /* Destination mask */ ipv4addr /* Destination mask */ ), "metric" arg /* Metric value */ ) ), c( "target-routing-instance" ( /* Routing instance the client's session will be mapped to */ ("default" | arg) ), "target-logical-system" arg ( /* Logical system the client's session will be mapped to */ c( "target-routing-instance" ( /* Routing instance the client's session will be mapped to */ ("default" | arg) ) ) ) ), "strip-domain" /* Enable domain name stripping from the username */, "strip-username" ( /* Enable user name stripping from the username */ sc( c( "right-to-left" /* Strip to first domain delimiter on the right */, "left-to-right" /* Strip to first domain delimiter on the left */ ) ) ).as(:oneline), "tunnel-profile" arg /* Tunnel profile to be used for this client's session */, "tunnel-switch-profile" arg /* Tunnel switch profile */ ) ), "parse-order" ( /* Order in which search parsing is conducted (i.e. look for domain-namd or realm-name first) */ sc( c( "domain-first" /* Search for domain name in username field before searching for realm name */, "realm-first" /* Search for realm name in username field before searching for domain name */ ) ) ).as(:oneline), "delimiter" ( /* Allowable delimiter characters for domain name separation */ sc( arg ) ).as(:oneline), "parse-direction" ( /* Domain name parsing direction */ sc( c( "right-to-left" /* Parse the username from right to left */, "left-to-right" /* Parse the username field from left to right to find domain name */ ) ) ).as(:oneline), "realm-delimiter" ( /* Allowable delimiter characters for realm name separation */ sc( arg ) ).as(:oneline), "realm-parse-direction" ( /* Realm name parsing direction */ sc( c( "left-to-right" /* Parse the username field from left to right to find realm name */, "right-to-left" /* Parse the username field from right to left to find realm name */ ) ) ).as(:oneline) ) end rule(:group_profile_object) do arg.as(:arg) ( c( "ppp" ( /* Configuration for Point-to-Point Protocol */ c( "framed-pool" arg /* Address pool used to assign an address for the user */, "idle-timeout" arg /* Idle timeout before termination of session */, "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ c( "pap" /* Password Authentication Protocol */, "chap" /* Challenge Handshake Authentication Protocol */, "mru" arg /* The Maximum Receive Unit size in bytes */, "mtu" ( /* The Maximum Transfer Unit size in bytes */ ("use-lower-layer" | arg) ), "initiate-ncp" ( /* Enable server initiated NCP */ c( "ip" /* Enable server initiated IPNCP */, "ipv6" /* Enable server initiated IPv6NCP */, "dual-stack-passive" /* Disable server initiated IPNCP/IPv6NCP for dual-stack client */ ) ), "peer-ip-address-optional" /* Set Peer IP Address Optional in IP NCP Negotiations */, "ipcp-suggest-dns-option" /* Suggest peer to negotiate with DNS Adresses options */, "aaa-options" arg /* Attach AAA options name to group-profile */ ) ), "keepalive" arg /* PPP keepalive interval */, "primary-dns" arg /* Primary DNS server name */, "secondary-dns" arg /* Secondary DNS server name */, "primary-wins" arg /* Primary wins server name */, "secondary-wins" arg /* Secondary wins server name */, "encapsulation-overhead" arg /* Encapsulation overhead for Class of Service calculation */, "cell-overhead" /* ATM cell overhead for Class of Service calculation */, "interface-id" arg /* Interface identifier to look up session information */ ) ), "l2tp" ( /* Configuration for Layer 2 Tunneling Protocol */ c( "maximum-sessions" arg /* Maximum number of sessions per client */, "maximum-sessions-per-tunnel" arg /* Maximum number of sessions per L2TP tunnel */, "interface-id" arg /* Interface identifier for PPP users missing one */, "lcp-renegotiation" /* Force renegotiation of LCP options */, "local-chap" /* Force local CHAP challenge */, "override-result-code" ( /* Override result code with admin value in CDN message at LNS */ c( "session-out-of-resource" /* Override result code for session out-of-resource due to permanent or temporary condition with admin value in CDN message at LNS */ ) ), "multilink" ( /* Multilink Point-to-Point Protocol command options */ multilink_object /* Multilink Point-to-Point Protocol command options */ ) ) ) ) ) end rule(:gx_plus_definition) do c( "partition" arg ( /* GX-PLUS partition configuration */ c( "diameter-instance" arg /* GX-PLUS diameter instance */, "destination-realm" arg /* GX-PLUS destination realm */, "destination-host" arg /* GX-PLUS destination host */ ) ), "global" ( /* GX-PLUS global parameters */ c( "include-ipv6" /* Send provisioning request for IPv6-only subscribers */, "max-outstanding-requests" arg /* Maximum number of outstanding requests */ ) ) ) end rule(:juniper_bridge_domains) do arg.as(:arg) ( c( "description" arg /* Text description of bridge domain */, "domain-type" ( /* Type of bridge domain */ ("bridge") ), c( "vlan-id" ( /* IEEE 802.1q VLAN identifier for bridging domain */ ("all" | "none" | arg) ), "vlan-tags" ( /* IEEE 802.1q VLAN tags for bridging domain */ sc( "outer" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */, "inner" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ) ).as(:oneline), "vlan-id-list" arg /* Create bridge-domain for each of the vlan-id specified in the vlan-id-list */ ), "isid-list" arg /* Create bridge-domain for isid (Valid isid:256..16777214) */, "vlan-id-scope-local" /* Enable the scope of vlan-id local to avoid transmitting vlan tagged packets */, "service-id" arg /* Service id required if bridge-domain is of type MC-AE and vlan-id all or vlan-id none or vlan-tags */, "domain-id" arg /* Domain-id for auto derived Route Target */, "no-local-switching" /* Disable local switching within CE-facing interfaces */, "mcae-mac-synchronize" /* Enable IRB MAC synchronization in this bridge domain */, "mcae-mac-flush" /* Enable MCAE MAC flush in a/s mode for a bridge domain on MCAE link up */, "no-irb-layer-2-copy" /* Disable transmission of layer-2 copy of packets of irb routing-interface */, "no-arp-suppression" /* Disable suppression of ARP/NDP for EVPN */, "enable-mac-move-action" /* Enable blocking action due to mac-move in this Bridge Domain */, "interface" ("$junos-interface-name" | arg) /* Interface name for this bridge domain */, "routing-interface" ( /* Routing interface name for this bridge-domain */ interface_unit /* Routing interface name for this bridge-domain */ ), "forwarding-options" ( /* Forwarding options configuration */ juniper_bridge_forwarding_options /* Forwarding options configuration */ ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "bridge-options" ( /* Bridge domain configuration */ juniper_protocols_bd /* Bridge domain configuration */ ), "protocols" ( c( "igmp-snooping" ( /* IGMP snooping configuration */ juniper_bd_protocols_igmp_snooping /* IGMP snooping configuration */ ), "mld-snooping" ( /* MLD snooping configuration */ juniper_bd_protocols_mld_snooping /* MLD snooping configuration */ ) ) ), "vxlan" ( c( "ovsdb-managed" /* Bridge-domain is managed remotely via VXLAN OVSDB Controller */, "vni" arg /* VXLAN identifier */, "multicast-group" ( /* Multicast group registered for VXLAN segment */ ipv4addr /* Multicast group registered for VXLAN segment */ ), "encapsulate-inner-vlan" /* Retain inner VLAN in the packet */, "decapsulate-accept-inner-vlan" /* Accept VXLAN packets with inner VLAN */, "unreachable-vtep-aging-timer" arg /* Unreachable VXLAN tunnel endpoint removal timer */, "ingress-node-replication" /* Enable ingress node replication */ ) ), "isolated-vlan" arg /* Isolated VLAN ID for private vlan bridge domain */, "community-vlans" arg /* List of Community VLANs for private vlan bridge domain */ ) ) end rule(:juniper_bd_protocols_igmp_snooping) do c( "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "learn-pim-router" /* Learn PIM router interfaces from PIM hellos */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "disable" ) ) ) end rule(:juniper_bd_protocols_mld_snooping) do c( "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ) ) ) ) end rule(:juniper_bridge_forwarding_options) do c( "filter" ( /* Filtering for bridge forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for bridge flood table */ c( "input" arg /* Name of input filter to apply for bridge flood packets */ ) ), "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "dhcp-security" ( /* Dynamic ARP Inspection configuration */ jdhcp_security_type /* Dynamic ARP Inspection configuration */ ) ) end rule(:jdhcp_relay_type) do c( "traceoptions" ( /* DHCP relay trace options */ jdhcp_traceoptions_type /* DHCP relay trace options */ ), "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "duplicate-clients-on-interface" /* Allow duplicate clients on different interfaces in a subnet */, "duplicate-clients-in-subnet" ( /* Allow duplicate clients in a subnet */ jdhcp_duplicate_clients_in_subnet_type /* Allow duplicate clients in a subnet */ ).as(:oneline), "interface-traceoptions" ( /* DHCP relay interface trace options */ jdhcp_interface_traceoptions_type /* DHCP relay interface trace options */ ), "dhcpv6" ( /* DHCPv6 configuration */ dhcpv6_relay_type /* DHCPv6 configuration */ ), "arp-inspection" /* Enable Dynamic ARP Inspection */, "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "overrides" ( /* DHCP override processing */ override_type /* DHCP override processing */ ), "relay-option" ( /* DHCP option processing */ dhcp_generic_v4_option /* DHCP option processing */ ), "relay-option-60" ( /* DHCP option-60 processing */ relay_option_60_type_top /* DHCP option-60 processing */ ), "relay-option-82" ( /* DHCP option-82 processing */ relay_option_82_type /* DHCP option-82 processing */ ), "forward-only" ( /* Forward DHCP packets without creating binding */ forward_only_to_rc_type /* Forward DHCP packets without creating binding */ ), "vpn" /* Enable vpn encryption */, "forward-only-replies" /* Forward-only replies from server to appropriate logical-system:routing-instance based on options */, "server-group" ( /* Define a DHCP server group */ server_group_type /* Define a DHCP server group */ ), "active-server-group" ( /* Name of DHCP server group */ dhcpv4_gbl_active_sg_type /* Name of DHCP server group */ ), "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "group" ( /* Define a DHCP group */ dhcp_group /* Define a DHCP group */ ), "dual-stack-group" ( /* Define a DHCP dual stack group */ dhcp_dual_stack_group /* Define a DHCP dual stack group */ ), "no-snoop" /* Do not snoop DHCP packets */, "server-response-time" arg /* Number of seconds in a period of activity between the last server response and an unaswered request */, "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv4 offer and ack packets */ ) ).as(:oneline) ) ), "leasequery" ( /* DHCP leasequery configuration */ relay_leasequery_type /* DHCP leasequery configuration */ ), "bulk-leasequery" ( /* DHCP bulk leasequery configuration */ relay_bulk_leasequery_v4_type /* DHCP bulk leasequery configuration */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ) ) end rule(:authentication_type) do c( "password" arg /* Username password to use */, "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "mac-address" /* Include MAC address */, "option-82" ( /* Include option 82 */ sc( "circuit-id" /* Include option 82 circuit-id (sub option 1) */, "remote-id" /* Include option 82 remote-id (sub option 2) */ ) ).as(:oneline), "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */, "option-60" /* Include option 60 */, "circuit-type" /* Include circuit type */, "interface-name" /* Include interface name */, "interface-description" ( /* Include interface description */ ("device" | "logical") ) ) ) ) end rule(:dhcp_dual_stack_group) do arg.as(:arg) ( c( "authentication" ( /* DHCP authentication */ dual_stack_authentication_type /* DHCP authentication */ ), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to be used for jdhcpd */, "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "relay-agent-interface-id" ( /* Interface-id option processing */ v6_relay_option_interface_id_type /* Interface-id option processing */ ), "relay-agent-remote-id" ( /* Remote-id option processing */ v6_relay_option_remote_id_type /* Remote-id option processing */ ) ) ) end rule(:dhcp_generic_v4_option) do c( "option-number" ( /* Option number */ ("60" | "77") ), "equals" ( /* Generic option equals */ relay_v4_option_ascii_hex /* Generic option equals */ ), "default-action" ( /* Generic option default action */ dhcp_v4_option_default_action /* Generic option default action */ ), "starts-with" ( /* Generic option starts with */ relay_v4_option_ascii_hex /* Generic option starts with */ ) ) end rule(:dhcp_group) do arg.as(:arg) ( c( "active-server-group" ( /* Name of DHCP server group */ dhcpv4_gp_active_sg_type /* Name of DHCP server group */ ), "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "overrides" ( /* DHCP override processing */ override_type /* DHCP override processing */ ), "relay-option" ( /* DHCP option processing */ dhcp_generic_v4_option /* DHCP option processing */ ), "relay-option-60" ( /* DHCP option-60 processing */ relay_option_60_type_group /* DHCP option-60 processing */ ), "relay-option-82" ( /* DHCP option-82 processing */ relay_option_82_type /* DHCP option-82 processing */ ), "forward-only" ( /* Forward DHCP packets without creating binding */ forward_only_to_rc_type /* Forward DHCP packets without creating binding */ ), "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "vpn" /* Enable vpn encryption */, "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCP override processing */ override_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */ ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv4 offer and ack packets */ ) ).as(:oneline) ) ) ) ) end rule(:dhcp_liveness_detection_type) do c( "failure-action" ( /* Liveness detection failure action options */ dhcp_liveness_detection_failure_action_type /* Liveness detection failure action options */ ).as(:oneline), "method" ( /* Liveness detection method options */ c( c( "bfd" ( /* Bidirectional Forwarding Detection (BFD) options */ dhcp_bfd_liveness_detection_type /* Bidirectional Forwarding Detection (BFD) options */ ) ) ) ) ) end rule(:dhcp_bfd_liveness_detection_type) do c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) end rule(:dhcp_liveness_detection_failure_action_type) do c( c( "clear-binding" /* Clear the client binding */, "clear-binding-if-interface-up" /* Clear the client binding only if the incoming interface is up */, "log-only" /* Maintain the client binding and log the failure event */ ) ).as(:oneline) end rule(:dhcp_remote_id_mismatch_type) do c( "disconnect" /* Disconnect session on remote-id mismatch */ ) end rule(:dhcp_route_suppression_type) do c( c( "access-internal" /* Suppress access-internal and destination route addition */, "destination" /* Suppress destination route addition */ ) ) end rule(:dhcp_v4_option_default_action) do c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) end rule(:dhcpv4_gbl_active_sg_type) do c( arg, "allow-server-change" /* Accept DHCP-ACK from any server in this group */ ).as(:oneline) end rule(:dhcpv4_gp_active_sg_type) do c( arg, "allow-server-change" /* Accept DHCP-ACK from any server in this group */ ).as(:oneline) end rule(:dhcpv6_relay_type) do c( "authentication" ( /* DHCPv6 authentication */ dhcpv6_authentication_type /* DHCPv6 authentication */ ), "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_relay_type /* DHCPv6 override processing */ ), "relay-option" ( /* DHCPv6 option processing */ dhcp_generic_v6_option /* DHCPv6 option processing */ ), "vendor-specific-information" ( /* DHCPv6 option 17 vendor-specific processing */ jdhcp_vendor_specific_type /* DHCPv6 option 17 vendor-specific processing */ ), "forward-only" ( /* Forward DHCPv6 packets without creating binding */ forward_only_to_rc_type /* Forward DHCPv6 packets without creating binding */ ), "forward-only-replies" /* Forward-only replies from server to appropriate logical-system:routing-instance based on options */, "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "group" ( /* Define a DHCPv6 relay group */ dhcpv6_relay_group /* Define a DHCPv6 relay group */ ), "relay-agent-interface-id" ( /* DHCPv6 interface-id option processing */ v6_relay_option_interface_id_type /* DHCPv6 interface-id option processing */ ), "relay-agent-remote-id" ( /* DHCPv6 remote-id option processing */ v6_relay_option_remote_id_type /* DHCPv6 remote-id option processing */ ), "server-group" ( /* Define a DHCPv6 server group */ v6_server_group_type /* Define a DHCPv6 server group */ ), "active-server-group" ( /* Name of DHCPv6 server group */ dhcpv6_gbl_active_sg_type /* Name of DHCPv6 server group */ ), "server-response-time" arg /* Number of seconds in a period of activity between the last server response and an unaswered request */, "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv6 advertise and reply packets */ ) ).as(:oneline) ) ), "no-snoop" /* Do not snoop DHCPV6 packets */, "leasequery" ( /* DHCPv6 leasequery configuration */ relay_leasequery_type /* DHCPv6 leasequery configuration */ ), "bulk-leasequery" ( /* DHCPv6 bulk leasequery configuration */ relay_bulk_leasequery_v6_type /* DHCPv6 bulk leasequery configuration */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "duplicate-clients" ( /* Allow duplicate clients */ dhcpv6_duplicate_clients_type /* Allow duplicate clients */ ).as(:oneline) ) end rule(:dhcp_generic_v6_option) do c( "option-number" ( /* Option number */ ("15" | "16") ), "equals" ( /* Generic option equals */ relay_v6_option_ascii_hex /* Generic option equals */ ), "default-action" ( /* Generic option default action */ dhcp_v6_option_default_action /* Generic option default action */ ), "starts-with" ( /* Generic option starts with */ relay_v6_option_ascii_hex /* Generic option starts with */ ) ) end rule(:dhcp_v6_option_default_action) do c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) end rule(:dhcpv6_authentication_type) do c( "password" arg /* Username password to use */, "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "mac-address" /* Include MAC address */, "client-id" /* Include client ID */, "relay-agent-remote-id" ( /* Include the relay agent remote ID */ c( c( "enterprise-id" /* Only use enterprise-id portion of option-37 */, "remote-id" /* Only use remote-id portion of option-37 */ ) ) ), "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */, "relay-agent-subscriber-id" /* Include the relay agent subscriber ID */, "relay-agent-interface-id" /* Include the relay agent interface ID */, "circuit-type" /* Include circuit type */, "interface-name" /* Include interface name */, "interface-description" ( /* Include interface description */ ("device" | "logical") ) ) ) ) end rule(:dhcpv6_duplicate_clients_type) do c( c( "incoming-interface" /* Allow duplicate clients on different underlying interfaces */ ) ).as(:oneline) end rule(:dhcpv6_gbl_active_sg_type) do c( arg ) end rule(:dhcpv6_liveness_detection_type) do c( "failure-action" ( /* Liveness detection failure action options */ dhcp_liveness_detection_failure_action_type /* Liveness detection failure action options */ ).as(:oneline), "method" ( /* Liveness detection method options */ c( c( "bfd" ( /* Bidirectional Forwarding Detection (BFD) options */ dhcp_bfd_liveness_detection_type /* Bidirectional Forwarding Detection (BFD) options */ ) ) ) ) ) end rule(:dhcpv6_override_relay_type) do c( "allow-snooped-clients" /* Allow client creation from snooped PDUs */, "no-allow-snooped-clients" /* Don't allow client creation from snooped PDUs */, "delay-authentication" /* Delay subscriber authentication in DHCP protocol processing until request packet */, "interface-client-limit" arg /* Limit the number of clients allowed on an interface */, "dual-stack" arg /* Dual stack group to use. */, "no-bind-on-request" /* Do not bind if stray DHCPv6 RENEW, REBIND is received */, "client-negotiation-match" ( /* Use secondary match criteria for SOLICIT PDU */ sc( c( "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "send-release-on-delete" /* Always send RELEASE to the server when a binding is deleted */, "always-process-option-request-option" /* Always process option even after address allocation failure */, "relay-source" ( /* Interface for relay source */ interface_name /* Interface for relay source */ ), "delete-binding-on-renegotiation" /* Delete binding on renegotiation */, "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "asymmetric-prefix-lease-time" arg /* Use a reduced prefix lease time for the client. In seconds */ ) end rule(:dhcpv6_relay_group) do arg.as(:arg) ( c( "active-server-group" ( /* Name of DHCPv6 server group */ dhcpv6_gp_active_sg_type /* Name of DHCPv6 server group */ ), "dual-stack-group" ( /* Define a DHCP dual stack group */ dhcp_dual_stack_group /* Define a DHCP dual stack group */ ), "authentication" ( /* DHCPv6 authentication */ dhcpv6_authentication_type /* DHCPv6 authentication */ ), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_relay_type /* DHCPv6 override processing */ ), "relay-option" ( /* DHCPv6 option processing */ dhcp_generic_v6_option /* DHCPv6 option processing */ ), "vendor-specific-information" ( /* DHCPv6 option 17 vendor-specific processing */ jdhcp_vendor_specific_type /* DHCPv6 option 17 vendor-specific processing */ ), "forward-only" ( /* Forward DHCPv6 packets without creating binding */ forward_only_to_rc_type /* Forward DHCPv6 packets without creating binding */ ), "relay-agent-interface-id" ( /* DHCPv6 interface-id option processing */ v6_relay_option_interface_id_type /* DHCPv6 interface-id option processing */ ), "relay-agent-remote-id" ( /* DHCPv6 remote-id option processing */ v6_relay_option_remote_id_type /* DHCPv6 remote-id option processing */ ), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_relay_type /* DHCPv6 override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */ ) ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv6 advertise and reply packets */ ) ).as(:oneline) ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ) ) ) end rule(:dhcpv6_gp_active_sg_type) do c( arg ) end rule(:dhcpv6_route_suppression_type) do c( "access" /* Suppress access route addition */, "access-internal" /* Suppress access-internal route addition */ ).as(:oneline) end rule(:dual_stack_authentication_type) do c( "password" arg /* Username password to use */, "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "mac-address" /* Include MAC address */, "relay-agent-remote-id" /* Include the relay agent remote ID */, "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */, "relay-agent-interface-id" /* Include the relay agent interface ID */, "interface-name" /* Include interface name */, "circuit-type" /* Include circuit type */ ) ) ) end rule(:dynamic_profile_type) do c( arg, c( "use-primary" arg /* Dynamic profile to use on the primary interface */, "aggregate-clients" ( /* Aggregate client profiles */ c( c( "merge" /* Merge the client dynamic profiles */, "replace" /* Replace client dynamic profiles */ ) ) ) ) ).as(:oneline) end rule(:forward_only_to_rc_type) do c( "logical-system" ( ("default" | "current" | arg) ), "routing-instance" ( ("default" | "current" | arg) ) ) end rule(:jdhcp_duplicate_clients_in_subnet_type) do c( c( "incoming-interface" /* Allow duplicate clients on different interfaces in a subnet */, "option-82" /* Allow duplicate clients using different option-82 options in a subnet */ ) ).as(:oneline) end rule(:jdhcp_interface_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all")) /* Interface trace categories */.as(:oneline) ) end rule(:jdhcp_security_type) do c( "no-dhcp-snooping" /* Disable dhcp snooping */, "arp-inspection" /* Enable dynamic ARP inspection */, "ip-source-guard" /* Enable IP source guard */, "no-dhcpv6-snooping" /* Disable DHCPv6 snooping */, "neighbor-discovery-inspection" /* Enable neighbor discovery inspection */, "ipv6-source-guard" /* Enable IPv6 source guard */, "light-weight-dhcpv6-relay" /* Enable light weight dhcpv6 relay */, "group" ( /* Define a DHCP security group for overriding defaults */ ds_group /* Define a DHCP security group for overriding defaults */ ), "option-82" ( /* DHCP option-82 processing for snooped packets */ security_option_82_type /* DHCP option-82 processing for snooped packets */ ), "dhcpv6-options" ( /* DHCPv6 option processing for snooped packets */ security_dhcpv6_options_type /* DHCPv6 option processing for snooped packets */ ) ) end rule(:ds_group) do arg.as(:arg) ( c( "overrides" ( /* DHCP override processing */ ds_override_type /* DHCP override processing */ ), "interface" arg ( /* One or more interfaces */ c( "static-ip" ( /* Static IP address configuration */ ip_mac_static /* Static IP address configuration */ ), "static-ipv6" ( /* Static IPv6 address configuration */ ipv6_mac_static /* Static IPv6 address configuration */ ) ) ) ) ) end rule(:ds_override_type) do c( "trusted" /* Make this trusted group of interfaces */, "untrusted" /* Make this untrusted group of interfaces */, "no-option82" /* Make this group of interfaces not to add option82 */, "no-option37" /* Make this group of interfaces not to add option37 */, "no-option18" /* Make this group of interfaces not to add option18 */, "no-option16" /* Make this group of interfaces not to add option16 */, "no-dhcpv6-options" /* Make this group of interfaces not to add any DHCPv6 options */ ) end rule(:ip_mac_static) do arg.as(:arg) ( c( "mac" ( /* MAC address */ mac_addr /* MAC address */ ) ) ).as(:oneline) end rule(:ipv6_mac_static) do arg.as(:arg) ( c( "mac" ( /* MAC address */ mac_addr /* MAC address */ ) ) ).as(:oneline) end rule(:jdhcp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all" | "database" | "persistent" | "interface" | "rtsock" | "flow-notify" | "io" | "ha" | "ui" | "general" | "fwd" | "rpd" | "auth" | "profile" | "session-db" | "performance" | "statistics" | "dhcpv6-io" | "dhcpv6-rpd" | "dhcpv6-session-db" | "dhcpv6-general" | "liveness-detection" | "security-persistence" | "mclag")) /* DHCP operations to include in debugging trace */.as(:oneline) ) end rule(:jdhcp_vendor_specific_type) do c( "host-name" /* Add router host name */, "location" /* Add location information expressed as interface name format */ ).as(:oneline) end rule(:juniper_cdr_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "enable-reduced-partial-cdrs" /* Enable reduced partial CDR's */, "report-requested-apn" /* Report requested/virtual APN in CDR's */, "exclude-attributes" ( /* Specify excluded IE options in CDRs */ c( "apn-ni" /* Exclude APN network identifier IE in the CDR */, "apn-selection-mode" /* Exclude APN selection mode IE in the CDR */, "cc-selection-mode" /* Exclude charging characteristic selection mode IE in the CDR */, "dynamic-address" /* Exclude dynamic address IE in the CDR */, "pgw-plmn-identifier" /* Exclude PGW PLMN identifier IE in the CDR */, "list-of-traffic-volumes" /* Exclude list of traffic volumes in the CDR */, "list-of-service-data" /* Exclude list of service data in the CDR */, "lrsn" /* Exclude local record sequece number IE in the CDR */, "ms-time-zone" /* Exclude MS time zone IE in the CDR */, "network-initiation" /* Exclude network initiation flag in the CDR */, "node-id" /* Exclude node ID IE in the CDR */, "pdn-connection-id" /* Exclude PDN connection ID IE in the CDR */, "pdppdn-type" /* Exclude PDP or PDN type IE in the CDR */, "rat-type" /* Exclude RAT type IE in the CDR */, "record-sequence-number" /* Exclude record sequence number IE in the CDR */, "served-imeisv" /* Exclude served IMEI IE in the CDR */, "served-msisdn" /* Exclude served MSISDN IE in the CDR */, "served-pdppdn-address" /* Exclude served PDP context or IP CAN bearer address IE in the CDR */, "serving-node-plmn-identifier" /* Exclude serving node PLMN identifier IE in the CDR */, "start-time" /* Exclude start time IE in the CDR */, "stop-time" /* Exclude stop time IE in the CDR */, "user-location-information" /* Exclude user location IE in the CDR */, "sgw-change" /* S-GW specific: Exclude S-GW change IE in the CDR */, "pgw-address-used" /* S-GW specific: Exclude P-GW address used IE in the CDR */, "ps-furnish-info" /* Exclude PS Furnish charging info */, "served-pdp-address-extension" /* Exclude served pdp pdn address extension */ ) ), "node-id" ( /* Default node identifier */ ("hostname" | "hostname-spic" | "ipaddress-spic") ) ) ) end rule(:juniper_charged_configuraton) do c( "file-age" ( /* Configures file age */ sc( arg, "disable" /* Disable file age trigger */ ) ).as(:oneline), "file-size" ( /* Configures file size */ sc( arg, "disable" /* Disable file size trigger */ ) ).as(:oneline), "cdrs-per-file" arg /* Number of CDRs per file */, "user-name" arg /* User authorized to access the files */, "disable-replication" /* Disable replication of CDR log files to standby RE */, "world-readable" /* CDR log files can be accessed by all users */, "file-format" ( /* CDR file format */ ("3gpp" | "raw-asn") ), "file-name-private-extension" arg /* File name private extension */, "file-creation-policy" ( /* File creation policy (shared/unique) */ ("shared-file" | "unique-file") ), "disk-space-policy" ( /* Policy on what should be done when disk runs out of space */ c( "water-mark-level1" ( /* Water mark level1 percentage and notification */ c( "percentage" arg /* The water mark level1 percentage, a value of 0 will disable it */, "notification-level" ( /* Notification when water-mark-level is reached */ ("snmp-alarm" | "syslog" | "both") ) ) ), "water-mark-level2" ( /* Water mark level2 percentage and notification */ c( "percentage" arg /* The water mark level2 percentage, a value of 0 will disable it */, "notification-level" ( /* Notification when water-mark-leve2 is reached */ ("snmp-alarm" | "syslog" | "both") ) ) ), "water-mark-level3" ( /* Water mark level3 percentage and notification */ c( "percentage" arg /* The water mark level3 percentage */, "notification-level" ( /* Notification when water-mark-level3 is reached */ ("snmp-alarm" | "syslog" | "both") ) ) ) ) ), "traceoptions" ( /* Charged persistent local-storage CDR trace options */ charged_traceoptions_type /* Charged persistent local-storage CDR trace options */ ) ) end rule(:charged_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("critical" | "error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("general" | "mirror" | "connection" | "file-operations" | "journaling" | "all")) /* Charged operations to include in debugging trace */.as(:oneline) ) end rule(:juniper_charging_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "profile-id" arg /* Profile id that is matched against GTP charging characteristic or AAA charging profile number (applicable only in the case of ggsn-pgw) */, "default-service-id" arg /* Default service ID to be used for charging, applicable for GGSN/P-GW only */, "default-rating-group" arg /* Default rating group to be used for charging, applicable for GGSN/P-GW only */, "default-l7-rating-group" arg /* Default rating group to be used for L7 charging */, "transport-profile" ( /* Transport profile referred by this charging profile */ c( arg ) ), "cdr-profile" ( /* Transport profile referred by this charging profile */ c( arg ) ), "diameter-avp-profile" ( /* Diameter AVP profile referred by this charging profile */ c( arg ) ), "trigger-profile" arg ( /* Trigger profile referred by this charging profile */ c( "rating-group" arg /* Input rating-group identifier */ ) ), "service-mode" ( /* Service mode */ ("maintenance") ) ) ) end rule(:juniper_class_of_service_options) do c( "forwarding-policy" ( /* Class-of-service forwarding policy */ c( "next-hop-map" arg ( /* Class-of-service next-hop map */ c( "forwarding-class" arg ( /* Forwarding class from which to map */ c( "next-hop" ( /* Next-hop identifier to which to map */ ipaddr_or_interface /* Next-hop identifier to which to map */ ), "lsp-next-hop" arg /* Regular expression for LSP next hop */, "non-lsp-next-hop" /* Any non-RSVP LSP next hop */, "discard" /* Discard next hop */ ) ), "forwarding-class-default" ( /* Next Hop For traffic which does not meet any FC in the next-hop-map */ c( "next-hop" ( /* Next-hop identifier to which to map */ ipaddr_or_interface /* Next-hop identifier to which to map */ ), "lsp-next-hop" arg /* Regular expression for LSP next hop */, "non-lsp-next-hop" /* Any non-RSVP LSP next hop */, "discard" /* Discard next hop */ ) ) ) ), "class" arg ( /* Class-of-service description */ c( "classification-override" ( /* Define classification overrides */ c( "forwarding-class" arg /* Forwarding class name */ ) ) ) ) ) ), "classifiers" ( /* Classify incoming packets based on code point value */ c( "dscp" arg ( /* Differentiated Services code point classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "dscp-ipv6" arg ( /* Differentiated Services code point classifier IPv6 */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "exp" arg ( /* MPLS EXP classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "ieee-802.1" arg ( /* IEEE-802.1 classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "inet-precedence" arg ( /* IPv4 precedence classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ) ) ), "traffic-class-map" ( /* Packet input priority map based on incoming packets code point */ c( "inet-precedence" arg ( /* IPv4 precedence traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "dscp" arg ( /* Differentiated Services code point traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "exp" arg ( /* MPLS EXP traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "ieee-802.1" arg ( /* IEEE-802.1 traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "policy-map" arg ( /* Policy-map describing the packet marking rule */ c( "inet-precedence" ("proto-ip" | "proto-mpls") ( /* IPv4 INET-Precedence Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "dscp" ("proto-ip" | "proto-mpls") ( /* IPv4 Differentiated Services Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "dscp-ipv6" ("proto-ip" | "proto-mpls") ( /* IPv6 Differentiated Services Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "exp" ("all-label" | "outer-label") ( /* MPLS EXP Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "ieee-802.1" ("outer" | "outer-and-inner") ( /* IEEE-802.1 Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "ieee-802.1ad" ("outer" | "outer-and-inner") ( /* IEEE-802.1ad Policy-map code point */ sc( "code-point" arg /* IEEE-802.1ad (DEI) Policy-map code point */ ) ).as(:oneline) ) ), "forwarding-class-map" arg ( /* Map forwarding class to queue number for interfaces */ c( "class" arg ( /* Forwarding class */ sc( "queue-num" arg /* Queue number */, "restricted-queue" arg /* Restricted queue number */ ) ).as(:oneline) ) ), "loss-priority-maps" ( /* Map loss priority of incoming packets based on code point value */ c( "frame-relay-de" arg ( /* Frame relay discard eligible bit loss priority map */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Map code points to a loss priority */ sc( "code-points" arg /* List of bit strings */ ) ).as(:oneline) ) ) ) ), "loss-priority-rewrites" ( /* Rewrite code point of outgoing packet based on loss priority */ c( "frame-relay-de" arg ( /* Frame relay discard eligible bit loss priority rewrite */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "code-point-aliases" ( /* Mapping of code point aliases to bit strings */ c( "dscp" arg ( /* Differentiated Services code point aliases */ sc( arg /* DSCP 6-bit pattern */ ) ).as(:oneline), "dscp-ipv6" arg ( /* Differentiated Services code point aliases IPv6 */ sc( arg /* DSCP 6-bit pattern */ ) ).as(:oneline), "exp" arg ( /* MPLS EXP code point aliases */ sc( arg /* EXP 3-bit pattern */ ) ).as(:oneline), "ieee-802.1" arg ( /* IEEE-802.1 code point aliases */ sc( arg /* IEEE-802.1 3-bit pattern */ ) ).as(:oneline), "inet-precedence" arg ( /* IPv4 precedence code point aliases */ sc( arg /* IPv4 precedence 3-bit pattern */ ) ).as(:oneline), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) code point aliases */ sc( arg /* IEEE-802.1ad (DEI) 4-bit pattern */ ) ).as(:oneline) ) ), "translation-table" ( /* Translation table */ c( "to-802.1p-from-dscp" arg ( /* DSCP to 802.1 translation table */ c( "to-code-point" arg ( /* IEEE 802.1 code point */ sc( "from-code-points" arg /* DSCP code point */ ) ).as(:oneline) ) ), "to-inet-precedence-from-inet-precedence" arg ( /* INET PRECEDENCE to INET PRECEDENCE translation table */ c( "to-code-point" arg ( /* INET PRECEDENCE code point */ sc( "from-code-points" arg /* INET PRECEDENCE code point */ ) ).as(:oneline) ) ), "to-dscp-from-dscp" arg ( /* DSCP to DSCP translation table */ c( "to-code-point" arg ( /* DSCP code point */ sc( "from-code-points" arg /* DSCP code point */ ) ).as(:oneline) ) ), "to-dscp-ipv6-from-dscp-ipv6" arg ( /* DSCP-IPV6 to DSCP-IPV6 translation table */ c( "to-code-point" arg ( /* DSCP-IPV6 code point */ sc( "from-code-points" arg /* DSCP-IPV6 code point */ ) ).as(:oneline) ) ), "to-exp-from-exp" arg ( /* EXP to EXP translation table */ c( "to-code-point" arg ( /* EXP code point */ sc( "from-code-points" arg /* EXP code point */ ) ).as(:oneline) ) ) ) ), "host-outbound-traffic" ( /* Classify and mark host traffic to forwarding engine */ c( "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "override-firewall" /* Override firewall filter actions for RE generated traffic */, "translation-table" ( /* Translation table for host outbound packets */ sc( "to-802.1p-from-dscp" arg /* DSCP to 802.1 translation table */ ) ).as(:oneline), "tcp" ( /* Settings for host outbound TCP packets */ c( "raise-internet-control-priority" /* Place packets with IP Precedence set to Internet control into Q3 (network-control) */ ) ), "ieee-802.1" ( /* Mark IEEE 802.1p for host output traffic */ c( "rewrite-rules" /* Mark IEEE 802.1p for host outbound traffic using rewrite-rules */, "default" arg /* Mark IEEE 802.1p for host outbound traffic default value */ ) ), "protocol" ( /* Settings for specific host outbound protocol packets */ c( "isis-over-gre" ( /* Settings for ISIS over GRE packets */ c( "dscp-code-point" arg /* Static DSCP code point of egress host traffic */ ) ) ) ) ) ), "drop-profiles" arg ( /* Random Early Drop (RED) data point map */ c( "fill-level" arg ( /* Fill-level value of data point */ sc( "drop-probability" arg /* Probability packet will be dropped */ ) ).as(:oneline), "interpolate" ( /* Data points interpolated */ c( "fill-level" arg /* Data points for queue full percentage */, "drop-probability" arg /* Data points for packet drop probability */ ) ) ) ), "adaptive-shapers" arg ( /* Define the list of trigger types and associated rates */ c( "trigger" enum(("becn")) ( /* List of trigger types */ sc( "shaping-rate" ( /* Shaping rate for the trigger */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ) ) ).as(:oneline) ) ).as(:oneline) ) ), "virtual-channels" arg /* Define the list of virtual channels */, "virtual-channel-groups" arg ( /* Define list of virtual channel groups */ c( c( "scheduler-map" arg /* Scheduler map applied to this virtual channel */, "shaping-rate" ( /* Shaping rate for the trigger */ sc( c( arg /* Adaptive shaping rate as an absolute rate */, "percent" arg /* Adaptive shaping rate as a percentage */ ) ) ).as(:oneline), "default" /* Default virtual channel */ ) ) ), "copy-plp-all" /* Turn on loss-precedence copying including IP multicast */, "tri-color" /* Enable tricolor marking */, "shared-buffer" ( /* Shared buffer configuration */ c( "percent" arg /* Percentage of shared buffer to be used */, "ingress" ( /* Shared buffer configuration at ingress */ c( "percent" arg /* Percentage of shared buffer to be used at ingress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of ingress shared buffer to be used */, "dynamic-threshold" arg /* Threshold for maximum buffer share for a queue at ingress buffer-partition */ ) ) ) ), "egress" ( /* Shared buffer configuration at egress */ c( "percent" arg /* Percentage of shared buffer to be used at egress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of egress shared buffer to be used */, "dynamic-threshold" arg /* Threshold for maximum buffer share for a queue at egress buffer-partition */ ) ) ) ), "node-group" arg ( /* Node group to apply configuration to */ c( "ingress" ( /* Shared buffer configuration at ingress */ c( "percent" arg /* Percentage of shared buffer to be used at ingress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of ingress shared buffer to be used */ ) ) ) ), "egress" ( /* Shared buffer configuration at ingress */ c( "percent" arg /* Percentage of shared buffer to be used at egress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of egress shared buffer to be used */ ) ) ) ) ) ) ) ), "forwarding-classes" ( /* One or more mappings of forwarding class to queue number */ c( "class" arg ( /* Forwarding class to map to queue number */ sc( "queue-num" arg /* Queue number */, "priority" ( /* Fabric priority */ ("low" | "high") ), "policing-priority" ( /* Policing priority for hierarchical policers */ ("normal" | "premium") ), "no-loss" /* This is no traffic loss class */, "spu-priority" ( /* SPU priority */ ("low" | "high" | "medium-low" | "medium-high") ) ) ).as(:oneline), "queue" arg ( /* Queue number to map to forwarding class */ sc( arg, "priority" ( /* Fabric priority */ ("low" | "high") ), "policing-priority" ( /* Policing priority for hierarchical policers */ ("normal" | "premium") ) ) ).as(:oneline) ) ), "restricted-queues" ( /* Map forwarding classes to restricted queues */ c( "forwarding-class" arg ( /* Forwarding class to map to a restricted queue */ sc( arg ) ).as(:oneline) ) ), "traffic-control-profiles" arg ( /* Traffic shaping and scheduling profiles */ c( "scheduler-map" arg /* Mapping of forwarding classes to packet schedulers */, "strict-priority-scheduler" /* Enable strict priority scheduler. */, "atm-service" ( /* ATM service category */ ("cbr" | "rtvbr" | "nrtvbr") ), "peak-rate" arg /* ATM Peak Cell Rate (PCR) */, "sustained-rate" arg /* ATM Sustained Cell Rate (SCR) */, "max-burst-size" arg /* ATM Maximum Burst Size (MBS) */, "shaping-rate" ( /* Shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "overhead-accounting" ( /* Overhead accounting */ sc( arg, "bytes" arg /* Byte adjust value */, "frame-mode-bytes" arg /* Overhead bytes when in frame-mode */, "cell-mode-bytes" arg /* Overhead bytes when in cell-mode */ ) ).as(:oneline), "shaping-rate-priority-strict-high" ( /* Shaping rate for strict high priority traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-high" ( /* Shaping rate for high priority traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-medium" ( /* Shaping rate for medium priority traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-medium-low" ( /* Shaping rate for medium low priority traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-low" ( /* Shaping rate for low priority traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-high" ( /* Shaping rate for excess high traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-low" ( /* Shaping rate for excess low traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-medium-high" ( /* Shaping rate for excess medium-high traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-medium-low" ( /* Shaping rate for excess medium-low traffic */ sc( arg /* Shaping rate in bits per second */, "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "guaranteed-rate" ( /* Guaranteed rate */ sc( c( arg /* Guaranteed rate as an absolute rate */, "percent" arg /* Guaranteed rate as a percentage */ ), "burst-size" arg /* Guaranteed rate burst size */ ) ).as(:oneline), "excess-rate" ( /* Excess bandwidth sharing proportion */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-high" ( /* Excess bandwidth sharing for excess-high priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-medium-high" ( /* Excess bandwidth sharing for excess-medium-high priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-low" ( /* Excess bandwidth sharing for excess-low priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-medium-low" ( /* Excess bandwidth sharing for excess-medium-low priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), c( "delay-buffer-rate" ( /* Delay buffer rate */ sc( c( arg /* Delay buffer rate as an absolute rate */, "percent" arg /* Delay buffer rate as a percentage */, "cps" arg /* Delay buffer rate as an absolute cells per second rate */ ) ) ).as(:oneline) ), "adjust-minimum" ( /* Minimum shaping-rate when adjusted */ sc( arg /* Minimum shaping rate in bits per second */ ) ).as(:oneline) ) ), "forwarding-class-sets" arg ( /* Forwarding class sets */ c( "class" arg /* Forwarding class */ ) ), "congestion-notification-profile" arg ( /* Congestion notification profile */ c( "input" ( /* Input congestion notification components */ c( "cable-length" arg /* Length of cable in metre */, "ieee-802.1" ( /* IEEE 802.1 code point */ c( "code-point" arg ( /* IEEE 802.1 code point */ c( "pfc" /* PFC */, "mru" arg /* Max Receive Size of packet for this code point */, c( "qfc" /* QFC */, "qcn" ( /* QCN */ c( "defense-mode-edge" ( /* Choose the defense mode edge */ c( "alternate-priority" ( /* Choose the alternate priority for defense mode edge */ c( arg /* IEEE 802.1 code point */ ) ) ) ) ) ) ) ) ) ) ) ) ), "output" ( /* Output congestion notification components */ c( "class" arg ( /* Forwarding class */ c( "remove-cntag" /* Remove cntag for this forwarding class */, "qcn" /* Enabling Quantized Congestion Notification for this forwarding class */ ) ), "ieee-802.1" ( /* IEEE 802.1 code point */ c( "code-point" arg ( /* IEEE 802.1 code point */ c( "flow-control-queue" arg /* Flow control queue( set of queues) */ ) ) ) ) ) ) ) ), "scheduler-map-forwarding-class-sets" arg ( /* Mapping of forwarding class sets to packet schedulers */ c( "forwarding-class-set" arg ( /* Forwarding class set name to map to scheduler */ sc( "scheduler" arg /* Scheduler name */ ) ).as(:oneline) ) ), "system-defaults" ( /* System defaults */ c( "classifiers" ( /* System wide Classifiers applied to incoming packets */ c( "exp" ( /* EXP classifier */ sc( ("default") ) ).as(:oneline) ) ) ) ), "dynamic-class-of-service-options" ( /* Dynamic class-of-service options */ c( "vendor-specific-tags" enum(("actual-data-rate-downstream" | "access-loop-encapsulation")) /* Enable vendor specific tags */ ) ), "interfaces" ( /* Apply class-of-service options to interfaces */ c( "interface-set" arg ( /* Interface set traffic-control-profile attachment */ c( "internal-node" /* Internal node */, "input-excess-bandwidth-share" ( /* Input Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "excess-bandwidth-share" ( /* Output Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "input-traffic-control-profile" ( /* Input traffic control profile for the interface set */ sc( arg ) ).as(:oneline), "input-traffic-control-profile-remaining" ( /* Input traffic control profile for the remaining traffic on an interface set */ sc( arg ) ).as(:oneline), "output-traffic-control-profile" ( /* Output traffic control profile for the interface set */ sc( arg ) ).as(:oneline), "output-traffic-control-profile-remaining" ( /* Output traffic control profile for the remaining traffic on an interface set */ sc( arg ) ).as(:oneline) ) ), cos_interfaces_type ) ), "routing-instances" arg ( /* Apply CoS options to routing instances with VRF table label */ c( "classifiers" ( /* Classifiers applied to incoming packets */ c( "no-default" /* Do not apply default classifiers to this interface */, "exp" ( /* EXP classifier */ sc( ("default") ) ).as(:oneline), "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( ("default"), "encapsulated" /* Inner or outer ethernet header */, "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline), "dscp" ( /* Differentiated Services code point classifier */ sc( ("default") ) ).as(:oneline), "dscp-ipv6" ( /* Differentiated Services code point classifier IPv6 */ sc( ("default") ) ).as(:oneline) ) ), "rewrite-rules" ( /* Rewrite rules applied to outgoing packets */ c( c( "ieee-802.1" ( /* IEEE-802.1 rewrite rule */ sc( ("default"), "encapsulated" /* Inner ethernet header */, "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) rewrite rule */ sc( ("default"), "encapsulated" /* Inner ethernet header */, "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ).as(:oneline) ) ) ), "policy-map" ( /* Policy-map describing the packet marking rule */ sc( arg /* Name of Policy-map to be applied */ ) ).as(:oneline) ) ), "rewrite-rules" ( /* Write code point value of outgoing packets */ c( "dscp" arg ( /* Differentiated Services code point rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "dscp-ipv6" arg ( /* Differentiated Services code point rewrite rule IPv6 */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "exp" arg ( /* MPLS EXP rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "ieee-802.1" arg ( /* IEEE-802.1 rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "inet-precedence" arg ( /* IPv4 precedence rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "frame-relay-de" arg ( /* Frame relay discard eligible bit rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ) ) ), "fabric" ( /* Define CoS parameters of switch fabric */ c( "scheduler-map" ( /* Mapping of fabric traffic to packet schedulers */ c( "priority" enum(("low" | "high")) ( /* Fabric traffic priority */ sc( "scheduler" arg /* Scheduler name */ ) ).as(:oneline) ) ) ) ), "scheduler-maps" arg ( /* Mapping of forwarding classes to packet schedulers */ c( "forwarding-class" arg ( /* Forwarding class name to map to scheduler */ sc( "scheduler" arg /* Scheduler name */ ) ).as(:oneline) ) ), "fragmentation-maps" arg ( /* Mapping of forwarding class to fragmentation options */ c( "forwarding-class" arg ( /* Forwarding class name to map to fragmentation options */ c( c( "fragment-threshold" arg /* Fragmentation threshold */, "no-fragmentation" /* Don't allow fragmentation */ ), "multilink-class" arg /* Multilink-Class assigned to the forwarding class */, "drop-timeout" arg /* Drop timeout */ ) ) ) ), "schedulers" arg ( /* Packet schedulers */ c( "transmit-rate" ( /* Transmit rate */ c( c( arg /* Transmit rate as rate */, "percent" arg /* Transmit rate as percentage */, "remainder" ( /* Remainder available */ c( arg ) ) ), c( "exact" /* Enforce exact transmit rate */, "rate-limit" /* Enforce rate limit that uses policer */ ) ) ), "excess-rate" ( /* Excess bandwidth sharing proportion */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "shaping-rate" ( /* Shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "buffer-size" ( /* Queue transmission buffer size */ c( c( "percent" arg /* Buffer size as a percentage */, "remainder" ( /* Remainder of buffer size available */ c( arg ) ), "temporal" arg /* Buffer size as temporal value */ ), c( "exact" /* Enforce exact buffer size */ ), "buffer-partition" ( /* Partition buffer size among multicast and unicast */ c( "multicast" ( /* Specify multicast fraction of reserved buffer */ c( "percent" arg ) ) ) ) ) ), "shared-buffer" ( /* Queue transmission shared-buffer */ c( "maximum" ( /* Control the amount of shared buffer a given queue can consume */ c( arg, "multicast" ( /* Control the amount of shared buffer mcast pkts consume */ c( arg ) ) ) ) ) ), "priority" arg /* Scheduling priority */, "excess-priority" arg /* Priority in the excess region */, "drop-profile-map" ( /* Assign drop profile to a loss priority and protocol */ s( "loss-priority" ( /* Loss priority value */ ("low" | "high" | "medium-low" | "medium-high" | "any") ), "protocol" ( /* Protocol type */ ("tcp" | "non-tcp" | "any") ), c( "drop-profile" arg /* Name of drop profile to apply */ ) ) ).as(:oneline), "explicit-congestion-notification" /* Enable or Disable Explicit Congestion Notification */, "drop-profile-map-set" ( /* System drop profile */ c( arg, "profile-type" ( ("drop" | "mark") ) ) ), "adjust-percent" arg /* Percent of a bandwidth adjustment applied to a queue */, "adjust-minimum" arg /* Minimum shaping-rate when adjusted */ ) ), "adjustment-control-profiles" arg ( /* Adjustment control profiles */ c( "application" enum(("ancp" | "radius-coa" | "pppoe-tags" | "dhcp-tags")) ( /* Applications that can perform adjustments */ sc( "priority" arg /* Priority for the application; 1 is the highest */, "algorithm" ( /* Adjustment algorithm for the application */ ("adjust-less" | "adjust-less-or-equal" | "adjust-greater" | "adjust-greater-or-equal" | "adjust-always" | "adjust-never") ) ) ).as(:oneline) ) ), "traceoptions" ( /* Trace options for class-of-service process */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("init" | "show" | "route-socket" | "parse" | "process" | "util" | "restart" | "snmp" | "hardware-database" | "asynch" | "dynamic" | "cos-adjustment" | "performance-monitor" | "chassis-scheduler" | "cn-util" | "snmp-timeouts" | "all" | "feature-capability" | "application")) /* Tracing parameters */.as(:oneline) ) ), "multi-destination" ( /* Multicast class of service */ c( "scheduler-map" arg /* Scheduler map for multi destination */, "family" ( /* Family Inet/Inet6/Ethernet */ c( "ethernet" ( /* Ethernet switching options */ c( "broadcast" arg /* Forwarding class to be applied to broadcast */ ) ), "inet" ( /* IP Multicast */ c( "classifier" ( /* Classifier applied to ip-multicast */ c( "dscp" ( /* Differentiated Services code point classifier */ sc( arg ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( arg ) ).as(:oneline) ) ) ) ), "inet6" ( /* IPv6 Multicast */ c( "classifier" ( /* Classifier applied to ipv6-multicast */ c( "dscp-ipv6" ( /* Differentiated Services code point classifier */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "classifiers" ( /* Classifier applied to multicast traffic */ c( "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( arg ) ).as(:oneline), "dscp" ( /* Differentiated services code point classifier */ sc( arg ) ).as(:oneline), "dscp-ipv6" ( /* Differentiated services code point classifier IPv6 */ sc( arg ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( arg ) ).as(:oneline) ) ), "forwarding-class" arg /* Forwarding class assigned to incoming Multi-destination packets */ ) ), "application-traffic-control" ( /* Application classifier configuration */ c( "traceoptions" ( /* Trace options for application classifier */ appqos_traceoptions_type /* Trace options for application classifier */ ), "rate-limiters" arg ( /* Configure application-traffic-control rate limiters */ c( "bandwidth-limit" arg /* Bandwidth limit */, "burst-size-limit" arg /* Burst size limit (default with bandwidth-limit and no larger than 6400 * bandwidth) */ ) ), "rule-sets" arg ( /* Configure application-traffic-control rule-sets */ c( "rule" ( /* Rule */ appqos_rule_type /* Rule */ ) ) ) ) ) ) end rule(:appqos_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) end rule(:appqos_rule_type) do arg.as(:arg) ( c( "match" ( /* Specify application traffic control rule match-criteria */ c( "application-any" /* Any applications */, "application-unknown" /* Uknown applcations */, "application-known" /* Identifiable applications */, "application" arg, "application-group" arg ) ), "then" ( /* Specify rule action to take when packet match criteria */ c( "forwarding-class" arg /* Forwarding class for outgoing packets */, "dscp-code-point" arg /* DSCP code point bitmap or alias */, "loss-priority" ( /* Packet loss priority */ ("low" | "medium-low" | "medium-high" | "high") ), "rate-limit" ( /* Apply rate limiters */ c( "client-to-server" arg /* Client-to-server rate limiter */, "server-to-client" arg /* Server-to-client rate limiter */, "loss-priority-high" /* Set Rate limiter's action Loss-Priority to high */ ) ), "log" /* Log the action */ ) ) ) ) end rule(:cos_interfaces_type) do arg.as(:arg) ( c( "forwarding-class-set" arg ( /* Map forwarding class sets to output traffic control profile */ c( "output-traffic-control-profile" ( /* Output traffic control profile for the interface */ sc( arg ) ).as(:oneline) ) ), "congestion-notification-profile" arg /* Congestion notification profile for the interface */, "rewrite-value" ( /* FC interface rewrite value */ c( "input" ( /* Input direction */ c( "ieee-802.1" ( /* IEEE 802.1 code point */ c( "code-point" ( /* IEEE 802.1 code point */ c( arg /* IEEE 802.1 code point */ ) ) ) ) ) ) ) ), "scheduler-map-forwarding-class-set" arg /* Output scheduler map forwarding-class-set */, "scheduler-map" arg /* Output scheduler map */, "input-scheduler-map" arg /* Input scheduler map */, "scheduler-map-chassis" ( /* Scheduler map applied to chassis queues (not PIC queues) */ ("derived") ), "output-forwarding-class-map" arg /* Output forwarding class map name */, "shaping-rate" ( /* Output shaping rate */ sc( arg /* Shaping rate as an absolute rate */ ) ).as(:oneline), "input-excess-bandwidth-share" ( /* Input Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "excess-bandwidth-share" ( /* Output Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "input-shaping-rate" ( /* Input shaping rate */ sc( arg /* Input shaping rate as an absolute rate */ ) ).as(:oneline), "input-traffic-control-profile" ( /* Input traffic control profile */ sc( arg ) ).as(:oneline), "input-traffic-control-profile-remaining" ( /* Input traffic control profile for remaining traffic on the ifd */ sc( arg ) ).as(:oneline), "output-traffic-control-profile" ( /* Output traffic control profile */ sc( arg ) ).as(:oneline), "output-traffic-control-profile-remaining" ( /* Output traffic control profile for remaining traffic on the ifd */ sc( arg ) ).as(:oneline), "member-link-scheduler" ( /* Scheduler parameter model for member link */ sc( c( "scale" /* Scale scheduler parameters on aggregate interface */, "replicate" /* Copy scheduler parameters from aggregate interface */ ) ) ).as(:oneline), "traffic-class-map" ( /* Packet code point to input priority mapping */ c( "inet-precedence" ( /* IPv4 precedence code point traffic-class-map */ c( arg ) ), "dscp" ( /* Differentiated services code point traffic-class-map */ c( arg ) ), "exp" ( /* MPLS experimental code point traffic-class-map */ c( arg ) ), "ieee-802.1" ( /* IEEE-802.1 code point traffic-class-map */ c( arg, "vlan-tag" ( /* VLAN tag used for traffic-class-map */ ("outer" | "inner") ) ) ), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) code point traffic-class-map */ c( arg, "vlan-tag" ( /* VLAN tag used for traffic-class-map */ ("outer" | "inner") ) ) ) ) ), "unit" enum(("*")) ( /* Logical interface unit (or wildcard) */ c( "output-forwarding-class-map" arg /* Output forwarding class map name */, "forwarding-class" arg /* Forwarding class assigned to incoming packets */, "virtual-channel-group" arg /* Virtual channel group applied to this logical interface */, "vc-shared-scheduler" /* Virtual channel group shared scheduler indicator */, "scheduler-map" arg /* Output scheduler map */, "input-scheduler-map" arg /* Input scheduler map */, "fragmentation-map" arg /* Fragmentation map applied to this logical interface */, "adaptive-shaper" arg /* Adaptive shaper applied to this logical interface */, "shaping-rate" ( /* Output shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ) ) ).as(:oneline), "input-shaping-rate" ( /* Input shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ) ) ).as(:oneline), "input-traffic-control-profile" ( /* Input traffic control profile */ sc( arg, "shared-instance" arg /* Name of the shared instance */ ) ).as(:oneline), "output-traffic-control-profile" ( /* Output traffic control profile */ sc( arg, "shared-instance" arg /* Name of the shared instance */ ) ).as(:oneline), "output-traffic-control-profile-remaining" ( /* Output traffic control profile for remaining traffic on the ifl */ sc( arg /* Name of the traffic control profile */ ) ).as(:oneline), "report-ingress-shaping-rate" ( /* Report ingress shaping rate */ sc( c( arg /* Ingress shaping rate as an absolute value */ ) ) ).as(:oneline), "classifiers" ( /* Classifiers applied to incoming packets */ c( "no-default" /* Do not apply default classifiers to this interface */, "dscp" ("default") ( /* Differentiated Services code point classifier */ c( "family" arg /* Family for DSCP classifier */ ) ), "dscp-ipv6" ("default") ( /* Differentiated Services code point classifier IPv6 */ c( "family" arg /* Family for DSCP Ipv6 classifier */ ) ), "exp" ( /* EXP classifier */ sc( ("default") ) ).as(:oneline), "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner" | "transparent") ) ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( ("default") ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline) ) ), "ingress-rewrite-rules" ( /* Rewrite rules applied to outgoing packets of the ingress interface */ c( "dscp" ("default") /* Differentiated Services code point rewrite rule */.as(:oneline), "dscp-ipv6" ( /* Differentiated Services code point rewrite rule IPv6 */ sc( ("default") ) ).as(:oneline), "inet-precedence" ("default") /* IPv4 precedence rewrite rule */.as(:oneline) ) ), "loss-priority-maps" ( /* Loss priority maps applied to incoming packets */ c( "frame-relay-de" ( /* Frame Relay discard eligible bit loss priority map */ sc( ("default") ) ).as(:oneline) ) ), "rewrite-rules" ( /* Rewrite rules applied to outgoing packets */ c( "dscp" ("default") ( /* Differentiated Services code point rewrite rule */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls" | "gtp-inet-outer" | "gtp-inet-both" | "inet-outer" | "inet-both") ) ) ).as(:oneline), "dscp-ipv6" ("default") ( /* Differentiated Services code point rewrite rule IPv6 */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls" | "gtp-inet-outer" | "gtp-inet-both") ) ) ).as(:oneline), "exp" ("default") ( /* EXP rewrite rule */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls-any" | "mpls-inet-both" | "mpls-inet-both-non-vpn") ) ) ).as(:oneline), "ieee-802.1" ( /* IEEE-802.1 rewrite rule */ sc( ("default"), "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ).as(:oneline), "inet-precedence" ("default") ( /* IPv4 precedence rewrite rule */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls" | "gtp-inet-outer" | "gtp-inet-both" | "inet-outer" | "inet-both") ) ) ).as(:oneline), "exp-swap-push-push" ( /* Copy incoming EXP into all swap-push-push labels */ sc( c( "default" /* Apply default rewrite rule */ ) ) ).as(:oneline), "exp-push-push-push" ( /* Top-label EXP rewrite rule for push-push-push operation */ sc( c( "default" /* Apply default rewrite rule */ ) ) ).as(:oneline), "frame-relay-de" ( /* Frame relay discard eligible bit rewrite rule */ sc( ("default") ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) rewrite rule */ c( ("default"), "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ) ) ), "loss-priority-rewrites" ( /* Loss priority rewrites applied to outgoing packets */ c( "frame-relay-de" ( /* Frame Relay discard eligible bit loss priority rewrite */ sc( ("default") ) ).as(:oneline) ) ), "translation-table" ( /* Translation tables applied to incoming packets */ c( "to-inet-precedence-from-inet-precedence" ( /* IPv4 precedence translation table */ sc( arg ) ).as(:oneline), "to-dscp-from-dscp" ( /* Differentiated Services code point translation table */ sc( arg ) ).as(:oneline), "to-dscp-ipv6-from-dscp-ipv6" ( /* Differentiated Services code point IPV6 translation table */ sc( arg ) ).as(:oneline), "to-exp-from-exp" ( /* EXP translation table */ sc( arg ) ).as(:oneline) ) ), "policy-map" ( /* Policy-map describing the packet marking rule */ sc( arg /* Name of Policy-map to be applied */ ) ).as(:oneline) ) ), "classifiers" ( /* Classifiers applied to incoming packets */ c( "dscp" ("default") /* Differentiated Services code point classifier */, "dscp-ipv6" ("default") /* Differentiated Services code point classifier IPv6 */, "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( ("default") ) ).as(:oneline) ) ), "forwarding-class" arg /* Forwarding class assigned to incoming packets */, "rewrite-rules" ( /* Rewrite rules applied to outgoing packets */ c( "dscp" ("default") /* Differentiated Services code point rewrite rule */.as(:oneline), "dscp-ipv6" ("default") /* Differentiated Services code point rewrite rule IPv6 */.as(:oneline), "ieee-802.1" ( /* IEEE-802.1 rewrite rule */ sc( ("default") ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) rewrite rule */ c( ("default"), "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer") ) ) ), "inet-precedence" ("default") /* IPv4 precedence rewrite rule */.as(:oneline) ) ), "multi-destination" ( /* Multi-destination class of service */ c( "classifiers" ( /* Classifier applied to multi-destination traffic */ c( "ieee-802.1" ( /* IEEE-802.1P classifier */ sc( arg ) ).as(:oneline), "dscp" ( /* Differentiated services code point classifier */ sc( arg ) ).as(:oneline), "dscp-ipv6" ( /* Differentiated services code point classifier IPv6 */ sc( arg ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( arg ) ).as(:oneline) ) ), "forwarding-class" arg /* Forwarding class assigned to incoming Multi-destination packets */ ) ) ) ) end rule(:juniper_def_rtb_switch_options) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "service-id" arg /* Service ID required if multi-chassis AE is part of a bridge-domain */, "ovsdb-managed" /* All vxlan bridge domains in routing instance are remote managed */, "vtep-source-interface" ( /* Source layer-3 IFL for VXLAN */ sc( interface_unit, c( "inet" ( /* IPv4 source */ c( "preferred" ( /* Source address for IPV4 */ ipv4addr /* Source address for IPV4 */ ) ) ), "inet6" ( /* IPv6 source */ c( "preferred" ( /* Source address for IPV6 */ ipv6addr /* Source address for IPV6 */ ) ) ) ) ) ).as(:oneline), "voip" ( /* Voice-over-IP configuration */ c( "interface" (arg | "access-ports") ( /* Enable voice over IP on this port */ c( "vlan" arg /* VLAN for voice over IP */, "forwarding-class" arg /* Forwarding class */ ) ) ) ), "unknown-unicast-forwarding" ( /* Set interface for forwarding of unknown unicast packets */ c( "vlan" arg ( /* VLAN for the unknown unicast packets */ c( "interface" ( /* Interface to send unknown unicast packets for the VLAN */ interface_name /* Interface to send unknown unicast packets for the VLAN */ ) ) ) ) ), "authentication-whitelist" arg ( /* MAC authentication-whitelist configuration needed to bypass Authentication */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "bridge-domain-assignment" arg /* Bridge-domain name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ), "route-distinguisher" ( /* Route distinguisher for this instance */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline), "vrf-import" ( /* Import policy for VRF instance RIBs */ policy_algebra /* Import policy for VRF instance RIBs */ ), "vrf-export" ( /* Export policy for VRF instance RIBs */ policy_algebra /* Export policy for VRF instance RIBs */ ), "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community to use in import and export */, "import" arg /* Target community to use when filtering on import */, "export" arg /* Target community to use when marking routes on export */, "auto" ( /* Auto derive import and export target community from BGP AS & L2 */ juniper_def_rtb_auto_import_as /* Auto derive import and export target community from BGP AS & L2 */ ) ) ), "vtep-remote-interface" ( /* Remote VTEP interface */ c( "remote-ip" arg ( /* Remote VTEP IP address */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ), "default" ( /* To all remote vtep interface */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ) ) ), "interface" arg ( /* Interface for configuring bridge-options */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "persistent-learning" /* Enable persistent MAC learning on this interface */, "no-mac-notification" /* Disable mac notification on this interface */ ) ), "remote-vtep-list" ( /* Configure static remote VXLAN tunnel endpoints */ ipaddr /* Configure static remote VXLAN tunnel endpoints */ ), "interface-shutdown-action" ( /* Interface shutdown mode for Storm-Control/Mac-Limit/Mac-Move-limit scenario */ ("soft-shutdown" | "hard-shutdown") ), "remote-vtep-v6-list" ( /* Configurate static IPv6 remote VXLAN tunnel endpoints */ ipv6addr /* Configurate static IPv6 remote VXLAN tunnel endpoints */ ), "redundant-trunk-group" ( /* Redundant trunk group */ c( "group" arg ( /* Name of Redundant trunk group */ c( "preempt-cutover-timer" arg /* Hold timer for primary interface before preempting secondary interface */, "description" arg /* Text description of the RTG */, "interface" arg ( /* Interfaces that are part of this redundant trunk group */ c( "primary" /* Set Primary Redundant Trunk Group interface */ ) ) ) ) ) ) ) end rule(:juniper_def_rtb_auto_import_as) do c( "import-as" arg ( /* AS to auto import for a list of VNI ids */ c( "vni-list" arg /* List of VNI identifiers or all */ ) ) ) end rule(:juniper_diameter_avp_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "exclude-avp-options" ( /* Specify excluded AVP options in diameter AVP */ c( "ps-information" /* Exclude PS Information AVP.If excluded, all the 3GPP AVPs will be sent at command level */, "user-location-3gpp" /* Exclude 3GPP user location AVP */, "framed-v4-address" /* Exclude framed V4 address AVP. If excluded, PDP Address AVP will be used */, "gprs-negotiated-qos" /* Exclude GPRS negotiated QOS AVP. If excluded, QOS Information AVP will be used */, "username" /* Exclude USERNAME AVP */, "user-equip-info" /* Exclude user equipment info AVP */, "all-3gpp-avps" /* Exclude all 3GPP AVPs */, "qos-information" /* Exclude QOS information AVP */, "pdn-connection-id" /* Exclude PDN connection id information AVP */, "dynamic-address-flag" /* Exclude dynamic address flag information AVP */, "serving-node-type" /* Exclude servining node type information AVP */, "charging-charact-select-mode" /* Exclude charging characteristics selection mode information AVP */, "start-time" /* Exclude start time information AVP */, "stop-time" /* Exclude stop time information AVP */ ) ) ) ) end rule(:juniper_dynamic_profile_object) do arg.as(:arg) ( c( "variables" ( /* Dynamic variable configuration */ juniper_dynamic_variable_object /* Dynamic variable configuration */ ), "predefined-variable-defaults" ( /* Assign default values to predefined variables */ c( "cos-excess-rate" ( /* Default for junos-cos-excess-rate */ c( "proportion" arg /* Excess rate as proportion */, "percent" arg /* Excess rate as percentage */ ) ), "cos-excess-rate-high" ( /* Default for junos-cos-excess-rate-high */ c( "proportion" arg /* Excess rate as proportion */, "percent" arg /* Excess rate as percentage */ ) ), "cos-excess-rate-low" ( /* Default for junos-cos-excess-rate-low */ c( "proportion" arg /* Excess rate as proportion */, "percent" arg /* Excess rate as percentage */ ) ), "cos-scheduler-tx" ( /* Default for junos-cos-scheduler-tx */ c( "rate" arg /* Transmit rate as rate */, "percent" arg /* Transmit rate as percentage */ ) ), "cos-scheduler-bs" ( /* Default for junos-cos-scheduler-bs */ c( "percent" arg /* Buffer size as percentage */, "temporal" arg /* Buffer size as temporal */ ) ), "cos-scheduler-shaping-rate" ( /* Default for junos-cos-scheduler-shaping-rate */ c( "rate" arg /* Shaping rate as rate */, "percent" arg /* Shaping rate as percentage */ ) ), base_default_variable_object ) ), "routing-instances" ( /* Routing instance configuration */ c( c( "interface" ("$junos-interface-name" | arg) ( /* Interface name for this routing instance */ c( c( "any" /* Interface used for both unicast and multicast traffic */, "unicast" /* Interface used for unicast traffic only */, "multicast" /* Interface used for multicast traffic only */ ), "primary" /* Preferred multicast vt interface for the routing-instance */ ) ), "routing-options" ( /* Protocol-independent routing option configuration */ c( "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" ( /* BGP peers for filter */ ipaddr /* BGP peers for filter */ ), "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */ ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "flow" ( /* Locally defined flow routing information */ c( "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "route" ( /* Flow route */ flow_route_inet6 /* Flow route */ ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ) ) ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "multicast" ( /* Global multicast options */ c( "traceoptions" ( /* Global multicast trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rpf" arg, "scope" arg ( /* Multicast address scope */ c( "prefix" ( /* Administratively scoped address */ ipprefix /* Administratively scoped address */ ), "interface" ( /* Interface on which to configure scoping */ interface_name /* Interface on which to configure scoping */ ) ) ), "scope-policy" ( /* Scoping policy */ policy_algebra /* Scoping policy */ ), "flow-map" arg ( /* Multicast flow map configuration */ c( "policy" ( /* Policy for matched flows */ policy_algebra /* Policy for matched flows */ ), "bandwidth" ( /* Bandwidth properties for matched flows */ sc( arg /* Static or default bandwidth for the matched flows */, "adaptive" /* Auto-sense bandwidth for matched flows */ ) ).as(:oneline), "redundant-sources" ( /* Redundant source addresses */ ipaddr /* Redundant source addresses */ ), "forwarding-cache" ( /* Forwarding cache properties for matched flows */ c( "timeout" ( /* Timeout properties for matched flows */ sc( c( arg, "never" ( /* Forwarding cache entries never time out */ c( "non-discard-entry-only" /* Apply only to non-discard entries */ ) ) ) ) ).as(:oneline) ) ) ) ), "resolve-filter" ( /* Multicast resolve policy filter */ policy_algebra /* Multicast resolve policy filter */ ), "ssm-groups" ( /* Source-specific multicast group ranges */ ipprefix /* Source-specific multicast group ranges */ ), "asm-override-ssm" /* Allow ASM state for SSM group ranges */, "rpf-check-policy" ( /* Disable RPF check for a source group pair */ policy_algebra /* Disable RPF check for a source group pair */ ), "pim-to-igmp-proxy" ( /* PIM-to-IGMP proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "pim-to-mld-proxy" ( /* PIM-to-MLD proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "allow-maximum" /* Allow maximum of global and family level threshold values for suppress and reuse */, "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "threshold" ( /* Multicast forwarding cache suppress threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ) ) ), "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ), "timeout" arg /* Forwarding cache entry timeout in minutes */ ) ), "interface" ( /* Multicast interface options */ multicast_interface_options_type /* Multicast interface options */ ), "ssm-map" arg ( /* SSM map definitions */ c( "policy" ( /* Policy for matching group */ policy_algebra /* Policy for matching group */ ), "source" ( /* One or more source addresses */ ipaddr /* One or more source addresses */ ) ) ), "stream-protection" ( /* Multicast only Fast Re-Route */ c( "mofrr-primary-path-selection-by-routing" /* Multicast only Fast Re-Route primary path by Routing */, "mofrr-disjoint-upstream-only" /* Multicast only Fast Re-Route disjoint upstream only */, "mofrr-no-backup-join" /* Multicast only Fast Re-Route no backup join */, "mofrr-asm-starg" /* Multicast only Fast Re-Route asm (*,G) */, "policy" ( /* MoFRR Policy */ policy_algebra /* MoFRR Policy */ ) ) ), "backup-pe-group" arg ( /* Backup PE group definitions */ c( "backups" ( /* One or more IP addresses */ ipaddr /* One or more IP addresses */ ), "local-address" ( /* Address to be used as local-address for this group */ ipaddr /* Address to be used as local-address for this group */ ) ) ), "omit-wildcard-address" /* Omit wildcard source/group fields in SPMSI AD NLRI */, "local-address" ( /* Local address for PIM and MVPN sessions */ ipv4addr /* Local address for PIM and MVPN sessions */ ) ) ) ) ) ) ) ), "interfaces" ( /* Interface configuration */ c( "pic-set" arg ( /* NP bundling configuration */ c( "interface" arg /* One or more interfaces that use this picset */, "fpc" arg ( c( "pic" arg /* Physical Interface Card number */ ) ) ) ), "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") ( /* Logical interface set configuration */ c( "targeted-distribution" /* Interface participates in targeted-distribution */, "targeted-options" /* Targeting specific options */, "interface" arg ( /* One or more interfaces that belong to interface set */ c( "unit" arg /* One or more logical interface unit numbers */, "vlan-tags-outer" arg /* One or more outer VLAN tags */ ) ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ) ) ), "traceoptions" ( /* Interface trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "kernel" | "change-events" | "kernel-detail" | "config-states" | "resource-usage" | "gres-events" | "select-events" | "bfd-events" | "lib-events" | "reserved" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "informational" | "debugging" | "verbose" | "japi")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface-range" arg ( /* Interface ranges configuration */ c( "member" arg /* Interfaces belonging to the interface range */, "member-range" arg ( /* Interfaces range in to format */ sc( "end-range" ( interface_device ) ) ).as(:oneline), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */ ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "10g" | "40g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ) ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */ ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ service_set_syslog_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( ipaddr /* Source IP */, "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ) ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( ipaddr /* Dest IP */, "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ) ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( ipv6addr /* Source softwire IP */, "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ) ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( ipaddr /* Destination softwire IP */, "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ) ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ) ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.26" | "1568.16" | "1568.05" | "1567.95" | "1567.85" | "1567.75" | "1567.64" | "1567.54" | "1567.44" | "1567.34" | "1567.23" | "1567.13" | "1567.03" | "1566.93" | "1566.83" | "1566.72" | "1566.62" | "1566.52" | "1566.42" | "1566.31" | "1566.21" | "1566.11" | "1566.01" | "1565.90" | "1565.80" | "1565.70" | "1565.60" | "1565.50" | "1565.39" | "1565.29" | "1565.19" | "1565.09" | "1564.99" | "1564.88" | "1564.78" | "1564.68" | "1564.58" | "1564.47" | "1564.37" | "1564.27" | "1564.17" | "1564.07" | "1563.96" | "1563.86" | "1563.76" | "1563.66" | "1563.56" | "1563.45" | "1563.35" | "1563.25" | "1563.15" | "1563.05" | "1562.95" | "1562.84" | "1562.74" | "1562.64" | "1562.54" | "1562.44" | "1562.33" | "1562.23" | "1562.13" | "1562.03" | "1561.93" | "1561.83" | "1561.72" | "1561.62" | "1561.52" | "1561.42" | "1561.32" | "1561.22" | "1561.11" | "1561.01" | "1560.91" | "1560.81" | "1560.71" | "1560.61" | "1560.50" | "1560.40" | "1560.30" | "1560.20" | "1560.10" | "1560.00" | "1559.90" | "1559.79" | "1559.69" | "1559.59" | "1559.49" | "1559.39" | "1559.29" | "1559.19" | "1559.08" | "1558.98" | "1558.88" | "1558.78" | "1558.68" | "1558.58" | "1558.48" | "1558.38" | "1558.27" | "1558.17" | "1558.07" | "1557.97" | "1557.87" | "1557.77" | "1557.67" | "1557.57" | "1557.46" | "1557.36" | "1557.26" | "1557.16" | "1557.06" | "1556.96" | "1556.86" | "1556.76" | "1556.66" | "1556.55" | "1556.45" | "1556.35" | "1556.25" | "1556.15" | "1556.05" | "1555.95" | "1555.85" | "1555.75" | "1555.65" | "1555.55" | "1555.44" | "1555.34" | "1555.24" | "1555.14" | "1555.04" | "1554.94" | "1554.84" | "1554.74" | "1554.64" | "1554.54" | "1554.44" | "1554.34" | "1554.23" | "1554.13" | "1554.03" | "1553.93" | "1553.83" | "1553.73" | "1553.63" | "1553.53" | "1553.43" | "1553.33" | "1553.23" | "1553.13" | "1553.03" | "1552.93" | "1552.83" | "1552.73" | "1552.62" | "1552.52" | "1552.42" | "1552.32" | "1552.22" | "1552.12" | "1552.02" | "1551.92" | "1551.82" | "1551.72" | "1551.62" | "1551.52" | "1551.42" | "1551.32" | "1551.22" | "1551.12" | "1551.02" | "1550.92" | "1550.82" | "1550.72" | "1550.62" | "1550.52" | "1550.42" | "1550.32" | "1550.22" | "1550.12" | "1550.02" | "1549.92" | "1549.82" | "1549.72" | "1549.62" | "1549.52" | "1549.42" | "1549.32" | "1549.21" | "1549.11" | "1549.01" | "1548.91" | "1548.81" | "1548.71" | "1548.61" | "1548.51" | "1548.41" | "1548.31" | "1548.21" | "1548.11" | "1548.02" | "1547.92" | "1547.82" | "1547.72" | "1547.62" | "1547.52" | "1547.42" | "1547.32" | "1547.22" | "1547.12" | "1547.02" | "1546.92" | "1546.82" | "1546.72" | "1546.62" | "1546.52" | "1546.42" | "1546.32" | "1546.22" | "1546.12" | "1546.02" | "1545.92" | "1545.82" | "1545.72" | "1545.62" | "1545.52" | "1545.42" | "1545.32" | "1545.22" | "1545.12" | "1545.02" | "1544.92" | "1544.82" | "1544.72" | "1544.63" | "1544.53" | "1544.43" | "1544.33" | "1544.23" | "1544.13" | "1544.03" | "1543.93" | "1543.83" | "1543.73" | "1543.63" | "1543.53" | "1543.43" | "1543.33" | "1543.23" | "1543.13" | "1543.04" | "1542.94" | "1542.84" | "1542.74" | "1542.64" | "1542.54" | "1542.44" | "1542.34" | "1542.24" | "1542.14" | "1542.04" | "1541.94" | "1541.84" | "1541.75" | "1541.65" | "1541.55" | "1541.45" | "1541.35" | "1541.25" | "1541.15" | "1541.05" | "1540.95" | "1540.85" | "1540.76" | "1540.66" | "1540.56" | "1540.46" | "1540.36" | "1540.26" | "1540.16" | "1540.06" | "1539.96" | "1539.86" | "1539.77" | "1539.67" | "1539.57" | "1539.47" | "1539.37" | "1539.27" | "1539.17" | "1539.07" | "1538.98" | "1538.88" | "1538.78" | "1538.68" | "1538.58" | "1538.48" | "1538.38" | "1538.28" | "1538.19" | "1538.09" | "1537.99" | "1537.89" | "1537.79" | "1537.69" | "1537.59" | "1537.50" | "1537.40" | "1537.30" | "1537.20" | "1537.10" | "1537.00" | "1536.90" | "1536.81" | "1536.71" | "1536.61" | "1536.51" | "1536.41" | "1536.31" | "1536.22" | "1536.12" | "1536.02" | "1535.92" | "1535.82" | "1535.72" | "1535.63" | "1535.53" | "1535.43" | "1535.33" | "1535.23" | "1535.13" | "1535.04" | "1534.94" | "1534.84" | "1534.74" | "1534.64" | "1534.54" | "1534.45" | "1534.35" | "1534.25" | "1534.15" | "1534.05" | "1533.96" | "1533.86" | "1533.76" | "1533.66" | "1533.56" | "1533.47" | "1533.37" | "1533.27" | "1533.17" | "1533.07" | "1532.98" | "1532.88" | "1532.78" | "1532.68" | "1532.58" | "1532.49" | "1532.39" | "1532.29" | "1532.19" | "1532.09" | "1532.00" | "1531.90" | "1531.80" | "1531.70" | "1531.60" | "1531.51" | "1531.41" | "1531.31" | "1531.21" | "1531.12" | "1531.02" | "1530.92" | "1530.82" | "1530.72" | "1530.63" | "1530.53" | "1530.43" | "1530.33" | "1530.24" | "1530.14" | "1530.04" | "1529.94" | "1529.85" | "1529.75" | "1529.65" | "1529.55" | "1529.46" | "1529.36" | "1529.26" | "1529.16" | "1529.07" | "1528.97" | "1528.87" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25") ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ) ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP server mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec")) /* DHCPV6 client requested option configuration */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-propagation" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ), interfaces_type ) ), "logical-systems" arg ( /* Logical systems */ c( "interfaces" ( /* Interface configuration */ c( "pic-set" arg ( /* NP bundling configuration */ c( "interface" arg /* One or more interfaces that use this picset */, "fpc" arg ( c( "pic" arg /* Physical Interface Card number */ ) ) ) ), "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") ( /* Logical interface set configuration */ c( "targeted-distribution" /* Interface participates in targeted-distribution */, "targeted-options" /* Targeting specific options */, "interface" arg ( /* One or more interfaces that belong to interface set */ c( "unit" arg /* One or more logical interface unit numbers */, "vlan-tags-outer" arg /* One or more outer VLAN tags */ ) ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ) ) ), "traceoptions" ( /* Interface trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "kernel" | "change-events" | "kernel-detail" | "config-states" | "resource-usage" | "gres-events" | "select-events" | "bfd-events" | "lib-events" | "reserved" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "informational" | "debugging" | "verbose" | "japi")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface-range" arg ( /* Interface ranges configuration */ c( "member" arg /* Interfaces belonging to the interface range */, "member-range" arg ( /* Interfaces range in to format */ sc( "end-range" ( interface_device ) ) ).as(:oneline), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */ ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "10g" | "40g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ) ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */ ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ service_set_syslog_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( ipaddr /* Source IP */, "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ) ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( ipaddr /* Dest IP */, "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ) ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( ipv6addr /* Source softwire IP */, "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ) ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( ipaddr /* Destination softwire IP */, "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ) ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ) ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.26" | "1568.16" | "1568.05" | "1567.95" | "1567.85" | "1567.75" | "1567.64" | "1567.54" | "1567.44" | "1567.34" | "1567.23" | "1567.13" | "1567.03" | "1566.93" | "1566.83" | "1566.72" | "1566.62" | "1566.52" | "1566.42" | "1566.31" | "1566.21" | "1566.11" | "1566.01" | "1565.90" | "1565.80" | "1565.70" | "1565.60" | "1565.50" | "1565.39" | "1565.29" | "1565.19" | "1565.09" | "1564.99" | "1564.88" | "1564.78" | "1564.68" | "1564.58" | "1564.47" | "1564.37" | "1564.27" | "1564.17" | "1564.07" | "1563.96" | "1563.86" | "1563.76" | "1563.66" | "1563.56" | "1563.45" | "1563.35" | "1563.25" | "1563.15" | "1563.05" | "1562.95" | "1562.84" | "1562.74" | "1562.64" | "1562.54" | "1562.44" | "1562.33" | "1562.23" | "1562.13" | "1562.03" | "1561.93" | "1561.83" | "1561.72" | "1561.62" | "1561.52" | "1561.42" | "1561.32" | "1561.22" | "1561.11" | "1561.01" | "1560.91" | "1560.81" | "1560.71" | "1560.61" | "1560.50" | "1560.40" | "1560.30" | "1560.20" | "1560.10" | "1560.00" | "1559.90" | "1559.79" | "1559.69" | "1559.59" | "1559.49" | "1559.39" | "1559.29" | "1559.19" | "1559.08" | "1558.98" | "1558.88" | "1558.78" | "1558.68" | "1558.58" | "1558.48" | "1558.38" | "1558.27" | "1558.17" | "1558.07" | "1557.97" | "1557.87" | "1557.77" | "1557.67" | "1557.57" | "1557.46" | "1557.36" | "1557.26" | "1557.16" | "1557.06" | "1556.96" | "1556.86" | "1556.76" | "1556.66" | "1556.55" | "1556.45" | "1556.35" | "1556.25" | "1556.15" | "1556.05" | "1555.95" | "1555.85" | "1555.75" | "1555.65" | "1555.55" | "1555.44" | "1555.34" | "1555.24" | "1555.14" | "1555.04" | "1554.94" | "1554.84" | "1554.74" | "1554.64" | "1554.54" | "1554.44" | "1554.34" | "1554.23" | "1554.13" | "1554.03" | "1553.93" | "1553.83" | "1553.73" | "1553.63" | "1553.53" | "1553.43" | "1553.33" | "1553.23" | "1553.13" | "1553.03" | "1552.93" | "1552.83" | "1552.73" | "1552.62" | "1552.52" | "1552.42" | "1552.32" | "1552.22" | "1552.12" | "1552.02" | "1551.92" | "1551.82" | "1551.72" | "1551.62" | "1551.52" | "1551.42" | "1551.32" | "1551.22" | "1551.12" | "1551.02" | "1550.92" | "1550.82" | "1550.72" | "1550.62" | "1550.52" | "1550.42" | "1550.32" | "1550.22" | "1550.12" | "1550.02" | "1549.92" | "1549.82" | "1549.72" | "1549.62" | "1549.52" | "1549.42" | "1549.32" | "1549.21" | "1549.11" | "1549.01" | "1548.91" | "1548.81" | "1548.71" | "1548.61" | "1548.51" | "1548.41" | "1548.31" | "1548.21" | "1548.11" | "1548.02" | "1547.92" | "1547.82" | "1547.72" | "1547.62" | "1547.52" | "1547.42" | "1547.32" | "1547.22" | "1547.12" | "1547.02" | "1546.92" | "1546.82" | "1546.72" | "1546.62" | "1546.52" | "1546.42" | "1546.32" | "1546.22" | "1546.12" | "1546.02" | "1545.92" | "1545.82" | "1545.72" | "1545.62" | "1545.52" | "1545.42" | "1545.32" | "1545.22" | "1545.12" | "1545.02" | "1544.92" | "1544.82" | "1544.72" | "1544.63" | "1544.53" | "1544.43" | "1544.33" | "1544.23" | "1544.13" | "1544.03" | "1543.93" | "1543.83" | "1543.73" | "1543.63" | "1543.53" | "1543.43" | "1543.33" | "1543.23" | "1543.13" | "1543.04" | "1542.94" | "1542.84" | "1542.74" | "1542.64" | "1542.54" | "1542.44" | "1542.34" | "1542.24" | "1542.14" | "1542.04" | "1541.94" | "1541.84" | "1541.75" | "1541.65" | "1541.55" | "1541.45" | "1541.35" | "1541.25" | "1541.15" | "1541.05" | "1540.95" | "1540.85" | "1540.76" | "1540.66" | "1540.56" | "1540.46" | "1540.36" | "1540.26" | "1540.16" | "1540.06" | "1539.96" | "1539.86" | "1539.77" | "1539.67" | "1539.57" | "1539.47" | "1539.37" | "1539.27" | "1539.17" | "1539.07" | "1538.98" | "1538.88" | "1538.78" | "1538.68" | "1538.58" | "1538.48" | "1538.38" | "1538.28" | "1538.19" | "1538.09" | "1537.99" | "1537.89" | "1537.79" | "1537.69" | "1537.59" | "1537.50" | "1537.40" | "1537.30" | "1537.20" | "1537.10" | "1537.00" | "1536.90" | "1536.81" | "1536.71" | "1536.61" | "1536.51" | "1536.41" | "1536.31" | "1536.22" | "1536.12" | "1536.02" | "1535.92" | "1535.82" | "1535.72" | "1535.63" | "1535.53" | "1535.43" | "1535.33" | "1535.23" | "1535.13" | "1535.04" | "1534.94" | "1534.84" | "1534.74" | "1534.64" | "1534.54" | "1534.45" | "1534.35" | "1534.25" | "1534.15" | "1534.05" | "1533.96" | "1533.86" | "1533.76" | "1533.66" | "1533.56" | "1533.47" | "1533.37" | "1533.27" | "1533.17" | "1533.07" | "1532.98" | "1532.88" | "1532.78" | "1532.68" | "1532.58" | "1532.49" | "1532.39" | "1532.29" | "1532.19" | "1532.09" | "1532.00" | "1531.90" | "1531.80" | "1531.70" | "1531.60" | "1531.51" | "1531.41" | "1531.31" | "1531.21" | "1531.12" | "1531.02" | "1530.92" | "1530.82" | "1530.72" | "1530.63" | "1530.53" | "1530.43" | "1530.33" | "1530.24" | "1530.14" | "1530.04" | "1529.94" | "1529.85" | "1529.75" | "1529.65" | "1529.55" | "1529.46" | "1529.36" | "1529.26" | "1529.16" | "1529.07" | "1528.97" | "1528.87" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25") ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ time /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ) ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP server mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec")) /* DHCPV6 client requested option configuration */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-propagation" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ), interfaces_type ) ) ) ), "protocols" ( /* Routing protocol configuration */ c( "igmp" ( /* IGMP options */ c( "traceoptions" ( /* Trace options for IGMP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for IGMP */ c( ("disable"), "version" arg /* Set IGMP version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv4addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv4addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "promiscuous-mode" /* Accept igmp messages coming from different subnet */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "passive" ( /* Suppress sending and receiving IGMP messages */ sc( "allow-receive" /* Allow receiving IGMP messages */, "send-general-query" /* Send IGMP general query messages */, "send-group-query" /* Send IGMP group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed IGMP interface */ ) ), "amt" ( /* Automatic Multicast Tunnel options for IGMP */ c( "relay" ( /* AMT relay options for IGMP */ c( "defaults" ( /* Default AMT relay options for IGMP */ c( "version" arg /* Set IGMP version number on AMT interfaces */, "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "robust-count" arg /* Expected packet loss on a subnet */, "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */ ) ) ) ) ) ) ) ), "oam" ( /* Operation, Administration, and Management configuration */ c( "ethernet" ( /* OAM configuration for Ethernet */ c( "link-fault-management" ( /* 802.3ah Ethernet OAM configuration */ c( "traceoptions" ( /* Trace options for link-fault management */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "action-profile" | "all")) /* Tracing parameters */.as(:oneline) ) ), "action-profile" arg ( /* Define an action profile */ c( "event" ( /* Events this action profile will check */ c( "link-adjacency-loss" /* Loss of adjacency with OAM peer */, "protocol-down" /* Upper layer indication on protocol down */, "link-event-rate" ( c( "symbol-period" arg /* Rate of receiving symbol period events */, "frame-error" arg /* Rate of receiving frame error events */, "frame-period" arg /* Rate of receiving frame period events */, "frame-period-summary" arg /* Rate of receiving frame period summary events */ ) ) ) ), "action" ( /* Action to take on specified events */ c( "syslog" /* Generate syslog message */, "link-down" /* Mark the interface down for transit traffic */, "send-critical-event" /* Start sending OAM PDUs with critical event bit set */ ) ) ) ), "interface" arg ( /* Interface on which to set Ethernet OAM parameters */ c( "apply-action-profile" arg /* Apply the specified action profile on the interface */, "pdu-interval" arg /* Periodic OAM protocol data unit interval */, "loopback-tracking" /* Enable link down on loopback detection */, "detect-loc" /* Detects initial lack of adjacency formation */, "link-discovery" ( /* Mode of discovery */ ("active" | "passive") ), "pdu-threshold" arg /* Number of PDUs missed before declaring peer lost */, "remote-loopback" /* Put remote DTE into remote-loopback mode */, "negotiation-options" ( /* 802.3ah features supported on the interface */ c( "no-allow-link-events" /* Do not emit periodic PDUs detailing framing and symbol errors */, "allow-remote-loopback" /* Allow local port to be put into loopback mode */ ) ), "event-thresholds" ( /* Thresholds for sending 802.3ah events */ c( "symbol-period" arg /* Threshold for sending symbol period events */, "frame-error" arg /* Threshold for sending frame error events */, "frame-period" arg /* Threshold for sending frame period error events */, "frame-period-summary" arg /* Threshold for sending frame period summary error events */ ) ) ) ) ) ), "connectivity-fault-management" ( /* Configurations related to 802.1ag ethernet oam */ c( "performance-monitoring" ( /* Configurations related to ethernet performance monitoring */ c( "hardware-assisted-timestamping" /* Enable timestamping feature in hardware */, "delegate-server-processing" /* Delegate performance measurement request handling to PFE */, "hardware-assisted-keepalives" ( /* Enable/Disable delegating keepalives to hardware */ ("enable" | "disable") ), "enhanced-sla-iterator" /* Enable Enhanced SLA Iterator Cycle-time */, "measurement-interval" ( /* Enables measurement-interval based PM (MEF 36 mode). Default 15 min in enhanced-cfm-mode */ ("2" | "5" | "15" | "30" | "60") ), "sla-iterator-profiles" arg ( /* Configuration related to an sla monitoring iterator */ c( "disable" /* Disable the iterator profile */, "measurement-type" ( /* Choice of the type of Y.1731(SLA measurement) frame to be sent */ ("two-way-delay" | "loss" | "slm" | "statistical-frame-loss") ), "flap-trap-monitor" arg /* Configurable timer value 1-360 */, "cycle-time" arg /* Time period of an iterator profile */, "iteration-period" arg /* Maximum services under this iterator profile */, "calculation-weight" ( /* Configure delay and delay variation calculation weight */ c( "delay" arg /* Weight used in delay calculation */, "delay-variation" arg /* Weight used in delay-variation calculation */ ) ), "avg-flr-forward-threshold" ( /* Avg forward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-flr-backward-threshold" ( /* Avg backward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fd-twoway-threshold" ( /* Avg frame delay threshold value */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fdv-twoway-threshold" ( /* Avg frame delay variance threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "measurement-interval" ( /* Measurement-interval to be used for this PM session (MEF 36 mode) */ ("2" | "5" | "15" | "30" | "60") ), "frame-delay" ( /* Bin configuration for frame delay */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "frame-delay-range" ( /* Bin configuration for frame delay range */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "ifdv" ( /* Bin configuration for IFDV */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "availability" ( /* Configuration of availabilty related parameters (MEF 36 mode) */ c( "num-consecutive-pdus" arg /* Number of consecutive LM/SLM PDUs to be used in availability measurement */, "flr-threshold" arg /* FLR threshold in milli-percent to be used for evaluating availability */, "num-consecutive-intervals" arg /* Number of consecutive availability indicators to detect change in availability */, "num-consecutive-highflr" arg /* Number of consecutive availability indicators to access CHLI */ ) ) ) ), "interface" arg ( /* Name of interface for the performance monitoring */ sc( "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */ ) ).as(:oneline), "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */, "colorless-loss-measurement" /* Enable colorless loss measurement in hardware */ ) ), "connection-protection" ( /* Configurations related to Carrier Ethernet Transport Mode */ c( "mark-connection-protection-tlv" /* Enable marking of Connection Protection TLV */, "uhp-label-lookup" /* Enable lookup for special UHP labels */ ) ), "no-aggregate-delegate-processing" /* Do not distribute aggregate session to pfe */, "enhanced-cfm-mode" /* Enables Enhanced CFM Mode */, "traceoptions" ( /* Trace options for connectivity fault management */ cfm_traceoptions /* Trace options for connectivity fault management */ ), "action-profile" arg ( /* Action profiles to use when one or more remote maintenance association endpoints are down */ c( "event" ( /* Events that need to be monitored */ c( "interface-status-tlv" ( /* Values that need to be monitored in interface status TLV */ ("down" | "lower-layer-down") ), "port-status-tlv" ( /* Values that need to be monitored in port status TLV */ ("blocked") ), "adjacency-loss" /* Connectivity is lost */, "rdi" /* RDI received from some MEP */, "connection-protection-tlv" ( /* Values that need to be monitored in connection protection TLV */ ("using-working-path" | "using-protection-path") ), "server-mep-defects" ( /* Defects which are monitored by Server MEP */ ("link-loss-defect" | "l2circuit-defect" | "l2vpn-defect") ), "ais-trigger-condition" ( /* Defect condition that generates alarm indication signal */ ("all-defects" | "adjacency-loss" | "cross-connect-ccm" | "erroneous-ccm" | "receive-ais") ) ) ), "action" ( c( "interface-down" /* Mark the interface as down */, "revertive-interface-down" /* Wait for CC loss-threshold to bring back the interface up */, "non-revertive-interface-down" /* Interface will not be brought up when CC is received */, "propagate-remote-mac-flush" /* Remote mac-flush */, "log-and-generate-ais" ( c( "level" arg /* Server maintenance domain levels range */, "interval" ( /* Interval between AIS messages */ ("1s" | "1m") ), "priority" arg /* 802.1p priority of AIS packet */ ) ) ) ), "clear-action" ( c( "interface-down" ( /* Mark the interface as down */ sc( "peer-interface" /* Mark the interface as down */ ) ).as(:oneline), "propagate-remote-mac-flush" /* Remote mac flush */ ) ), "default-actions" ( /* Action that needs to be taken */ c( "interface-down" /* Bring the interface down */ ) ) ) ), "server-mep" arg ( /* Server MEP to use when generation of AIS is required to monitor different services */ c( "protocol" ( /* Protocol that needs to be monitored by Server MEP */ c( c( "l2circuit" ( /* Protocol that need to be monitored is l2circuit protocol */ sc( "interface" ( /* Interface which is participating in l2circuit service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "l2vpn" ( /* Protocol that need to be monitored is l2vpn protocol */ sc( "interface" ( /* Interface which is participating in l2vpn service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "ethernet" ( /* Protocol that need to be monitored is physical ethernet service */ sc( "interface" ( /* Interface which is going to be monitored */ sc( interface_device /* Interface name */ ) ).as(:oneline) ) ).as(:oneline) ) ) ), "action-profile" ( /* Attached action profile for this Server MEP */ c( arg /* Name of the action profile */ ) ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for all sessions */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ), "linktrace" ( /* Linktrace protocol global options */ c( "path-database-size" arg /* Number of linktrace reply entries to be stored per linktrace request */, "age" ( /* Time after which a stale request-response entry is deleted */ ("10s" | "30s" | "1m" | "10m" | "30m") ) ) ), "maintenance-domain" ("default-0" | "default-1" | "default-2" | "default-3" | "default-4" | "default-5" | "default-6" | "default-7" | arg) ( /* Maintenance domain configuration */ c( "bridge-domain" arg ( /* Bridge-domain information for the default maintenance domain */ sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline), "vlan" arg /* VLAN information for the default maintenance domain */.as(:oneline), "virtual-switch" arg ( /* Virtual switch Bridge-domain information for the default maintenance domain */ c( "bridge-domain" arg ( sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline) ) ), "instance" arg /* VPLS instance name for the default maintenance domain */.as(:oneline), "interface" arg /* Name of interface for the default maintenance domain */.as(:oneline), "level" arg /* Level value for maintenance domain */, "name-format" ( /* Format of maintenance domain name */ ("none" | "dns" | "mac+2oct" | "character-string") ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit") ), "maintenance-association" arg ( /* Maintenance association configuration */ c( "debug-session" /* Debug the CFM session */, "short-name-format" ( /* Format of Maintenance Association Name */ ("2octet" | "rfc-2685-vpn-id" | "vlan" | "character-string" | "icc") ), "protect-maintenance-association" ( /* Maintenance association used for connection protection */ sc( arg, "aps-profile" arg /* Name of the automatic-protection-switching profile */, "detect-path-type" /* Enable detection of working and protect paths */ ) ).as(:oneline), "primary-vid" ( /* VLAN id */ ("none" | arg) ), "continuity-check" ( /* Continuity check configuration */ c( "interval" ( /* Interval between continuity-check messages */ ("10ms" | "100ms" | "1s" | "10s" | "1m" | "10m" | "3.3ms") ), "loss-threshold" arg /* Number of continuity-check messages lost before marking endpoint as down */, "hold-interval" arg /* Time before flushing MEP database if no updates occur */, "port-status-tlv" /* Include port status TLV in CCM */, "interface-status-tlv" /* Include interface status TLV in CCM */, "connection-protection-tlv" /* Include connection protection OUI TLV in CCM */, "convey-loss-threshold" /* Include Loss Threshold OUI TLV in CCM */, "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit" | "defer") ), "mep" arg ( /* Maintenance association endpoint configuration */ c( "interface" ( /* Name of interface */ sc( interface_unit, "vlan" arg /* Trunk port interface VLAN identifier */, c( "working" /* Monitory the primary path */, "protect" /* Monitory the protect path */ ) ) ).as(:oneline), "direction" ( /* Direction of maintenance endpoint */ ("up" | "down") ), "priority" arg /* 802.1p priority of continuity-check and link-trace packet */, "auto-discovery" /* Accept continuity-check messages from all remote MEPs */, "action-profile" arg /* Name of the action profile */, "remote-mep" arg ( /* Remote maintenance association endpoint configuration */ c( "action-profile" arg /* Name of the action profile */, "sla-iterator-profile" arg ( /* Name of the iterator profile */ c( "iteration-count" arg /* Iterations to partake for acquiring SLA measurements */, "priority" arg /* The vlan pcp value to be sent in the Y.1731 frame */, "data-tlv-size" arg /* Size of the data-tlv portion of Y.1731 frame */ ) ), "detect-loc" /* Detects initial loss of connectivity with remote mep */ ) ), "lowest-priority-defect" ( /* Lowest priority defect that is allowed to generate a fault alarm */ ("all-defects" | "mac-rem-err-xcon" | "rem-err-xcon" | "err-xcon" | "xcon" | "no-defect") ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for this session */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ) ) ) ) ), "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "evcs" arg ( /* Ethernet virtual circuits configuration */ c( "evc-protocol" ( /* Signaling protocol to monitor EVC status */ sc( c( "cfm" ( /* Connectivity fault management */ sc( "maintenance-domain" arg /* Maintenance domain name */, "maintenance-association" arg /* Maintenance association name */, "mep" arg /* Identifier for maintenance association endpoint */, "faults" ( /* CFM faults to trigger ELMI */ c( "rdi" /* RDI received from some MEP */ ) ) ) ).as(:oneline), "vpls" ( /* Virtual private LAN service (BGP/LDP) */ sc( "routing-instance" arg /* Routing instance name */ ) ).as(:oneline), "l2circuit" ( /* L2circuit */ c( "interface" ( /* Name of interface forming the Layer 2 circuit */ sc( interface_name ) ).as(:oneline) ) ), "l2vpn" ( /* L2vpn */ c( "interface" ( /* Name of interface forming the Layer 2 VPN */ sc( interface_name ) ).as(:oneline) ) ) ) ) ).as(:oneline), "remote-uni-count" arg /* Number of remote UNIs in the EVC */, "async-status-msg-transmit-interval" arg /* Time interval between E-LMI async status messages per EVC */, "multipoint-to-multipoint" /* Multipoint to Multipoint EVC */ ) ), "lmi" ( /* Ethernet local management interface configuration */ c( "traceoptions" ( /* Trace options for ethernet local management interface */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "init" | "error" | "packet" | "all")) /* Tracing parameters */.as(:oneline) ) ), "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "interface" arg ( /* Interface options */ c( "uni-id" arg /* UNI identifier */, "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "evc-map-type" ( /* CE-VLAN ID/EVC map type */ ("all-to-one-bundling" | "service-multiplexing" | "bundling") ), "evc" arg ( /* EVC configuration */ c( "default-evc" /* Default EVC */, "vlan-list" arg /* Vlans mapped to this EVC */ ) ) ) ) ) ), "fnp" ( /* Failure notification protocol configuration */ c( "traceoptions" ( /* Tracing options for FNP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("events" | "pdu" | "timers" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interval" ( /* Interval between FNP messages */ ("100ms" | "1s" | "10s" | "1m" | "10m") ), "loss-threshold" arg /* Number of FNP messages lost before clearing FNP state */, "interface" arg ( /* Interface configuration */ c( "domain-id" arg /* Ethernet domain identifier */ ) ) ) ) ) ), "gre-tunnel" ( c( "traceoptions" ( /* Trace options for GRE keepalives */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" arg ( c( "keepalive-time" arg /* Keepalive time */, "hold-time" arg /* Hold time */ ) ) ) ) ) ), "mld" ( /* MLD options */ c( "traceoptions" ( /* Trace options for MLD */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for MLD */ c( ("disable"), "version" arg /* Set mld version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv6addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv6addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for ssm translation of mld v1 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "group-policy" ( /* Group filter applied to incoming mld report messages */ policy_algebra /* Group filter applied to incoming mld report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of group-limit at which to start generating warnings */, "log-interval" arg /* Time between consecutive log messages */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "passive" ( /* Suppress sending and receiving mld messages */ sc( "allow-receive" /* Allow receiving mld messages */, "send-general-query" /* Send mld general query messages */, "send-group-query" /* Send mld group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed MLD interface */ ) ) ) ), "pim" ( /* PIM configuration */ juniper_protocols_pim /* PIM configuration */ ), "router-advertisement" ( /* IPv6 router advertisement options */ c( "traceoptions" ( /* Trace options for router advertisement */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" ("$junos-interface-name" | arg) ( /* Interfaces on which to configure router advertisement */ c( "preference" ( /* Set the Preference for Router Selection */ ("medium" | "high" | "low") ), "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "link-mtu" /* Link MTU */, "no-link-mtu" /* Don't link MTU */, "solicit-router-advertisement-unicast" /* Enbale solicited router advertisement as unicast */, "reachable-time" arg /* Reachable time */, "retransmit-timer" arg /* Retransmit timer */, "virtual-router-only" /* Send advertisemnets only for vrrp-inet6-group */, "current-hop-limit" arg /* Current hop limit */, "default-lifetime" arg /* Router lifetime */, "dns-server-address" ("$junos-ipv6-dns-server-address" | arg) ( /* Recursive DNS address configuration */ c( "lifetime" arg /* DNS address lifetime */ ) ), "prefix" arg ( /* Prefix configuration */ c( "valid-lifetime" arg /* Valid lifetime (fixed) */, "on-link" /* Set on-link flag */, "no-on-link" /* Don't set on-link flag */, "preferred-lifetime" arg /* Preferred lifetime (fixed) */, "autonomous" /* Set autonomous flag */, "no-autonomous" /* Don't set autonomous flag */ ) ) ) ), "ra-secure" ( /* Protect box against rogue incoming RA messages */ c( "accept-current-hop-limit-min" arg /* Current hop limit acceptable min for incoming RA */, "accept-current-hop-limit-max" arg /* Current hop acceptable min for incoming RA */, "accept-reachable-time-min" arg /* Reachable Time acceptable min for incoming RA */, "accept-reachable-time-max" arg /* Reachable Time acceptable max for incoming RA */, "accept-retransmit-time-min" arg /* Retransmit Time acceptable min for incoming RA */, "accept-retransmit-time-max" arg /* Retransmit Time acceptable min for incoming RA */ ) ) ) ) ) ), "class-of-service" ( /* Class-of-service configuration */ juniper_class_of_service_options /* Class-of-service configuration */ ), "routing-options" ( /* Protocol-independent routing option configuration */ c( "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" ( /* BGP peers for filter */ ipaddr /* BGP peers for filter */ ), "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */ ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "flow" ( /* Locally defined flow routing information */ c( "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "route" ( /* Flow route */ flow_route_inet6 /* Flow route */ ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ) ) ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "multicast" ( /* Global multicast options */ c( "traceoptions" ( /* Global multicast trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rpf" arg, "scope" arg ( /* Multicast address scope */ c( "prefix" ( /* Administratively scoped address */ ipprefix /* Administratively scoped address */ ), "interface" ( /* Interface on which to configure scoping */ interface_name /* Interface on which to configure scoping */ ) ) ), "scope-policy" ( /* Scoping policy */ policy_algebra /* Scoping policy */ ), "flow-map" arg ( /* Multicast flow map configuration */ c( "policy" ( /* Policy for matched flows */ policy_algebra /* Policy for matched flows */ ), "bandwidth" ( /* Bandwidth properties for matched flows */ sc( arg /* Static or default bandwidth for the matched flows */, "adaptive" /* Auto-sense bandwidth for matched flows */ ) ).as(:oneline), "redundant-sources" ( /* Redundant source addresses */ ipaddr /* Redundant source addresses */ ), "forwarding-cache" ( /* Forwarding cache properties for matched flows */ c( "timeout" ( /* Timeout properties for matched flows */ sc( c( arg, "never" ( /* Forwarding cache entries never time out */ c( "non-discard-entry-only" /* Apply only to non-discard entries */ ) ) ) ) ).as(:oneline) ) ) ) ), "resolve-filter" ( /* Multicast resolve policy filter */ policy_algebra /* Multicast resolve policy filter */ ), "ssm-groups" ( /* Source-specific multicast group ranges */ ipprefix /* Source-specific multicast group ranges */ ), "asm-override-ssm" /* Allow ASM state for SSM group ranges */, "rpf-check-policy" ( /* Disable RPF check for a source group pair */ policy_algebra /* Disable RPF check for a source group pair */ ), "pim-to-igmp-proxy" ( /* PIM-to-IGMP proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "pim-to-mld-proxy" ( /* PIM-to-MLD proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "allow-maximum" /* Allow maximum of global and family level threshold values for suppress and reuse */, "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "threshold" ( /* Multicast forwarding cache suppress threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ) ) ), "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ), "timeout" arg /* Forwarding cache entry timeout in minutes */ ) ), "interface" ( /* Multicast interface options */ multicast_interface_options_type /* Multicast interface options */ ), "ssm-map" arg ( /* SSM map definitions */ c( "policy" ( /* Policy for matching group */ policy_algebra /* Policy for matching group */ ), "source" ( /* One or more source addresses */ ipaddr /* One or more source addresses */ ) ) ), "stream-protection" ( /* Multicast only Fast Re-Route */ c( "mofrr-primary-path-selection-by-routing" /* Multicast only Fast Re-Route primary path by Routing */, "mofrr-disjoint-upstream-only" /* Multicast only Fast Re-Route disjoint upstream only */, "mofrr-no-backup-join" /* Multicast only Fast Re-Route no backup join */, "mofrr-asm-starg" /* Multicast only Fast Re-Route asm (*,G) */, "policy" ( /* MoFRR Policy */ policy_algebra /* MoFRR Policy */ ) ) ), "backup-pe-group" arg ( /* Backup PE group definitions */ c( "backups" ( /* One or more IP addresses */ ipaddr /* One or more IP addresses */ ), "local-address" ( /* Address to be used as local-address for this group */ ipaddr /* Address to be used as local-address for this group */ ) ) ), "omit-wildcard-address" /* Omit wildcard source/group fields in SPMSI AD NLRI */, "local-address" ( /* Local address for PIM and MVPN sessions */ ipv4addr /* Local address for PIM and MVPN sessions */ ) ) ) ) ), "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "dialer-filter" ( /* Define an IPv4 dialer filter */ inet_dialer_filter /* Define an IPv4 dialer filter */ ), "prefix-action" ( /* Define a prefix action */ prefix_action /* Define a prefix action */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ), "template" ( /* Define an Inet firewall template */ inet_template /* Define an Inet firewall template */ ), "simple-filter" ( /* Define an IPv4 firewall simple filter */ inet_simple_filter /* Define an IPv4 firewall simple filter */ ), "service-filter" ( /* One or more IPv4 service filters */ inet_service_filter /* One or more IPv4 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet_fuf /* One or more fast update filters */ ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "dialer-filter" ( /* Define an IPv6 dialer filter */ inet6_dialer_filter /* Define an IPv6 dialer filter */ ), "filter" ( /* Define an IPv6 firewall filter */ inet6_filter /* Define an IPv6 firewall filter */ ), "service-filter" ( /* One or more IPv6 service filters */ inet6_service_filter /* One or more IPv6 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet6_fuf /* One or more fast update filters */ ), "template" ( /* Define an Inet6 firewall template */ inet6_template /* Define an Inet6 firewall template */ ) ) ), "mpls" ( /* Protocol family MPLS for firewall filter */ c( "dialer-filter" ( /* Define an mpls dialer filter */ mpls_dialer_filter /* Define an mpls dialer filter */ ), "filter" ( mpls_filter ), "template" ( /* Define an MPLS firewall template */ mpls_template /* Define an MPLS firewall template */ ) ) ), "vpls" ( /* Protocol family VPLS for firewall filter */ c( "filter" ( vpls_filter ) ) ), "evpn" ( /* Protocol family EVPN for firewall filter */ c( "filter" ( vpls_filter ) ) ), "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( bridge_filter ) ) ), "ccc" ( /* Protocol family CCC for firewall filter */ c( "filter" ( ccc_filter ) ) ), "any" ( /* Protocol-independent filter */ c( "filter" ( /* Define a protocol independent filter */ any_filter /* Define a protocol independent filter */ ), "template" ( /* Define Protocol independent filter template */ any_template /* Define Protocol independent filter template */ ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ es_filter /* Define an Ethernet Switching firewall filter */ ), "template" ( /* Define an ethernet switching firewall template */ es_template /* Define an ethernet switching firewall template */ ) ) ) ) ), "policer" ( /* Policer template definition */ firewall_policer /* Policer template definition */ ), "flexible-match" ( /* Flexible packet match template definition */ firewall_flexible_match /* Flexible packet match template definition */ ), "tunnel-end-point" ( /* Tunnel end-point template definition */ tunnel_end_point /* Tunnel end-point template definition */ ), "hierarchical-policer" ( /* Hierarchical policer template definition */ firewall_hierpolicer /* Hierarchical policer template definition */ ), "interface-set" ( /* Interface set definition */ interface_set_type /* Interface set definition */ ), "load-balance-group" ( /* Load-balance group definition */ firewall_load_balance_group /* Load-balance group definition */ ), "atm-policer" ( /* Atm policer */ atm_policer_type /* Atm policer */ ), "three-color-policer" ( /* Three-color policer */ three_color_policer_type /* Three-color policer */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ) ) ), "services" ( /* Service PIC applications settings */ c( "aacl" ( /* Application Aware Access List services configuration */ c( "rule" ( /* One or more AACL rules */ aacl_rule_object /* One or more AACL rules */ ), "rule-set" arg ( /* Define a Set of AACL rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "aacl-dyn-rule-set" arg ( /* Define a set of AACL dynamic rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "captive-portal-content-delivery" ( /* Configuration for captive portal and content delivery service */ c( "rule" ( /* Define a captive portal content delivery rule */ cpcd_rule_object_type /* Define a captive portal content delivery rule */ ), "rule-set" arg ( /* Define a set of captive portal content delivery rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* One or more rule/rule set in the profile */ c( c( "dynamic" /* Dynamic profile flag */, "cpcd-rules" arg /* List of captive portal content delivery rules */, "cpcd-rule-sets" arg /* List of captive portal content delivery rule sets */ ), "ipda-rewrite-options" ( /* Ipda rewrite options */ c( "destination-address" ( /* Default ipda rewrite IP address */ ipaddr /* Default ipda rewrite IP address */ ), "destination-port" arg /* Default ipda rewrite port */ ) ), "http-redirect-options" ( /* Http redirect options */ c( arg /* URL of the captive portal file */ ) ) ) ), "traceoptions" ( /* Captive portal and content delivery trace options */ cpcd_trace_options_type /* Captive portal and content delivery trace options */ ) ) ) ) ), "profile-variable-set" ( /* Dynamic profiles variable configuration */ juniper_dynamic_profile_varset_object /* Dynamic profiles variable configuration */ ), "policy-options" ( /* Routing policy option configuration */ c( "prefix-list" arg ( /* Define a named set of address prefixes */ c( prefix_list_items, "apply-path" arg /* Apply IP prefixes from a configuration statement */ ) ) ) ), "extensible-subscriber-services" ( /* Extensible subscriber services */ c( "vsas" arg /* Service VSAs */ ) ), "access-cac" ( /* Access ucac configuration */ c( "interface" ( /* Access ucac interface options */ access_cac_interface_options /* Access ucac interface options */ ) ) ) ) ) end rule(:access_cac_interface_options) do arg.as(:arg) ( c( "multicast-video-bandwidth" ( /* Maximum multicast bandwidth for the interface */ sc( arg /* Bandwidth used in access cac configuration */ ) ).as(:oneline), "video-bandwidth" ( /* Maximum video bandwidth for the interface */ sc( arg /* Bandwidth used in access cac configuration */ ) ).as(:oneline), c( "no-qos-adjust" /* No qos adjustment */, "qos-adjust-hierarchical" ( /* Ucac interface set configuration */ c( "interface-set" /* Enable hierarchical adjust on iflset */ ) ) ), "multicast-video-policy" arg ( /* Mcast video policy */ c( "family" ( /* Access cac multicast policy family */ c( c( "inet" ( /* Family inet */ c( "source" ( /* One or more multicast source addresses */ ipv4addr /* One or more multicast source addresses */ ), "group" ( /* One or more multicast group addresses */ ipv4addr /* One or more multicast group addresses */ ) ) ), "inet6" ( /* Family inet6 */ c( "source" ( /* One or more multicast source addresses */ ipv6addr /* One or more multicast source addresses */ ), "group" ( /* One or more multicast group addresses */ ipv6addr /* One or more multicast group addresses */ ) ) ) ) ) ), "bandwidth" ( /* Maximum video bandwidth for the interface */ c( arg /* Bandwidth used in access cac configuration */ ) ), "adaptive" /* Use multicast real traffic rate */ ) ) ) ) end rule(:base_default_variable_object) do ("igmp-enable" | "igmp-access-group-name" | "igmp-access-source-group-name" | "igmp-version" | "igmp-immediate-leave" | "mld-access-group-name" | "mld-access-source-group-name" | "mld-immediate-leave" | "input-filter" | "output-filter" | "input-ipv6-filter" | "output-ipv6-filter" | "adf-rule-v4" | "adf-rule-v6" | "cos-scheduler-map" | "cos-shaping-rate" | "cos-guaranteed-rate" | "cos-delay-buffer-rate" | "cos-traffic-control-profile" | "cos-shaping-mode" | "cos-byte-adjust" | "cos-scheduler" | "cos-scheduler-pri" | "cos-scheduler-dropfile-low" | "cos-scheduler-dropfile-medium-low" | "cos-scheduler-dropfile-medium-high" | "cos-scheduler-dropfile-high" | "cos-scheduler-dropfile-any" | "cos-scheduler-excess-rate" | "cos-scheduler-explicit-congestion-notification" | "cos-scheduler-excess-priority" | "interface-set-name" | "cos-adjust-minimum" | "cos-excess-rate-high" | "cos-excess-rate-low" | "cos-shaping-rate-burst" | "cos-byte-adjust-frame" | "cos-byte-adjust-cell" | "cos-shaping-rate-priority-high" | "cos-shaping-rate-priority-high-burst" | "cos-shaping-rate-priority-medium" | "cos-shaping-rate-priority-medium-burst" | "cos-shaping-rate-priority-low" | "cos-shaping-rate-priority-low-burst" | "cos-shaping-rate-excess-high" | "cos-shaping-rate-excess-high-burst" | "cos-shaping-rate-excess-low" | "cos-shaping-rate-excess-low-burst" | "cos-guaranteed-rate-burst" | "cos-traffic-control-profile-remaining" | "routing-instances" | "pim-enable").as(:arg) ( c( arg /* Default value for predefined variable */ ) ) end rule(:cfm_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "init" | "error" | "issu" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:flow_interface_group) do c( arg, "exclude" /* Don't apply flow-spec filter to traffic on this group */ ).as(:oneline) end rule(:flow_route_inet6) do arg.as(:arg) ( c( "no-install" /* Don't install firewall filter in forwarding */, "then" ( /* Actions to take for this flow */ flow_route_op /* Actions to take for this flow */ ), "match" ( /* Flow definition */ flow_route_qualifier_inet6 /* Flow definition */ ) ) ) end rule(:flow_route_op) do c( "community" arg /* Name of BGP community */, c( "accept" /* Allow traffic through */, "discard" /* Discard all traffic for this flow */, "rate-limit" arg /* Rate in bits/sec to limit the flow traffic */ ), "routing-instance" arg /* Redirect to instance identified via Route Target community */, "sample" /* Sample traffic that matches this flow */, "mark" arg /* Set DSCP value for traffic that matches this flow */, "next-term" /* Continue the filter evaluation after matching this flow */ ) end rule(:flow_route_qualifier_inet6) do c( "protocol" ( /* IP protocol value */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "tcp-flags" ( /* TCP flags */ ("fin" | "syn" | "rst" | "push" | "ack" | "urgent" | arg) ), "packet-length" ( /* Packet length (0-65535) */ policy_algebra /* Packet length (0-65535) */ ), "dscp" ( /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ policy_algebra /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ ), "fragment" ( ("dont-fragment" | "not-a-fragment" | "is-fragment" | "first-fragment" | "last-fragment") ), "destination" ( /* Destination prefix for this traffic flow */ flow_prefix_with_offset /* Destination prefix for this traffic flow */ ), "source" ( /* Source prefix for this traffic flow */ flow_prefix_with_offset /* Source prefix for this traffic flow */ ), "icmp6-type" ( /* ICMP message type */ ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg) ), "icmp6-code" ( /* ICMP message code */ ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "flow-label" ( /* Flow-label (0-1048575) */ policy_algebra /* Flow-label (0-1048575) */ ) ) end rule(:flow_prefix_with_offset) do c( ipv6prefix, "prefix-offset" arg /* Offset from where prefix match will start */ ).as(:oneline) end rule(:flow_validation) do c( "traceoptions" ( /* Trace options */ flow_dep_traceoptions /* Trace options */ ) ) end rule(:flow_dep_traceoptions) do c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("resolution" | "flash" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to tracing */ sc( "match-on" ( /* Argument on which to match */ ("prefix" | "route-attribute") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ) ).as(:oneline) ) ).as(:oneline) ) end rule(:juniper_dynamic_profile_varset_object) do arg.as(:arg) ( c( "junos-mep-id" arg /* Dynamic variable to substitute 'mep' value in the profile */, "junos-md-level" arg /* Dynamic variable to substitute 'level' value in the profile */, "junos-remote-mep-id" arg /* Dynamic variable to substitute 'remote-mep' value in the profile */, "junos-md-name" arg /* Dynamic variable to substitute 'maintenance-domain' in profile */, "junos-ma-name" arg /* Dynamic variable to substitute 'maintenance-association' in profile */, "junos-loss-threshold" arg /* Dynamic variable to substitute 'loss-threshold' in profile */, "junos-md-name-format" ( /* Dynamic variable to substitute 'name-format' in profile */ ("none" | "dns" | "mac+2oct" | "character-string") ), "junos-ma-name-format" ( /* Dynamic variable to substitute 'short-name-format' in profile */ ("2octet" | "rfc-2685-vpn-id" | "vlan" | "character-string" | "icc") ), "junos-ccm-interval" ( /* Dynamic variable to substitute 'interval' in profile */ ("10ms" | "100ms" | "1s" | "10s" | "1m" | "10m") ), "junos-action-profile" arg /* Dynamic variable to substitute 'action-profile' in profile */, "junos-layer2-output-policer" arg /* Dynamic variable to substitute 'layer2 output-policer' */ ) ) end rule(:juniper_dynamic_variable_object) do arg.as(:arg) ( c( "equals" arg /* Computable expression of dynamic profile variables */, "default-value" arg /* Default value for variable */, "mandatory" /* Variable must be supplied by external server */, "uid-reference" /* Variable that refers to the uid variable */, "uid" /* Compute unique Id value for the variable */ ) ) end rule(:juniper_fabric_routing_instance) do arg.as(:arg) ( c( "description" arg /* Text description of routing instance */, "instance-type" ( /* Type of routing instance */ ("vrf") ), "route-distinguisher" ( /* Route distinguisher for this instance */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline), "routing-options" ( /* Fabric routing option configuration */ juniper_fabric_routing_options /* Fabric routing option configuration */ ) ) ) end rule(:juniper_fabric_routing_options) do c( "traceoptions" ( /* Global routing protocol trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "regex-parse" | "config-internal" | "nsr-synchronization" | "condition-manager" | "graceful-restart" | "session" | "hfrr-fsm" | "hfrr-route" | "statistics-id-group" | "route-record" | "jvision-lsp" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all" | "eswd" | "arp" | "prefix" | "ne-port" | "route-selection" | "bridge" | "grat-arp" | "l2l3-map")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */, "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */ ) ).as(:oneline) ) ), "graceful-restart" ( /* Graceful or hitless routing restart options */ c( ("disable"), "restart-duration" arg /* Maximum time for which router is in graceful restart */ ) ), "forwarding-table" ( forwarding_table_type ), "resolution" ( /* Route next-hop resolution options */ c( "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("event" | "flash" | "kernel" | "indirect" | "task" | "igp-frr" | "igp-frr-extensive" | "tunnel" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "auto-export" ( /* Export routes between routing instances */ c( "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("export" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "multicast" ( /* Global multicast options */ c( "l2-root" /* Set this switch as L2 multicast root */, "replication" /* Enable multicast replication on this switch */, "traceoptions" ( /* Trace options for DCF multicast */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("vccpdf" | "root" | "core" | "edge" | "cspf" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "no-make-before-break" /* Disable multicast make-before-break */, "make-before-break-timeout" arg /* Configure make-before-break timeout in seconds */, "no-make-before-break-convergence" /* Disable multicast make-before-break-convergence */, "make-before-break-convergence-timeout" arg /* Configure make-before-break-convergence timeout in seconds */, "ic-node-recomputation-delay-timeout" arg /* Configure IC node recomputation delay timeout in seconds */, "fabric-optimized-distribution" /* Enable fabric-optimized-distribution mode - Reboot required */ ) ) ) end rule(:forwarding_table_type) do c( "remnant-holdtime" arg /* Time to hold inherited routes from FIB */, "krt-nexthop-ack-timeout" arg /* Kernel nexthop ack timeout interval */, "consistency-checking" ( /* RIB/FIB consistency checking */ c( ("enable" | "disable"), "period" arg /* Periodicity of scan in seconds */, "threshold" arg /* Mismatch threshold until complaint */ ) ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "ecmp-fast-reroute" /* Enable fast reroute for ECMP next hops */, "no-ecmp-fast-reroute" /* Don't enable fast reroute for ECMP next hops */, "indirect-next-hop" /* Install indirect next hops in Packet Forwarding Engine */, "no-indirect-next-hop" /* Don't install indirect next hops in Packet Forwarding Engine */, "indirect-next-hop-change-acknowledgements" /* Request acknowledgements for Indirect next hop changes */, "no-indirect-next-hop-change-acknowledgements" /* Don't request acknowledgements for Indirect next hop changes */, "rib" arg.as(:oneline), "unicast-reverse-path" ( /* Unicast reverse path (RP) verification */ ("active-paths" | "feasible-paths") ), "ip-tunnel-rpf-check" ( /* IP tunnel Reverse Path Forwarding Check */ c( "mode" ( ("strict" | "loose") ), "fail-filter" arg /* Fail filter name for RPF check(family inet|inet6|any) */ ) ), "transit-lsp-statistics-from-route" /* Enable LSP statistics collection from the route */, "chained-composite-next-hop" ( /* Next-hop chaining mode */ c( "ingress" ( /* Ingress LSP nexthop settings */ c( "l2vpn" /* Create composite-chained nexthops for ingress l2vpn LSPs */, "no-l2vpn" /* Don't create composite-chained nexthops for ingress l2vpn LSPs */, "l2ckt" /* Create composite-chained nexthops for ingress l2ckt LSPs */, "no-l2ckt" /* Don't create composite-chained nexthops for ingress l2ckt LSPs */, "fec129-vpws" /* Create composite-chained nexthops for ingress fec129-vpws LSPs */, "no-fec129-vpws" /* Don't create composite-chained nexthops for ingress fec129-vpws LSPs */, "evpn" /* Create composite-chained nexthops for ingress EVPN LSPs */, "no-evpn" /* Don't create composite-chained nexthops for ingress EVPN LSPs */, "labeled-bgp" ( /* Create composite-chained nexthops for ingress labeled-bgp LSPs */ c( "inet6" /* Enable inet6 labeled-bgp composite nexthop creation */ ) ), "l3vpn" ( /* Create composite-chained nexthops for ingress l3vpn LSPs */ sc( "extended-space" /* Allocate in extended-space for scalability */ ) ).as(:oneline) ) ), "transit" ( /* Transit LSP nexthops settings */ c( "l2vpn" /* Create composite-chained nexthops for transit l2vpn LSPs */, "no-l2vpn" /* Don't create composite-chained nexthops for transit l2vpn LSPs */, "l3vpn" /* Create composite-chained nexthops for transit l3vpn LSPs */, "no-l3vpn" /* Don't create composite-chained nexthops for transit l3vpn LSPs */, "labeled-bgp" /* Create composite-chained nexthops for transit labeled BGP routes */, "no-labeled-bgp" /* Don't create composite-chained nexthops for transit labeled BGP routes */, "static" /* Create composite-chained nexthops for static LSPs */, "no-static" /* Don't create composite-chained nexthops for static LSPs */, "rsvp" /* Create composite-chained nexthops for RSVP LSPs */, "no-rsvp" /* Don't create composite-chained nexthops for RSVP LSPs */, "rsvp-p2mp" /* Create composite-chained nexthops for RSVP p2mp LSPs */, "no-rsvp-p2mp" /* Don't create composite-chained nexthops for RSVP p2mp LSPs */, "ldp" /* Create composite-chained nexthops for LDP LSPs */, "no-ldp" /* Don't create composite-chained nexthops for LDP LSPs */, "ldp-p2mp" /* Create composite-chained nexthops for LDP P2MP LSPs */, "no-ldp-p2mp" /* Don't create composite-chained nexthops for LDP P2MP LSPs */, "labeled-isis" /* Create composite-chained nexthops for labeled ISIS routes */, "no-labeled-isis" /* Don't create composite-chained nexthops for labeled ISIS routes */ ) ) ) ) ) end rule(:juniper_forwarding_options) do c( "storm-control-profiles" arg ( /* Storm control profile for this instance */ c( "all" ( /* For all BUM traffic */ c( c( "bandwidth-percentage" arg /* Percentage of link bandwidth */, "bandwidth-level" arg /* Link bandwidth */ ), "no-broadcast" /* Disable broadcast storm control */, "no-unknown-unicast" /* Disable unknown unicast storm control */, c( "no-multicast" /* Disable multicast storm control */, "no-registered-multicast" /* Disable registered multicast storm control */, "no-unregistered-multicast" /* Disable unregistered multicast storm control */ ) ) ), "action-shutdown" /* Disable port for excessive storm control errors */ ) ), c( "sampling" ( /* Statistical traffic sampling options */ juniper_sampling_options /* Statistical traffic sampling options */ ), "packet-capture" ( /* Packet capture options */ juniper_packet_capture_options /* Packet capture options */ ) ), "monitoring" ( /* Configure lawful interception of traffic */ juniper_monitoring_options /* Configure lawful interception of traffic */ ), "accounting" ( /* Configure accounting of traffic */ juniper_packet_accounting_options /* Configure accounting of traffic */ ), "analyzer" ( /* Analyzer options */ smpl_analyzer_type /* Analyzer options */ ), "port-mirroring" ( /* Configure port mirroring of traffic */ juniper_port_mirror_options /* Configure port mirroring of traffic */ ), "multicast-replication" ( /* Set mode of multicast replication */ c( "ingress" /* Complete ingress replication */, "local-latency-fairness" /* Complete parallel replication */ ) ), "load-balance" ( /* Configure load-balancing attributes on the forwarding path */ c( "indexed-load-balance" /* Use indexed permuted next hop lists for unilist and aggregate next hops */, "per-flow" ( c( "hash-seed" /* Enable per flow seed value on packet forwarding engine */ ) ), "per-prefix" ( c( "hash-seed" arg /* Specifies per-router input value for per-prefix load-balancing hash function */ ) ) ) ), "hash-key" ( /* Select data used in the hash key */ junos_hash_key /* Select data used in the hash key */ ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "enhanced-hash-key" ( /* Select data used in the hash key for Enhanced IP Forwarding Engines */ c( "use-trunk-max-links" /* Use 8 links in trunk programming instead of actual links */, "ecmp-resilient-hash" /* Set resilient hashing for ECMP */, "fabric-load-balance" ( /* Set load balancing options for VC-Fabric forwarding */ c( c( "flowlet" ( /* Inactivity-based flowlet link assignment (default) */ c( "inactivity-interval" ( /* Minimum inactivity interval for flowlet detection */ ("16us" | "64us" | "512us" | "32ms") ) ) ), "per-packet" /* Per-packet optimal spraying */ ) ) ), "hash-mode" ( /* Hashing mode */ c( c( "layer2-header" /* Only layer2 header fields are considered for hashing */, "layer2-payload" /* Only layer2 payload fields are considered for hashing */ ) ) ), "hash-seed" ( /* Hash seed */ c( arg ) ), "layer2" ( /* Configure layer2 fields */ c( "no-incoming-port" /* Exclude incoming port from the hash key */, "no-incoming-device" /* Exclude incoming device from the hash key */, "no-source-mac-address" /* Exclude source MAC address from the hash key */, "source-mac-address" /* Include source MAC address from the hash key */, "no-destination-mac-address" /* Exclude destination MAC address from the hash key */, "destination-mac-address" /* Include destination MAC address from the hash key */, "no-ether-type" /* Exclude ether type from the hash key */, "vlan-id" /* Include incoming vlan-id in hash key */, "no-vlan-id" /* Not include vlan-id in hash key */, "inner-vlan-id" /* Include incoming inner-vlan-id in hash key */ ) ), "inet" ( /* Configure inet4 fields */ c( "no-incoming-port" /* Exclude incoming port from the hash key */, "no-incoming-device" /* Exclude incoming device from the hash key */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "no-protocol" /* Exclude protocol from the hash key */, "no-ipv4-source-address" /* Exclude IPv4 source address */, "no-ipv4-destination-address" /* Exclude IPv4 destination address */, "vlan-id" /* Include incoming vlan-id in hash key */ ) ), "inet6" ( /* Configure inet6 fields */ c( "no-incoming-port" /* Exclude incoming port from the hash key */, "no-incoming-device" /* Exclude incoming device from the hash key */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "ipv6-flow-label" /* Include IPv6 flow label */, "no-next-header" /* Exclude next header from the hash key */, "no-ipv6-source-address" /* Exclude IPv6 source address */, "no-ipv6-destination-address" /* Exclude IPv6 destination address */, "vlan-id" /* Include vlan-id in hash key */ ) ), "no-mpls" /* Disable mpls in hash key */, "gre" ( /* Configure for GRE */ c( "key" /* Include key in hash key */, "protocol" /* Include protocol in hash key */ ) ), "vxlan-vnid" /* Enable vxlan-vnid */, "services-loadbalancing" ( /* Select key to load balance across service PICs */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 protocol family */ c( "layer-3-services" ( /* Include Layer 3 (IP) data in the hash key */ c( "source-address" /* Include IP source address in the hash key */, "destination-address" /* Include IP destination address in the hash key */, "incoming-interface-index" /* Include incoming interface index in the hash key */ ) ) ) ), "inet6" ( /* IPv6 protocol family */ c( "layer-3-services" ( /* Include Layer 3 (IP) data in the hash key */ c( "source-address" /* Include IP source address in the hash key */, "destination-address" /* Include IP destination address in the hash key */, "incoming-interface-index" /* Include incoming interface index in the hash key */, "src-prefix-len" arg /* Enhanced hash key inet6 source prefix length */ ) ) ) ) ) ) ) ), "source-destination-only-loadbalancing" ( /* Configure key for source/destination-ip-only load balancing */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 protocol family */ c( "prefix-length" arg /* Source/Destination Only Load-Balancing inet prefix length */ ) ), "inet6" ( /* IPv6 protocol family */ c( "prefix-length" arg /* Source/Destination Only Load-Balancing inet6 prefix length */ ) ) ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 protocol family */ c( "incoming-interface-index" /* Include incoming interface index in the hash key */, "no-destination-port" /* Omit IP destination port in the hash key */, "no-source-port" /* Omit IP source port in the hash key */, "type-of-service" /* Include TOS byte in the hash key */, "gtp-tunnel-endpoint-identifier" /* Include TEID in the hash key for GTP-U packets */, "l2tp-tunnel-session-identifier" /* Include TID SID in the hash key for L2TP packets */, "session-id" /* Include session ID in the enhanced hash key */ ) ), "inet6" ( /* IPv6 protocol family */ c( "incoming-interface-index" /* Include incoming interface index in the hash key */, "traffic-class" /* Include Traffic Class byte in the hash key */, "no-destination-port" /* Omit IP destination port in the hash key */, "no-source-port" /* Omit IP source port in the hash key */, "gtp-tunnel-endpoint-identifier" /* Include TEID in the hash key for GTP-U packets */, "session-id" /* Include session ID in the enhanced hash key */ ) ), "mpls" ( /* MPLS protocol family */ c( "label-1-exp" /* Include EXP of first MPLS label from the hash key */, "incoming-interface-index" /* Include incoming interface index in the hash key */, c( "no-ether-pseudowire" /* Omit IP payload over ethernet PW from the hash-key */, "ether-pseudowire" ( /* Load-balance IP over ethernet PW */ sc( "zero-control-word" /* Parse zero control word in packet header */ ) ).as(:oneline) ), "no-payload" /* Omit MPLS payload data from the hash key */ ) ), "multiservice" ( /* Multiservice protocol (bridged/CCC/VPLS) family */ c( "incoming-interface-index" /* Include incoming interface index in hash key */, "outer-priority" /* Include Outer 802.1 Priority bits in the hash key */, "no-payload" /* Omit payload data from the hash key */, "no-mac-addresses" /* Omit source and destination MAC addresses from the hash key */ ) ) ) ), "hash-function" ( /* Configure hash functions */ c( c( "CRC16-CCITT" /* 16-bit CRC16 using CCITT polynomial */, "CRC16" /* 16-bit CRC16 calculated using the BISYNC polynomial */, "CRC16XOR1" /* Upper 8 bits BISYNC CRC16 and 8 bit XOR1 */, "CRC16XOR2" /* Upper 8 bit BISYNC CRC16 and 8 bit XOR2 */, "CRC16XOR4" /* Upper 8 bit BISYNC CRC16 and 8 bit XOR4 */, "CRC16XOR8" /* Upper 8 bit BISYNC CRC16 and 8 bit XOR8 */, "CRC32HI" /* 16 LSBs of computed CRC32 */, "CRC32LO" /* 16 MSBs of computed CRC32 */, "xor" ( /* XOR based hashing */ c( "no-L3-L4-headers" /* Exclude source IP, dest IP, source L4 port, dest L4 port addresses from hashing */, "no-L4-ports" /* Exclude source L4 port and dest L4 port addresses from hashing */, "mac-addresses" /* Include source and destination MAC addresses in IPv4/IPv6 packet hashing */, "no-mpls-hash" /* Exclude MPLS information from hashing */, "no-ipv4-source-address" /* Exclude source IPv4 address from hashing */, "no-ipv4-destination-address" /* Exclude dest IPv4 address from hashing */, "no-ipv6-source-address" /* Exclude source IPv6 address from hashing */, "no-ipv6-destination-address" /* Exclude dest IPv6 address from hashing */, "no-ip6-flow-label" /* Exclude IPv6 flow label from hashing */, "en-ip-over-mpls" /* Enable parsing of IP in MPLS packets */, "no-mpls-label0" /* Exclude MPLS Label 0 from hashing */, "no-mpls-label1" /* Exclude MPLS Label 1 from hashing */, "no-source-mac-address" /* Exclude source MAC address from hashing */, "no-destination-mac-address" /* Exclude dest MAC address from hashing */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */ ) ), "ingress-port" /* Ingress port based hashing */, "crc6" ( /* CRC6 based hashing */ c( "crc6-seed" arg /* CRC6 seed value */, "en-ip-over-mpls" /* Enable parsing of IP in MPLS packets */, "no-source-mac-address" /* Exclude source MAC address from hashing */, "no-destination-mac-address" /* Exclude dest MAC address from hashing */, "no-mpls-label0" /* Exclude MPLS Label 0 from hashing */, "no-mpls-label1" /* Exclude MPLS Label 1 from hashing */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "no-ip-source-address" /* Exclude source IPv4/IPv6 address from hashing */, "no-ip-destination-address" /* Exclude dest IPv4/IPv6 address from hashing */, "no-ip6-flow-label" /* Exclude IPv6 flow label from hashing */ ) ), "crc16" ( /* CRC16 based hashing */ c( "crc16-seed" arg /* CRC16 seed value */, "en-ip-over-mpls" /* Enable parsing of IP in MPLS packets */, "no-source-mac-address" /* Exclude source MAC address from hashing */, "no-destination-mac-address" /* Exclude dest MAC address from hashing */, "no-mpls-label0" /* Exclude MPLS Label 0 from hashing */, "no-mpls-label1" /* Exclude MPLS Label 1 from hashing */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "no-ip-source-address" /* Exclude source IPv4/IPv6 address from hashing */, "no-ip-destination-address" /* Exclude dest IPv4/IPv6 address from hashing */, "no-ip6-flow-label" /* Exclude IPv6 flow label from hashing */ ) ) ) ) ), "symmetric" /* Enable symmetric load-balancing */ ) ), "next-hop" ( /* Next hop throttle */ c( "arp-throttle" arg /* Change the arp throttling time */ ) ), "rpf-loose-mode-discard" ( /* Configure rpf loose mode behavior */ c( "family" ( /* Protocol family */ c( "inet" /* Configure rpf loose mode behavior for IPv4 */, "inet6" /* Configure rpf loose mode behavior for IPv6 */ ) ) ) ), "helpers" ( /* Port forwarding configuration */ c( "traceoptions" ( /* Trace options for helper */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("trace" | "address" | "main" | "config" | "ifdb" | "io" | "rtsock" | "ui" | "util" | "gencfg" | "domain" | "tftp" | "bootp" | "port" | "if-rtsdb" | "all")) /* Area of UDP forwarding helper process on which to enable debugging output */.as(:oneline) ) ), "rtsdb-client-traceoptions" ( /* SHM rtsock database client library trace options */ c( "if-rtsdb" ( /* Trace interface hierarchy rtsdb */ c( "flag" enum(("init" | "routing-socket" | "map" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "domain" ( /* Incoming DNS request forwarding configuration */ c( "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline), "interface" arg ( /* Incoming DNS request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline) ) ) ) ), "tftp" ( /* Incoming TFTP request forwarding configuration */ c( "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline), "interface" arg ( /* Incoming TFTP request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline) ) ) ) ), "bootp" ( /* Incoming BOOTP/DHCP request forwarding configuration */ c( "relay-agent-option" /* Use DHCP Relay Agent option in relayed BOOTP/DHCP messages */, "dhcp-option82" ( /* Configure DHCP option 82 */ dhcp_option82_type /* Configure DHCP option 82 */ ), "description" arg /* Text description of servers */, "server" arg ( /* Server information */ c( "logical-system" arg ( /* Logical system of server to which to forward */ sc( "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ), "maximum-hop-count" arg /* Maximum number of hops per packet */, "minimum-wait-time" arg /* Minimum number of seconds before requests are forwarded */, "client-response-ttl" arg /* IP time-to-live value to set in responses to client */, "source-address-giaddr" /* Use GIADDR as the source IP address for relayed packets */, "vpn" /* Enable vpn encryption */, "apply-secondary-as-giaddr" /* Enable DHCP relay to use secondary gateway ip on all interfaces */, "interface" arg ( /* Incoming BOOTP/DHCP request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of servers */, "server" arg ( /* Server information */ c( "logical-system" arg ( /* Logical system of server to which to forward */ sc( "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ), "maximum-hop-count" arg /* Maximum number of hops per packet */, "minimum-wait-time" arg /* Minimum number of seconds before requests are forwarded */, "client-response-ttl" arg /* IP time-to-live value to set in responses to client */, "source-address-giaddr" /* Use GIADDR as the source IP address for relayed packets */, "vpn" /* Enable vpn encryption */, "dhcp-option82" ( /* Configure DHCP option 82 */ dhcp_option82_type /* Configure DHCP option 82 */ ), "apply-secondary-as-giaddr" /* Enable DHCP relay to use secondary gateway ip on this interface */ ) ) ) ), "port" arg ( /* Incoming arbitrary protocol request forwarding configuration */ c( "description" arg /* Text description of server */, "server" arg ( /* Server information */ c( c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ), "interface" arg ( /* Incoming request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of server */, "server" arg ( /* Server information */ c( c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ) ) ) ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "filter" ( /* Filtering for forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ) ) ), "inet6" ( /* IPv6 parameters */ c( "filter" ( /* Filtering for forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ), "route-accounting" /* Enable IPv6 route accounting */, "source-checking" /* Discard IPv6 packet when source address type is unspecified, loopback, multicast or link-local */ ) ), "mpls" ( /* MPLS parameters */ c( "filter" ( /* Filtering for forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ) ) ), "vpls" ( /* VPLS parameters */ c( "filter" ( /* Filtering for VPLS DMAC forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for VPLS flood table */ c( "input" arg /* Name of input filter to apply for VPLS flood packets */ ) ) ) ), "evpn" ( /* EVPN parameters */ c( "filter" ( /* Filtering for EVPN DMAC forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for EVPN flood table */ c( "input" arg /* Name of input filter to apply for EVPN flood packets */ ) ) ) ) ) ), "next-hop-group" ( /* Next hop group forwarding option */ juniper_next_hop_group_options /* Next hop group forwarding option */ ), "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "load-balance-label-capability" /* Load balance label capability */, "no-load-balance-label-capability" /* Don't load balance label capability */, "fast-reroute-priority" ( /* Fast-reroute repair priority */ ("low" | "medium" | "high") ), "ip-options-protocol-queue" arg ( /* IP Options protocol logical queue parameters */ c( "protocol-id" arg /* Protocol Identifier */, "queue-depth" arg /* Size of the protocol logical options queue */ ) ), "link-layer-broadcast-inet-check" /* Enable destination mac and destination ip address check */, "cut-through" /* Enable cut-through forwarding */, "vrf-fallback" /* Enable vrf-fallback forwarding. This will restart PFE */, "no-hierarchical-ecmp" /* Disable hierarchical ecmp. This will restart PFE */, "ipmc-miss-do-l2mc" /* Do L2MC forwarding when IPMC miss */, "hyper-mode" /* Enable hyper mode */, "ecmp-do-local-lookup" /* Do ECMP local lookup only */, "access-security" ( /* Access security configuration */ jdhcp_access_security_type /* Access security configuration */ ), "forwarding-sandbox" ( /* Create forwarding sandbox */ juniper_forwarding_sandbox_options /* Create forwarding sandbox */ ), "satellite" ( /* Satellite forwarding options */ c( "traceoptions" ( /* Global tracing options for satellite control plane */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "bd" | "config-internal" | "interface" | "interface-vlan" | "ipc" | "kernel" | "krt" | "mac" | "nh" | "normal" | "parse" | "stp" | "task" | "timer" | "firewall")) /* Tracing parameters */.as(:oneline) ) ), "local-replication" /* Enable satellite multicast replication */, "fpc" arg ( c( c( "local-switching" /* Enable local-switching on Satellite device */, "selective-vlan-switching" ( /* Enable selective-vlan-switching on Satellite device */ c( "routing-instance" arg /* Associated Routing instance name */ ) ) ) ) ), "vlan-auto-sense" ( /* Vlan-auto-sense attributes provisioning */ c( "expiry-time" arg /* Expiry time (in seconds) after last MAC aged out */ ) ), "analyzer-vlan" ( /* Output VLAN for Analyzer */ c( arg /* Name of the analyzer VLAN */ ) ), "disable-heartbeat" /* Disable heartbeat between Aggregation and Satellite */, "no-disable-heartbeat" /* Don't disable heartbeat between Aggregation and Satellite */ ) ) ) end rule(:dhcp_option82_type) do c( "disable" /* Disable DHCP option 82 on this VLAN */, "circuit-id" ( /* Configure DHCP option 82 circuit id */ c( "prefix" ( /* Configure DHCP option 82 circuit id prefix */ ("hostname") ), "use-interface-description" /* Use interface description instead of name */, "use-vlan-id" /* Use VLAN id instead of name */ ) ), "remote-id" ( /* Configure DHCP option 82 remote id */ c( "prefix" ( /* Configure DHCP option 82 remote id prefix */ ("none" | "hostname" | "mac") ), "use-interface-description" /* Use interface description instead of name */, "use-string" arg /* Use raw string instead of the default remote id */ ) ), "vendor-id" ( /* Configure DHCP option 82 vendor id */ c( arg /* Use raw string instead of the default vendor id */ ) ) ) end rule(:jdhcp_access_security_type) do c( "router-advertisement-guard" ( /* Router Advertisement Guard Configuration */ c( "policy" arg ( /* Router Advertisement Guard policy */ c( "discard" ( /* Discard parameters */ c( "source-ip-address-list" arg /* IPv6 Source address list name */, "source-mac-address-list" arg /* Source mac address list name */, "prefix-list-name" arg /* Prefix-list Name */ ) ), "accept" ( /* Accept parameters */ c( "match-list" ( /* List of parameters to check */ c( "source-ip-address-list" arg /* IPv6 Source address list name */, "source-mac-address-list" arg /* Source mac address list name */, "prefix-list-name" arg /* Prefix-list Name */, "match-criteria" ( /* Match Criteria */ ("match-all" | "match-any") ) ) ), "match-options" ( /* List of Options to check */ c( "hop-limit" ( /* Hop limit */ c( "maximum" arg /* Maximum hop limit */, "minimum" arg /* Minimum hop limit */ ) ), "route-preference" ( /* Accept route preference */ c( "maximum" ( /* Maximum route preference */ ("low" | "medium" | "high") ) ) ), "managed-config-flag" /* Check Managed config flag */, "other-config-flag" /* Check Other config flag */ ) ) ) ) ) ), "interface" ( /* RA Guard config on Interface */ c( interface_policy /* Interface Configuration */ ) ), "vlans" ( /* RA Guard config on Vlan */ c( vlan_policy /* Virtual LAN Configuration */ ) ) ) ) ) end rule(:interface_policy) do arg.as(:arg) ( c( "policy" ( /* Attach policy */ c( arg /* Router Advertisement Guard policy name */, c( "stateful" /* Stateful router advertisement guard */, "stateless" /* Stateless router advertisement guard */ ) ) ), "mark-interface" ( /* Mark interface */ c( c( "trusted" /* Mark interface trusted */, "block" /* Block router-advertisement */ ) ) ) ) ) end rule(:juniper_forwarding_sandbox_options) do arg.as(:arg) ( c( "size" ( /* Size of the sandbox */ ("small" | "medium" | "large") ), "port" ( /* Sandbox port */ juniper_forwarding_sandbox_port_options /* Sandbox port */ ) ) ) end rule(:juniper_forwarding_sandbox_port_options) do arg.as(:arg) ( c( "interface" arg /* Interface to which the port is mapped */ ) ) end rule(:juniper_gnf) do arg.as(:arg) ( c( "description" arg /* Description of guest network function */, "control-plane-bandwidth-percent" arg /* Percentage of control plane bandwidth */, "fpcs" arg /* FPC associated with guest network function */ ) ) end rule(:juniper_logical_system) do arg.as(:arg) ( c( "interfaces" ( /* Interface configuration */ c( lr_interfaces_type ) ), "protocols" ( /* Routing protocol configuration */ juniper_protocols /* Routing protocol configuration */ ), "policy-options" ( /* Policy option configuration */ juniper_policy_options /* Policy option configuration */ ), "routing-instances" ( /* Routing instance configuration */ c( juniper_routing_instance ) ), "routing-options" ( /* Protocol-independent routing option configuration */ juniper_routing_options /* Protocol-independent routing option configuration */ ), "forwarding-options" ( /* Configure options to control packet forwarding */ c( "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "sampling" ( c( "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet_lr_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ), "mpls" ( /* Sample MPLS packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_mpls_lr_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ) ) ), "instance" arg ( /* Instance of sampling parameters */ c( ("disable"), "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet_lr_inst_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ), "mpls" ( /* Sample MPLS packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_mpls_lr_inst_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ) ) ) ) ) ) ) ) ), "system" ( /* System parameters */ c( "arp" ( /* ARP settings */ c( "aging-timer" arg /* Change the ARP aging time value */, "interfaces" ( /* Logical interface on which to specify ARP aging timer */ c( arp_interface_type ) ), "passive-learning" /* ARP passive learning */, "purging" /* ARP purging when link goes down */, "gratuitous-arp-on-ifup" /* Gratuitous ARP announcement on interface up */, "gratuitous-arp-delay" arg /* Delay gratuitous ARP request */, "non-subscriber-no-reply" /* Do not reply to ARP requests from non-subscribers */ ) ), "services" ( /* System services */ c( "dhcp-local-server" ( /* Dynamic Host Configuration Protocol server configuration */ jdhcp_local_server_type /* Dynamic Host Configuration Protocol server configuration */ ), "dhcp-proxy-client" ( /* Dynamic Host Configuration Protocol Proxy client configuration */ jdhcp_proxy_client_type /* Dynamic Host Configuration Protocol Proxy client configuration */ ), "static-subscribers" ( /* Static Subscriber Client configuration */ jsscd_static_subscribers_type /* Static Subscriber Client configuration */ ) ) ), "processes" ( /* Process control */ c( "routing" ( /* Routing process */ c( c( "force-32-bit" /* Always use 32-bit mode */, "force-64-bit" /* Always use 64-bit mode */, "auto-64-bit" /* Ignored; same as force-32-bit */ ) ) ) ) ) ) ), "access" ( /* Network access configuration */ c( "address-assignment" ( /* Address assignment configuration */ address_assignment_type /* Address assignment configuration */ ), "address-protection" /* Initiate Duplicate Address Protection */ ) ), "access-profile" ( /* Access profile for this instance */ sc( arg /* Profile name */ ) ).as(:oneline), "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "dialer-filter" ( /* Define an IPv4 dialer filter */ inet_dialer_filter /* Define an IPv4 dialer filter */ ), "prefix-action" ( /* Define a prefix action */ prefix_action /* Define a prefix action */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ), "template" ( /* Define an Inet firewall template */ inet_template /* Define an Inet firewall template */ ), "simple-filter" ( /* Define an IPv4 firewall simple filter */ inet_simple_filter /* Define an IPv4 firewall simple filter */ ), "service-filter" ( /* One or more IPv4 service filters */ inet_service_filter /* One or more IPv4 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet_fuf /* One or more fast update filters */ ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "dialer-filter" ( /* Define an IPv6 dialer filter */ inet6_dialer_filter /* Define an IPv6 dialer filter */ ), "filter" ( /* Define an IPv6 firewall filter */ inet6_filter /* Define an IPv6 firewall filter */ ), "service-filter" ( /* One or more IPv6 service filters */ inet6_service_filter /* One or more IPv6 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet6_fuf /* One or more fast update filters */ ), "template" ( /* Define an Inet6 firewall template */ inet6_template /* Define an Inet6 firewall template */ ) ) ), "mpls" ( /* Protocol family MPLS for firewall filter */ c( "dialer-filter" ( /* Define an mpls dialer filter */ mpls_dialer_filter /* Define an mpls dialer filter */ ), "filter" ( mpls_filter ), "template" ( /* Define an MPLS firewall template */ mpls_template /* Define an MPLS firewall template */ ) ) ), "vpls" ( /* Protocol family VPLS for firewall filter */ c( "filter" ( vpls_filter ) ) ), "evpn" ( /* Protocol family EVPN for firewall filter */ c( "filter" ( vpls_filter ) ) ), "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( bridge_filter ) ) ), "ccc" ( /* Protocol family CCC for firewall filter */ c( "filter" ( ccc_filter ) ) ), "any" ( /* Protocol-independent filter */ c( "filter" ( /* Define a protocol independent filter */ any_filter /* Define a protocol independent filter */ ), "template" ( /* Define Protocol independent filter template */ any_template /* Define Protocol independent filter template */ ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ es_filter /* Define an Ethernet Switching firewall filter */ ), "template" ( /* Define an ethernet switching firewall template */ es_template /* Define an ethernet switching firewall template */ ) ) ) ) ), "policer" ( /* Policer template definition */ firewall_policer /* Policer template definition */ ), "flexible-match" ( /* Flexible packet match template definition */ firewall_flexible_match /* Flexible packet match template definition */ ), "tunnel-end-point" ( /* Tunnel end-point template definition */ tunnel_end_point /* Tunnel end-point template definition */ ), "hierarchical-policer" ( /* Hierarchical policer template definition */ firewall_hierpolicer /* Hierarchical policer template definition */ ), "interface-set" ( /* Interface set definition */ interface_set_type /* Interface set definition */ ), "load-balance-group" ( /* Load-balance group definition */ firewall_load_balance_group /* Load-balance group definition */ ), "atm-policer" ( /* Atm policer */ atm_policer_type /* Atm policer */ ), "three-color-policer" ( /* Three-color policer */ three_color_policer_type /* Three-color policer */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ) ) ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "services" ( /* Service PIC daemon configuration */ c( "flow-monitoring" ( /* Configure flow monitoring under logical-systems */ c( "version9" ( /* Version 9 configuration */ c( "template" ( /* One or more version 9 templates */ version9_template /* One or more version 9 templates */ ) ) ) ) ) ) ), "bridge-domains" ( /* Bridge domain configuration */ c( juniper_bridge_domains ) ), "vlans" ( /* VLAN configuration */ c( vlan_types /* Virtual LAN */ ) ), "switch-options" ( /* Options for default routing-instance of type virtual-switch */ juniper_def_rtb_switch_options /* Options for default routing-instance of type virtual-switch */ ) ) ) end rule(:arp_interface_type) do arg.as(:arg) ( c( "aging-timer" arg /* Change the ARP aging time value */ ) ) end rule(:cflowd_sampling_inet_lr_inst_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:aggregation_type) do c( "autonomous-system" /* Aggregate by autonomous system number */, "protocol-port" /* Aggregate by protocol and port number */, "source-prefix" /* Aggregate by source prefix */, "destination-prefix" /* Aggregate by destination prefix */, "source-destination-prefix" ( /* Aggregate by source and destination prefix */ c( "caida-compliant" /* Compatible with Caida record format for prefix aggregation (v8) */ ) ) ) end rule(:cflowd_sampling_inet_lr_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:cflowd_sampling_mpls_lr_inst_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:cflowd_sampling_mpls_lr_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:jdhcp_local_server_type) do c( "traceoptions" ( /* DHCP local server trace options */ jdhcp_traceoptions_type /* DHCP local server trace options */ ), "interface-traceoptions" ( /* DHCP local server interface trace options */ jdhcp_interface_traceoptions_type /* DHCP local server interface trace options */ ), "dhcpv6" ( /* DHCPv6 configuration */ dhcpv6_local_server_type /* DHCPv6 configuration */ ), "pool-match-order" enum(("external-authority" | "ip-address-first" | "option-82" | "option-82-strict")) /* Define order of attribute matching for pool selection */, "duplicate-clients-on-interface" /* Allow duplicate clients on different interfaces in a subnet */, "duplicate-clients-in-subnet" ( /* Allow duplicate clients in a subnet */ jdhcp_duplicate_clients_in_subnet_type /* Allow duplicate clients in a subnet */ ).as(:oneline), "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "reconfigure" ( /* DHCP reconfigure processing */ reconfigure_type /* DHCP reconfigure processing */ ), "overrides" ( /* DHCP override processing */ override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "group" ( /* Define a DHCP local server group */ dhcp_local_server_group /* Define a DHCP local server group */ ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject discover and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), c( "requested-ip-network-match" arg /* Subnet to match server's address for active and giaddr for passive clients */, "requested-ip-interface-match" /* Use incoming-interface's subnet to check */ ), "no-snoop" /* Do not snoop DHCP packets */, "allow-leasequery" ( /* Allow DHCP leasequery */ server_leasequery_type /* Allow DHCP leasequery */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "allow-bulk-leasequery" ( /* Allow DHCP bulk leasequery */ server_bulk_leasequery_type /* Allow DHCP bulk leasequery */ ) ) end rule(:dhcp_local_server_group) do arg.as(:arg) ( c( "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "reconfigure" ( /* DHCP reconfigure processing */ reconfigure_type /* DHCP reconfigure processing */ ), "overrides" ( /* DHCP override processing */ override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCP override processing */ override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */ ) ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject discover and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ) ) ) end rule(:dhcpv6_local_server_type) do c( "authentication" ( /* DHCPv6 authentication */ dhcpv6_authentication_type /* DHCPv6 authentication */ ), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "reconfigure" ( /* DHCPv6 reconfigure processing */ dhcpv6_reconfigure_type /* DHCPv6 reconfigure processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_local_server_type /* DHCPv6 override processing */ ), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "group" ( /* Define a DHCPv6 local server group */ dhcpv6_local_server_group /* Define a DHCPv6 local server group */ ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject solicit and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), c( "requested-ip-network-match" arg /* Subnet to match server's address for active and link-address for passive clients */, "requested-ip-interface-match" /* Use incoming-interface's subnet to check */ ), "no-snoop" /* Do not snoop DHCPV6 packets */, "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "server-duid-type" ( /* Define the DUID type to be used as the Server ID. Type supported is DUID-LL */ duid_type /* Define the DUID type to be used as the Server ID. Type supported is DUID-LL */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "allow-leasequery" ( /* Allow DHCPv6 leasequery */ server_leasequery_type /* Allow DHCPv6 leasequery */ ), "allow-bulk-leasequery" ( /* Allow DHCPv6 bulk leasequery */ server_bulk_leasequery_type /* Allow DHCPv6 bulk leasequery */ ), "duplicate-clients" ( /* Allow duplicate clients */ dhcpv6_duplicate_clients_type /* Allow duplicate clients */ ).as(:oneline) ) end rule(:dhcpv6_local_server_group) do arg.as(:arg) ( c( "authentication" ( /* DHCP authentication */ dhcpv6_authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "reconfigure" ( /* DHCPv6 reconfigure processing */ dhcpv6_reconfigure_type /* DHCPv6 reconfigure processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "overrides" ( /* DHCP override processing */ dhcpv6_override_local_server_type /* DHCP override processing */ ), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCP override processing */ dhcpv6_override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */ ) ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject solicit and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ) ) ) end rule(:dhcpv6_override_local_server_type) do c( "interface-client-limit" arg /* Limit the number of clients allowed on an interface */, "rapid-commit" /* Enable rapid commit processing */, "client-negotiation-match" ( /* Use secondary match criteria for SOLICIT PDU */ sc( c( "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "process-inform" ( /* Process INFORMATION request PDUs */ c( "pool" arg /* Pool name for family inet6 */ ) ), "delay-advertise" ( /* Filter options for dhcp-server */ dhcpv6_filter_option /* Filter options for dhcp-server */ ), "delegated-pool" arg /* Delegated pool name for inet6 */, "multi-address-embedded-option-response" /* If the client requests multiple addresses place the options in each address */, "always-process-option-request-option" /* Always process option even after address allocation failure */, "delete-binding-on-renegotiation" /* Delete binding on renegotiation */, "top-level-status-code" /* A top level status code option rather than encapsulated in IA for NoAddrsAvail in Advertise PDUs */, "always-add-option-dns-server" /* Add option-23, DNS recursive name server in Advertise and Reply */, "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "asymmetric-prefix-lease-time" arg /* Use a reduced prefix lease time for the client. In seconds */, "protocol-attributes" arg /* DHCPv6 attributes to use as defined under access protocol-attributes */ ) end rule(:dhcpv6_filter_option) do c( "delay-time" arg /* Time delay between solicit and advertise */, "based-on" ( /* Option number */ c( "option-18" ( /* Option 18 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-37" ( /* Option 37 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-15" ( /* Option 15 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-16" ( /* Option 16 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ) ) ) ) end rule(:dhcpv6_reconfigure_type) do c( "strict" /* Only allow packets containing Reconfigure Accept Option */, "clear-on-abort" /* Delete client on reconfiguration abort */, "attempts" arg /* Number of reconfigure attempts before aborting */, "timeout" arg /* Initial timeout value for retry */, "token" arg /* Reconfigure token */, "trigger" ( /* DHCP reconfigure trigger */ reconfigure_trigger_type /* DHCP reconfigure trigger */ ), "support-option-pd-exclude" /* Request prefix exclude option in reconfigure message */ ) end rule(:duid_type) do c( "duid_ll" /* Link Layer Address based DUID */ ) end rule(:jdhcp_proxy_client_type) do c( "dhcpv4-profiles" ( /* DHCPv4 proxy client profile configuration */ dhcpv4_profile /* DHCPv4 proxy client profile configuration */ ), "dhcpv6-profiles" ( /* DHCPv6 proxy client profile configuration */ dhcpv6_profile /* DHCPv6 proxy client profile configuration */ ), "traceoptions" ( /* DHCP proxy-client trace options */ jdhcp_traceoptions_type /* DHCP proxy-client trace options */ ) ) end rule(:dhcpv4_profile) do arg.as(:arg) ( c( "pool-name" arg /* This pool name will be sent to sever in subnet-name-suboption(3) of subnet allocation option(220). It is optional. It shall be sent only if configured. */, "lease-time" arg /* Default least time requested in seconds. If DHCP client does not get the lease time from DHCP server, it will use this default lease time as the lease time. By default, the value of lease-time is zero */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCP client protocol message */, "retransmission-interval" arg /* Number of seconds between successive retransmissions of DHCP client protocols messages */, "dead-server-retry-interval" arg /* Number of seconds before reconnecting to a server which was marked as down in previous attempts */, "dhcp-server-selection-algorithm" ( /* DHCP server selection algorithm to be used */ ("highest-priority-server" | "round-robin") ), "dead-server-successive-retry-attempt" arg /* Number of successive retry attempts before declaring an unresponsive server as dead */, "bind-interface" ( /* Primary IPv4 address of bind-interface is source of DHCP packets */ interface_unit /* Primary IPv4 address of bind-interface is source of DHCP packets */ ), "servers" arg ( /* DHCP server */ c( "priority" arg /* Server priority */ ) ) ) ) end rule(:dhcpv6_profile) do arg.as(:arg) ( c( "pool-name" arg /* This pool name will be sent to sever in subnet-name-suboption(3) of subnet allocation option(220). It is optional. It shall be sent only if configured. */, "lease-time" arg /* Default least time requested in seconds. If DHCP client does not get the lease time from DHCP server, it will use this default lease time as the lease time. By default, the value of lease-time is zero */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCP client protocol message */, "retransmission-interval" arg /* Number of seconds between successive retransmissions of DHCP client protocols messages */, "bind-interface" ( /* Source interface of DHCP control packets */ interface_unit /* Source interface of DHCP control packets */ ) ) ) end rule(:jsscd_static_subscribers_type) do c( "access-profile" ( /* Access profile reference */ jsscd_access_profile_type /* Access profile reference */ ), "dynamic-profile" ( /* Dynamic profile reference */ jsscd_dynamic_profile_type /* Dynamic profile reference */ ), "authentication" ( /* Static Subscriber Client authentication */ jsscd_authentication_type /* Static Subscriber Client authentication */ ), "group" ( /* Static Subscriber Client group configuration */ jsscd_group_type /* Static Subscriber Client group configuration */ ), "auto-login" /* Auto login the operator logged-out static subscribers */, "baseline-stats" /* Baseline the statistics for static subscribers */ ) end rule(:jsscd_access_profile_type) do c( arg /* Profile name */ ) end rule(:jsscd_authentication_type) do c( "password" ( /* Username password to use */ unreadable /* Username password to use */ ), "username-include" ( /* Add username options */ c( "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "interface" /* Include interface name */, "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */ ) ) ) end rule(:jsscd_dynamic_profile_type) do c( arg, "aggregate-clients" ( /* Aggregate client profiles */ c( c( "merge" /* Merge the client dynamic profiles */, "replace" /* Replace client dynamic profiles */ ) ) ) ) end rule(:jsscd_group_type) do arg.as(:arg) ( c( "access-profile" ( /* Access profile reference */ jsscd_access_profile_type /* Access profile reference */ ), "dynamic-profile" ( /* Dynamic profile reference */ jsscd_dynamic_profile_type /* Dynamic profile reference */ ), "authentication" ( /* Static Subscriber Client authentication */ jsscd_authentication_type /* Static Subscriber Client authentication */ ), "interface" arg ( /* One or more interfaces */ sc( "upto" ( /* Interface up to */ interface_unit /* Interface up to */ ), "exclude" /* Exclude this interface range */ ) ).as(:oneline), "auto-login" /* Auto login the operator logged-out static subscribers */ ) ) end rule(:juniper_mobile_diameter) do c( "traceoptions" ( /* Trace options related to DIAMETER servers */ diameter_traceoptions /* Trace options related to DIAMETER servers */ ), "origin" ( /* Origin attributes of this diameter instance */ c( "realm" arg /* Origin realm of this diameter instance */, "host" arg /* Origin host of this diameter instance */ ) ), "vendor-id" arg /* Vendor-Id to advertize in Capability-Exchange */, "firmware-revision" arg /* Firmware-Revision to advertize in Capability-Exchange */, "product-name" arg /* Product-Name to advertize in Capability-Exchange */, "network-element" arg ( /* Network element of this diameter instance */ c( "function" ( /* Diameter function associated with by this network element */ ("pcc-gx" | "dcca-gy") ), "peer" arg ( /* Peer associated with this network element */ c( "priority" arg /* Peer priority with this network element */, "timeout" arg /* Peer timeout with this network element in seconds */ ) ) ) ), "transport" arg ( /* Diameter transport configuration */ c( "address" ( /* Source IP address for a peer */ ipaddr /* Source IP address for a peer */ ), c( "logical-system" ( /* Logical system to be used by transport */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used by transport */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ), "peer" arg ( /* Diameter peer configuration */ c( "address" ( /* IP Address of Diameter peer */ ipaddr /* IP Address of Diameter peer */ ), "connect-actively" ( c( "transport" arg /* Name of transport */, "port" arg /* Peer port */, "capabilities-exchange-timeout" arg /* Time to wait in Wait-I-CEA state */, "repeat-timeout" arg /* Timer to reconnect after getting DO_NOT_WANT_TO_TALK_TO_YOU in DPR */, "retry-timeout" arg /* Time to wait between connection attempts */, "timeout" arg /* Time to wait in Wait-Conn-Ack state */ ) ), "incoming-queue" ( /* Incoming queue properties of this peer */ c( "size" arg /* Incoming queue size for this peer */ ) ), "outgoing-queue" ( /* Outgoing queue properties of this peer */ c( "size" arg /* Outgoing queue size for this peer */, "low-watermark" arg /* Low watermark in percentage for outgoing queue of this peer */, "high-watermark" arg /* High watermark in percentage for outgoing queue of this peer */ ) ), "watchdog-timeout" arg /* Time to wait for Device-Watchdog-Answer */, "connection-timeout" arg /* Time to wait in Wait-Conn-Ack state */, "connection-repeat-timeout" arg /* Timer to reconnect after getting DO_NOT_WANT_TO_TALK_TO_YOU in DPR */, "capabilities-exchange-timeout" arg /* Time to wait in Wait-I-CEA state */, "disconnect-peer-timeout" arg /* Time to wait in Closing state */, "connection-retry-timeout" arg /* Time to wait between connection attempts */, "origin-host-prefix" arg /* Peer-specific prefix for local Origin-Host */ ) ), "applications" ( /* Diameter applications related configuration */ c( "pcc-gx" ( /* Policy and Charging Control Application Gx configuration */ c( "maximum-pending-requests" arg /* Maximum pending requests for this application */ ) ), "dcca-gy" ( /* Diameter Credit Control Application Gy configuration */ c( "maximum-pending-requests" arg /* Maximum pending requests for this application */ ) ) ) ) ) end rule(:diameter_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("send" | "send-detail" | "receive" | "receive-detail" | "timeout" | "state" | "all")) /* Tracing parameters */.as(:oneline), "peer" arg /* Trace packet sent to or received from the peer[s] */ ) end rule(:juniper_monitoring_options) do arg.as(:arg) ( c( "family" ( /* Address family of packets to monitor */ c( "inet" ( /* Monitor IPv4 packets */ c( "input" ( /* Monitor data acquisition */ monitoring_input_type /* Monitor data acquisition */ ), "output" ( /* Monitoring data disposition */ monitoring_output_type /* Monitoring data disposition */ ) ) ) ) ) ) ) end rule(:juniper_multicast_snooping_options) do c( "options" ( /* Miscellaneous options */ c( "syslog" ( /* Set system logging level */ c( "level" ( /* Logging level */ sc( "emergency" /* Emergency level */, "alert" /* Alert level */, "critical" /* Critical level */, "error" /* Error level */, "warning" /* Warning level */, "notice" /* Notice level */, "info" /* Informational level */, "debug" /* Debugging level */ ) ).as(:oneline), "upto" ( /* Log up to a particular logging level */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug") ), "mark" arg /* Periodically mark the trace file */ ) ) ) ), "traceoptions" ( /* Multicast snooping trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */ ) ) ) ), "flood-groups" ( /* Groups for which the traffic will be flooded */ ipaddr /* Groups for which the traffic will be flooded */ ), "host-outbound-traffic" ( /* Host generated protocol packets */ c( "forwarding-class" arg /* Forwarding class name */, "dot1p" arg /* Dot1p bits */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Maximum time for graceful restart to finish */ ) ), "ignore-stp-topology-change" /* Don't process stp topology change */, "multichassis-lag-replicate-state" ( /* Enable multichassis lag replication */ c( "suppress-report" /* Enable mclag report suppression */ ) ), "nexthop-hold-time" arg /* Nexthop hold time in milliseconds */ ) end rule(:juniper_next_hop_group_options) do arg.as(:arg) ( c( "group-type" ( /* Next hop group type */ ("inet" | "layer-2" | "inet6") ), "interface" ( /* Interfaces through which to send sampled traffic */ next_hop_group_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-subgroup" ( /* Group of interfaces through which to send sampled traffic */ juniper_next_hop_subgroup_options /* Group of interfaces through which to send sampled traffic */ ) ) ) end rule(:juniper_next_hop_subgroup_options) do arg.as(:arg) ( c( "interface" ( /* Interface through which to send the sampled traffic */ next_hop_subgroup_intf_type /* Interface through which to send the sampled traffic */ ) ) ) end rule(:juniper_packet_accounting_options) do arg.as(:arg) ( c( "output" ( /* Accounting data disposition */ packet_accounting_output_type /* Accounting data disposition */ ) ) ) end rule(:juniper_packet_capture_options) do c( ("disable"), "file" ( /* Parameters for file that contains captured packets */ sc( "filename" arg /* Name of file */, "files" arg /* Maximum number of files */, "size" arg /* Maximum file size */, "world-readable" /* Allow any user to read packet-capture files */, "no-world-readable" /* Don't allow any user to read packet-capture files */ ) ).as(:oneline), "maximum-capture-size" arg /* Maximum packet size to capture */ ) end rule(:juniper_pic_services_logging_options) do c( "traceoptions" ( /* Fsad trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("init" | "bookkeeping" | "connections" | "charging" | "flow-collector" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:juniper_policy_options) do c( "satellite-policies" ( /* Satellite Policy configuration */ satellite_policy_options /* Satellite Policy configuration */ ), "prefix-list" arg ( /* Define a named set of address prefixes */ c( prefix_list_items, "apply-path" arg /* Apply IP prefixes from a configuration statement */ ) ), "route-filter-list" arg ( /* Define a named set of route-filter address prefixes */ c( route_filter_list_items ) ), "source-address-filter-list" arg ( /* Define a named set of source address filter address prefixes */ c( source_address_filter_list_items ) ), "mac-list" arg ( /* Define a named set of mac addresses */ c( mac_addr_list_items ) ), "vsi-policy" arg ( /* Define a named set of VSI policies */ c( "from" ( /* Conditions to match the VSI policy */ c( "vsi-manager" ( /* VSI manager */ s( arg, "vsi-type" arg /* VSI type */, "vsi-version" arg /* VSI version */, "vsi-instance" arg /* VSI instance */ ) ) ) ), "then" ( /* Actions to take if 'from' conditions match */ c( "filter" arg /* Filter name */ ) ) ) ), "policy-statement" arg ( /* Routing policy */ c( "defaults" ( /* Policy default behaviour */ c( "route-filter" ( /* Set route filter behaviour */ sc( c( "no-walkup" /* Route filter walk up disable */, "walkup" /* Route filter walk up enable */ ) ) ).as(:oneline) ) ), "term" arg ( /* Policy term */ c( "from" ( /* Conditions to match the source of a route */ c( "instance" arg /* Routing protocol instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ), "route-filter" ( /* List of routes to match */ control_route_filter_type /* List of routes to match */ ), "source-address-filter" ( /* List of source addresses to match */ control_source_address_filter_type /* List of source addresses to match */ ), "prefix-list" ( /* List of prefix-lists of routes to match */ control_prefix_list_type /* List of prefix-lists of routes to match */ ), "prefix-list-filter" ( /* List of prefix-list-filters to match */ control_prefix_list_filter_type /* List of prefix-list-filters to match */ ), "rtf-prefix-list" ( /* List of rtf-prefix-lists of routes to match */ control_rtf_prefix_list_type /* List of rtf-prefix-lists of routes to match */ ), "route-filter-list" ( /* List of route-filter-lists of routes to match */ control_route_filter_list_type /* List of route-filter-lists of routes to match */ ), "source-address-filter-list" ( /* List of source-address-filter-lists of routes to match */ control_source_address_filter_list_type /* List of source-address-filter-lists of routes to match */ ), "multicast-scope" ( /* Multicast scope to match */ sc( c( "node-local" /* Node-local scope */, "link-local" /* Link-local scope */, "site-local" /* Site-local scope */, "organization-local" /* Organization-local scope */, "global" /* Global scope */, arg ), c( "orhigher" /* Match higher values */, "orlower" /* Match lower values */ ) ) ).as(:oneline), "aggregate-contributor" /* Match more specifics of an aggregate */, "state" ( /* Route state */ ("active" | "inactive") ), "route-type" ( /* Route type */ ("internal" | "external") ), "nlri-route-type" arg /* Route type from NLRI */, "next-hop-type" ( /* Next-hop type */ ("merged") ), "condition" arg /* Condition to match on */, "community-count" ( /* Number of BGP communities */ community_count_type /* Number of BGP communities */ ), "as-path-unique-count" ( /* Number of unique BGP ASes excluding confederations */ as_path_unique_count_type /* Number of unique BGP ASes excluding confederations */ ), "traffic-engineering" ( /* Traffic-Engineering related parameters */ c( "protocol" ( /* Protocol that originated the entry */ ("direct" | "ospf" | "isis-level-1" | "isis-level-2" | "static" | "unknown") ), "node" ( /* Node-related parameters */ c( "as" arg /* AS number */, "node-type" ( /* Real or pseudo-node */ ("router" | "pseudo-node") ), "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "ipv4-prefix" ( /* IPV4 prefix-related parameters */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "prefix" ( /* IP prefix to match against */ ipprefix /* IP prefix to match against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "link" ( /* Link-related parameters */ c( "from" ( /* Specify parameter of the 'from' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ), "to" ( /* Specify parameters of the 'to' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ) ) ) ) ), "route-distinguisher" arg /* Name of the route-distinguisher */ ) ), "to" ( /* Conditions to match the destination of a route */ c( "instance" arg /* Routing protocol instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ) ) ), "then" ( /* Actions to take if 'from' and 'to' conditions match */ c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */ ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ sc( "index" arg /* Set prefix segment index */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, ipaddr /* Next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( "strict" /* Do not use any other available next hops */, c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline) ) ) ) ), "from" ( /* Conditions to match the source of a route */ c( "instance" arg /* Routing protocol instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ), "route-filter" ( /* List of routes to match */ control_route_filter_type /* List of routes to match */ ), "source-address-filter" ( /* List of source addresses to match */ control_source_address_filter_type /* List of source addresses to match */ ), "prefix-list" ( /* List of prefix-lists of routes to match */ control_prefix_list_type /* List of prefix-lists of routes to match */ ), "prefix-list-filter" ( /* List of prefix-list-filters to match */ control_prefix_list_filter_type /* List of prefix-list-filters to match */ ), "rtf-prefix-list" ( /* List of rtf-prefix-lists of routes to match */ control_rtf_prefix_list_type /* List of rtf-prefix-lists of routes to match */ ), "route-filter-list" ( /* List of route-filter-lists of routes to match */ control_route_filter_list_type /* List of route-filter-lists of routes to match */ ), "source-address-filter-list" ( /* List of source-address-filter-lists of routes to match */ control_source_address_filter_list_type /* List of source-address-filter-lists of routes to match */ ), "multicast-scope" ( /* Multicast scope to match */ sc( c( "node-local" /* Node-local scope */, "link-local" /* Link-local scope */, "site-local" /* Site-local scope */, "organization-local" /* Organization-local scope */, "global" /* Global scope */, arg ), c( "orhigher" /* Match higher values */, "orlower" /* Match lower values */ ) ) ).as(:oneline), "aggregate-contributor" /* Match more specifics of an aggregate */, "state" ( /* Route state */ ("active" | "inactive") ), "route-type" ( /* Route type */ ("internal" | "external") ), "nlri-route-type" arg /* Route type from NLRI */, "next-hop-type" ( /* Next-hop type */ ("merged") ), "condition" arg /* Condition to match on */, "community-count" ( /* Number of BGP communities */ community_count_type /* Number of BGP communities */ ), "as-path-unique-count" ( /* Number of unique BGP ASes excluding confederations */ as_path_unique_count_type /* Number of unique BGP ASes excluding confederations */ ), "traffic-engineering" ( /* Traffic-Engineering related parameters */ c( "protocol" ( /* Protocol that originated the entry */ ("direct" | "ospf" | "isis-level-1" | "isis-level-2" | "static" | "unknown") ), "node" ( /* Node-related parameters */ c( "as" arg /* AS number */, "node-type" ( /* Real or pseudo-node */ ("router" | "pseudo-node") ), "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "ipv4-prefix" ( /* IPV4 prefix-related parameters */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "prefix" ( /* IP prefix to match against */ ipprefix /* IP prefix to match against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "link" ( /* Link-related parameters */ c( "from" ( /* Specify parameter of the 'from' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ), "to" ( /* Specify parameters of the 'to' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ) ) ) ) ), "route-distinguisher" arg /* Name of the route-distinguisher */ ) ), "to" ( /* Conditions to match the destination of a route */ c( "instance" arg /* Routing protocol instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ) ) ), "then" ( /* Actions to take if 'from' and 'to' conditions match */ c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */ ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ sc( "index" arg /* Set prefix segment index */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, ipaddr /* Next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( "strict" /* Do not use any other available next hops */, c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline) ) ) ) ), "defaults" ( /* Policy default behaviour */ c( "route-filter" ( /* Set route filter behaviour */ sc( "walkup" /* Route filter walk up enable */ ) ).as(:oneline) ) ), "community" arg ( /* BGP community information */ c( "invert-match" /* Invert the result of the community expression matching */, "members" arg /* Community members */ ) ), "route-distinguisher" arg ( /* Route-distinguisher information */ c( "members" arg /* Route distinguisher string in ( *:X ) or ( Y:* ) or (X:Y) format */ ) ), "as-path" arg ( /* BGP autonomous system path regular expression */ c( arg /* AS path regular expression */ ) ), "as-path-group" arg ( /* Group a set of AS paths */ c( "as-path" arg ( /* BGP autonomous system path regular expression */ sc( arg /* AS path regular expression */ ) ).as(:oneline) ) ), "damping" arg ( /* BGP route flap damping properties */ c( ("disable"), "half-life" arg /* Decay half-life */, "reuse" arg /* Reuse threshold (figure-of-merit value) */, "suppress" arg /* Cutoff threshold (figure-of-merit value) */, "max-suppress" arg /* Maximum hold-down time */ ) ), "condition" arg ( /* Define a route advertisement condition */ c( c( "route-active-on" ( /* Route is active on a specific node */ ("node0" | "node1") ), "if-route-exists" ( /* Route exists in a specific routing table */ c( "address-family" ( /* Indicates the address family of the route to match on */ c( c( "inet" ( /* Route to match corresponds to an inet/inet6 prefix */ c( ipprefix /* Exact address of the route */, "table" arg /* Routing table in which route should exist */ ) ), "ccc" ( /* Route to match corresponds to a ccc prefix */ c( interface_name /* Logical interface used to establish ccc route */, "table" arg /* Routing table in which route should exist */, "standby" /* Indicates if route must be in standby state to be considered a match */, "peer-unit" arg /* Associated LT ifl's peer-unit. Required for LT-based routes */ ) ) ) ) ), ipprefix /* Exact address of the route */, "table" arg /* Routing table in which route should exist */ ) ) ) ) ), "rtf-prefix-list" arg ( /* Define a named set of family route target prefixes */ c( rtf_prefix_list_items ) ), "application-maps" ( /* Define application maps */ application_map_object /* Define application maps */ ), "redundancy-policy" arg ( c( "redundancy-events" arg /* Events related services redundancy under event-options */, "then" ( /* Action to take when of the event occurs */ srd_ev_action_object /* Action to take when of the event occurs */ ) ) ) ) end rule(:application_map_object) do arg.as(:arg) ( c( "application" arg ( /* Name of the application */ sc( "code-points" arg /* List of code point bit strings */ ) ).as(:oneline) ) ) end rule(:as_path_unique_count_type) do arg.as(:arg) ( c( c( "equal" /* Match equal values */, "orhigher" /* Match higher or equal values */, "orlower" /* Match lower or equal values */ ) ) ).as(:oneline) end rule(:community_count_type) do arg.as(:arg) ( c( c( "equal" /* Match equal values */, "orhigher" /* Match higher or equal values */, "orlower" /* Match lower or equal values */ ) ) ).as(:oneline) end rule(:control_prefix_list_filter_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */ ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ sc( "index" arg /* Set prefix segment index */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, ipaddr /* Next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( "strict" /* Do not use any other available next hops */, c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline) ) ) end rule(:control_prefix_list_type) do arg.as(:arg) end rule(:control_route_filter_list_type) do arg.as(:arg) end rule(:control_route_filter_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */, "address-mask" arg /* Mask applied to prefix address */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */ ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ sc( "index" arg /* Set prefix segment index */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, ipaddr /* Next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( "strict" /* Do not use any other available next hops */, c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline) ) ) end rule(:control_rtf_prefix_list_type) do arg.as(:arg) end rule(:control_source_address_filter_list_type) do arg.as(:arg) end rule(:control_source_address_filter_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */ ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ sc( "index" arg /* Set prefix segment index */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, ipaddr /* Next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( "strict" /* Do not use any other available next hops */, c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline) ) ) end rule(:juniper_port_mirror_options) do c( "traceoptions" ( /* Port-mirroring trace options */ sampling_traceoptions_type /* Port-mirroring trace options */ ), "disable" /* Disable the global port-mirroring instance */, "disable-all-instances" /* Disable the all port-mirroring instances */, "mirror-once" /* Sample the packet for port mirroring only once */, "no-preserve-ingress-tag" /* Mirror the packet retaining tag value before normalization */, "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "family" ( /* Address family of packets to mirror */ c( "inet" ( /* Mirror IPv4 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "inet6" ( /* Mirror IPv6 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet6_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "mpls" ( /* Mirror MPLS packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ mpls_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "any" ( /* Mirror any packets */ c( "output" ( /* One or more next hops for port-mirrored packets */ any_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "vpls" ( /* Mirror Layer-2 bridged/vpls packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ethernet-switching" ( /* Mirror Layer-2 ethernet-switched packets */ c( "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ccc" ( /* Mirror layer-2 ccc packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ) ) ), "instance" arg ( /* Instance of port-mirroring parameters */ c( "disable" /* Disable the this port-mirroring instance */, c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "input-parameters-instance" arg /* Name of port-mirroring instance to use for input parameters */ ), "family" ( /* Address family of packets to mirror */ c( "inet" ( /* Mirror IPv4 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "inet6" ( /* Mirror IPv6 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet6_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "mpls" ( /* Mirror MPLS packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ mpls_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "any" ( /* Mirror any packets */ c( "output" ( /* One or more next hops for port-mirrored packets */ any_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "vpls" ( /* Mirror Layer-2 bridged/vpls packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ethernet-switching" ( /* Mirror Layer-2 ethernet-switched packets */ c( "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ccc" ( /* Mirror layer-2 ccc packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ) ) ) ) ) ) end rule(:any_pm_family_output_type) do c( c( "interface" ( /* Interfaces through which to send sampled traffic */ any_pm_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */ ), "no-filter-check" /* Do not check for filters on port-mirroring interface */, "hosted-service" ( /* Configure Hosted Service */ c( "server-profile" arg /* Server profile name */ ) ) ) end rule(:any_pm_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ inet_next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:inet6_pm_family_output_type) do c( c( "interface" ( /* Interfaces through which to send sampled traffic */ inet6_pm_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */ ), "no-filter-check" /* Do not check for filters on port-mirroring interface */, "server-profile" arg /* Server profile name */ ) end rule(:inet6_pm_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ inet6_next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:inet6_next_hop_type) do arg.as(:arg) end rule(:inet_next_hop_type) do arg.as(:arg) end rule(:inet_pm_family_output_type) do c( c( "interface" ( /* Interfaces through which to send sampled traffic */ inet_pm_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */ ), "no-filter-check" /* Do not check for filters on port-mirroring interface */, "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ), "routing-instance" ( /* Routing instances */ inet_pm_output_routing_instance_type /* Routing instances */ ), "server-profile" arg /* Server profile name */ ) end rule(:inet_pm_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ inet_next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:inet_pm_output_routing_instance_type) do arg.as(:arg) ( c( "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ) ) ) end rule(:juniper_protected_system_domain) do arg.as(:arg) ( c( "description" arg /* Description of protected system domain */, "fpcs" arg /* FPC associated with protected system domain */, "lcc" arg ( c( "fpcs" arg /* FPC associated with protected system domain */ ) ), "control-system-id" arg /* Control system identifier */, "control-slot-numbers" arg /* Slots associated with protected system domain */, "control-plane-bandwidth-percent" arg /* Percentage of control plane bandwidth */ ) ) end rule(:juniper_protected_system_domain_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "rtsock" | "ipc" | "init" | "psd" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:juniper_protocols) do c( "overlay" ( /* Overlay protocol */ juniper_protocols_overlayd /* Overlay protocol */ ), "l2iw" ( /* Configuration for Layer 2 interworking */ c( "traceoptions" ( /* Trace options for Layer 2 circuits */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "igmp" ( /* IGMP options */ c( "traceoptions" ( /* Trace options for IGMP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for IGMP */ c( ("disable"), "version" arg /* Set IGMP version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv4addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv4addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "promiscuous-mode" /* Accept igmp messages coming from different subnet */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "passive" ( /* Suppress sending and receiving IGMP messages */ sc( "allow-receive" /* Allow receiving IGMP messages */, "send-general-query" /* Send IGMP general query messages */, "send-group-query" /* Send IGMP group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed IGMP interface */ ) ), "amt" ( /* Automatic Multicast Tunnel options for IGMP */ c( "relay" ( /* AMT relay options for IGMP */ c( "defaults" ( /* Default AMT relay options for IGMP */ c( "version" arg /* Set IGMP version number on AMT interfaces */, "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "robust-count" arg /* Expected packet loss on a subnet */, "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */ ) ) ) ) ) ) ) ), "mld" ( /* MLD options */ c( "traceoptions" ( /* Trace options for MLD */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for MLD */ c( ("disable"), "version" arg /* Set mld version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv6addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv6addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for ssm translation of mld v1 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "group-policy" ( /* Group filter applied to incoming mld report messages */ policy_algebra /* Group filter applied to incoming mld report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of group-limit at which to start generating warnings */, "log-interval" arg /* Time between consecutive log messages */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "passive" ( /* Suppress sending and receiving mld messages */ sc( "allow-receive" /* Allow receiving mld messages */, "send-general-query" /* Send mld general query messages */, "send-group-query" /* Send mld group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed MLD interface */ ) ) ) ), "amt" ( /* AMT configuration */ juniper_protocols_amt /* AMT configuration */ ), "router-discovery" ( /* ICMP router discovery options */ juniper_protocols_router_discovery /* ICMP router discovery options */ ), "router-advertisement" ( /* IPv6 router advertisement options */ c( "traceoptions" ( /* Trace options for router advertisement */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" ("$junos-interface-name" | arg) ( /* Interfaces on which to configure router advertisement */ c( "preference" ( /* Set the Preference for Router Selection */ ("medium" | "high" | "low") ), "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "link-mtu" /* Link MTU */, "no-link-mtu" /* Don't link MTU */, "solicit-router-advertisement-unicast" /* Enbale solicited router advertisement as unicast */, "reachable-time" arg /* Reachable time */, "retransmit-timer" arg /* Retransmit timer */, "virtual-router-only" /* Send advertisemnets only for vrrp-inet6-group */, "current-hop-limit" arg /* Current hop limit */, "default-lifetime" arg /* Router lifetime */, "dns-server-address" ("$junos-ipv6-dns-server-address" | arg) ( /* Recursive DNS address configuration */ c( "lifetime" arg /* DNS address lifetime */ ) ), "prefix" arg ( /* Prefix configuration */ c( "valid-lifetime" arg /* Valid lifetime (fixed) */, "on-link" /* Set on-link flag */, "no-on-link" /* Don't set on-link flag */, "preferred-lifetime" arg /* Preferred lifetime (fixed) */, "autonomous" /* Set autonomous flag */, "no-autonomous" /* Don't set autonomous flag */ ) ) ) ), "ra-secure" ( /* Protect box against rogue incoming RA messages */ c( "accept-current-hop-limit-min" arg /* Current hop limit acceptable min for incoming RA */, "accept-current-hop-limit-max" arg /* Current hop acceptable min for incoming RA */, "accept-reachable-time-min" arg /* Reachable Time acceptable min for incoming RA */, "accept-reachable-time-max" arg /* Reachable Time acceptable max for incoming RA */, "accept-retransmit-time-min" arg /* Retransmit Time acceptable min for incoming RA */, "accept-retransmit-time-max" arg /* Retransmit Time acceptable min for incoming RA */ ) ) ) ), "sap" ( /* Session Advertisement Protocol options */ c( ("disable"), "listen" arg ( /* Address for SAP and SDP to listen on */ sc( "port" arg /* Port to listen for session advertisements */ ) ).as(:oneline) ) ), "rsvp" ( /* RSVP options */ juniper_protocols_rsvp /* RSVP options */ ), "mpls" ( /* Multiprotocol Label Switching options */ juniper_protocols_mpls /* Multiprotocol Label Switching options */ ), "bgp" ( /* BGP options */ juniper_protocols_bgp /* BGP options */ ), "dvmrp" ( /* DVMRP options */ c( ("disable"), "traceoptions" ( /* Trace options for DVMRP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("route" | "poison" | "packets" | "probe" | "report" | "neighbor" | "prune" | "graft" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "interface" arg ( /* DVMRP interface options */ c( ("disable"), "mode" ( /* Mode of interface */ ("forwarding" | "unicast-routing") ), "metric" arg /* DVMRP metric value */, "hold-time" arg /* When neighbors think the interface is down */ ) ) ) ), "isis" ( /* IS-IS options */ juniper_protocols_isis /* IS-IS options */ ), "esis" ( /* End system-intermediate system options */ juniper_protocols_esis /* End system-intermediate system options */ ), "msdp" ( /* MSDP configuration */ juniper_protocols_msdp /* MSDP configuration */ ), "ospf" ( /* OSPF configuration */ juniper_protocols_ospf /* OSPF configuration */ ), "ospf3" ( /* OSPFv3 configuration */ c( "realm" ("ipv6-unicast" | "ipv6-multicast" | "ipv4-unicast" | "ipv4-multicast") ( /* OSPFv3 realm configuration */ c( ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-group" arg /* Routing table group for importing OSPF routes */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ) ) ), "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "te-metric" arg /* Traffic engineering metric */, "priority" arg /* Designated router priority */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ) ) ) ) ), ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-group" arg /* Routing table group for importing OSPF routes */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ) ) ), "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "te-metric" arg /* Traffic engineering metric */, "priority" arg /* Designated router priority */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ) ) ) ) ), "ldp" ( /* LDP options */ juniper_protocols_ldp /* LDP options */ ), "pim" ( /* PIM configuration */ juniper_protocols_pim /* PIM configuration */ ), "rip" ( /* RIP options */ juniper_protocols_rip /* RIP options */ ), "ripng" ( /* RIPng options */ juniper_protocols_ripng /* RIPng options */ ), "connections" ( /* Circuit cross-connect configuration */ c( "interface-switch" arg ( /* Bidirectional switch between interfaces */ c( "interface" arg /* Interface to be switched */ ) ), "remote-interface-switch" arg ( /* Bidirectional switch between a local and a remote interface */ c( "interface" ( /* Local interface name */ interface_name /* Local interface name */ ), "transmit-lsp" arg /* Name of outgoing label-switched path */, "receive-lsp" arg /* Name of incoming label-switched path */ ) ), "lsp-switch" arg ( /* Unidirectional switch between two label-switched paths */ c( "transmit-lsp" arg /* Name of outgoing label-switched path */, "receive-lsp" arg /* Name of incoming label-switched path */ ) ), "p2mp-transmit-switch" arg ( /* Local interface to point-to-multipoint LSP switch */ c( "input-interface" ( /* Input interface name */ interface_name /* Input interface name */ ), "transmit-p2mp-lsp" arg /* Point-to-multipoint LSP name on which to transmit */, "output-interface" ( /* Outgoing interface name */ interface_name /* Outgoing interface name */ ) ) ), "p2mp-receive-switch" arg ( /* Point-to-multipoint LSP to local interfaces switch */ c( "receive-p2mp-lsp" arg /* Point-to-multipoint LSP name on which to receive */, "output-interface" ( /* Next outgoing interface name */ interface_name /* Next outgoing interface name */ ) ) ) ) ), "vrrp" ( /* VRRP options */ c( "traceoptions" ( /* Trace options for VRRP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "flag" enum(("database" | "general" | "interfaces" | "normal" | "packets" | "state" | "timer" | "ppm" | "all")) /* Tracing parameters */.as(:oneline) ) ), "failover-delay" arg /* Additional failover delay timer */, "startup-silent-period" arg /* Period for ignoring master down timer at device startup */, "asymmetric-hold-time" /* Priority hold time asymmetric behaviour */, "delegate-processing" ( /* Switch to distributed PPMD */ c( "ae-irb" /* Enable distributed PPMD for vrrp over AE and IRB */ ) ), "skew-timer-disable" /* Disable the skew timer */, "global-advertisements-threshold" arg /* Number of vrrp advertisements missed before declaring master down */, "inherit-advertisement-interval" arg /* Advertisement interval for inherit sessions */, "version-3" /* VRRPv3 conformance */ ) ), "l2circuit" ( /* Configuration for Layer 2 circuits over MPLS */ c( "traceoptions" ( /* Trace options for Layer 2 circuits */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "topology" | "fec" | "connections" | "oam" | "egress-protection" | "auto-sensing" | "sdb" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "neighbor" arg ( /* List of Layer 2 circuits to this neighbor */ c( "interface" arg ( /* Interface forming the Layer 2 circuit */ c( "static" ( /* Configuration of static Pseudowire */ c( "incoming-label" arg /* Layer 2 circuit incoming static label */, "outgoing-label" arg /* Layer 2 circuit outgoing static label */, "send-oam" /* Turn on sending of l2ckt ping */ ) ), "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ), "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "description" arg /* Text description of Layer 2 circuit */, "control-word" /* Add control word to the Layer 2 encapsulation */, "no-control-word" /* Don't add control word to the Layer 2 encapsulation */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-transmit-static" /* Push Flow Label on PW packets sent to remote PE */, "flow-label-receive" /* Advertise capability to pop Flow Label in receive direction to remote PE */, "flow-label-receive-static" /* Pop Flow Label from PW packets received from remote PE */, "community" arg /* Community associated with this Layer 2 circuit */, "mtu" arg /* MTU to be advertised for this Layer 2 circuit */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "ignore-mtu-mismatch" /* Allow different MTUs on interfaces */, "no-revert" /* Don't revert to primary-interface */, "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "pseudowire-status-tlv" ( /* Send pseudowire status TLV */ c( "hot-standby-vc-on" /* Activate pseudowire upon arrival of 'hot-standby' status TLV message */ ) ), "switchover-delay" arg /* Layer 2 circuit switchover delay */, "revert-time" ( /* Enable pseudowire redundancy reversion */ sc( arg, "maximum" arg /* Maximum reversion interval to add over revert-time delay */ ) ).as(:oneline), "connection-protection" /* End-2-end protection via OAM failure detection */, "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "static" ( /* Configuration of static Pseudowire */ c( "incoming-label" arg /* Layer 2 circuit incoming static label */, "outgoing-label" arg /* Layer 2 circuit outgoing static label */ ) ), "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "standby" /* Keep backup pseudowire in continuous standby */, "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */ ) ), "oam" ( /* OAM Configuration for Layer 2 circuit */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "egress-protection" ( /* Egress protection for Layer 2 circuit */ c( c( "protector-interface" ( /* Name of the protector interface for local protection */ interface_name /* Name of the protector interface for local protection */ ), "protector-pe" ( /* Address of the protector PE */ sc( ipv4addr /* Address of the protector PE */, "context-identifier" ( /* Identifier of the context used for this protection */ ipv4addr /* Identifier of the context used for this protection */ ), "lsp" arg /* Name of the label-switched path used for the protection */ ) ).as(:oneline) ), "protected-l2circuit" ( /* Primary Layer 2 circuit to be protected */ sc( arg /* Name of the protected Layer 2 circuit */, "ingress-pe" ( /* Ingress PE address of the protected Layer 2 circuit */ ipv4addr /* Ingress PE address of the protected Layer 2 circuit */ ), "egress-pe" ( /* Egress PE address of the protected Layer 2 circuit */ ipv4addr /* Egress PE address of the protected Layer 2 circuit */ ), "virtual-circuit-id" arg /* Identifier of the protected Layer 2 circuit */ ) ).as(:oneline) ) ) ) ) ) ), "local-switching" ( /* Configuration of Layer 2 circuits local switching */ c( "interface" arg ( /* Interface forming the local Layer 2 circuit */ c( "no-revert" /* Do not revert to primary-interface */, "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ), "connection-protection" /* End-2-end protection via OAM failure detection */, "neighbor" arg ( /* Configuration of Layer 2 circuit */ c( "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the neighbor PE */ ipv4addr /* Endpoint of the transport tunnel on the neighbor PE */ ), "mtu" arg /* MTU to be advertised for this Layer 2 circuit */ ) ), "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the backup neighbor PE */ ipv4addr /* Endpoint of the transport tunnel on the backup neighbor PE */ ), "community" arg /* Community associated with this Layer 2 circuit */, "mtu" arg /* MTU to be advertised for this Layer 2 circuit */ ) ), "end-interface" ( /* Interface name of the other end point */ c( "interface" ( /* Interface name */ interface_name /* Interface name */ ), "no-revert" /* Do not revert to primary-interface */, "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ), "backup-interface" ( /* Name of backup interface */ interface_name /* Name of backup interface */ ) ) ), "description" arg /* Text description of Layer 2 circuit */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "ignore-mtu-mismatch" /* Allow different MTUs on interfaces */ ) ) ) ), "auto-sensing" ( /* Configuration of PW auto-sensing */ c( "password" ( /* Password for authentication with Radius server; 1 to 15 characters long */ unreadable /* Password for authentication with Radius server; 1 to 15 characters long */ ) ) ) ) ), "evpn" ( /* Configuration EVPN default routing instance */ c( "traceoptions" ( /* Trace options for Layer 2 VPNs */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "topology" | "nlri" | "connections" | "automatic-site" | "oam" | "mac-database" | "nsr" | "egress-protection" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "es-import-oldstyle" /* Enable noncompliant ES import route-target computation */, "mac-list" arg ( /* Configure MAC lists */ c( "mac-address" ( /* MAC address */ mac_addr /* MAC address */ ) ) ), "vni-options" ( /* Vni options */ juniper_protocols_vni_options /* Vni options */ ), "encapsulation" ( /* Encapsulation type for EVPN */ ("vxlan") ), "extended-vlan-list" arg /* List of VLAN identifiers that are to be EVPN extended */, "multicast-mode" ( /* Multicast mode for EVPN */ ("ingress-replication") ), "default-gateway" ( /* Default gateway mode */ ("advertise" | "no-gateway-community" | "do-not-advertise") ), "designated-forwarder-election-hold-time" arg /* Time to wait before electing a DF(seconds) */, "extended-vni-list" arg /* List of VNI identifiers or all, that are to be EVPN extended */ ) ), "link-management" ( /* LMP options */ juniper_protocols_lmp /* LMP options */ ), "pgm" ( /* PGM options */ juniper_protocols_pgm /* PGM options */ ), "bfd" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "traceoptions" ( /* Trace options for BFD */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("adjacency" | "event" | "error" | "rtsock" | "packet" | "ppm-packet" | "pipe" | "pipe-detail" | "state" | "timer" | "nsr-synchronization" | "nsr-packet" | "issu" | "slow-start" | "session" | "all")) /* Trace flag information */.as(:oneline) ) ), "no-issu-timer-negotiation" /* Disable ISSU timer negotiation */ ) ), "mvpn" ( /* BGP-MVPN configuration */ juniper_protocols_mvpn /* BGP-MVPN configuration */ ), "vpls" ( /* Configuration for global vpls module */ c( "static-vpls" ( /* Enables static vpls configuration using no-tunnel-services */ c( "no-tunnel-services" /* Enables static partitioning of vpls labels */ ) ) ) ), "spring-traffic-engineering" ( /* SPRING Traffic-Engineering */ c( "traceoptions" ( /* Trace options for MPLS */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("controller" | "state" | "route" | "general" | "interface" | "all")) /* Tracing parameters */.as(:oneline) ) ), "lsp-external-controller" arg /* External path computing entity */, "preference" arg /* Route preference for SPRING-TE routes */ ) ), "neighbor-discovery" ( /* IPv6 neighbor discovery */ c( "onlink-subnet-only" /* Onlink subnet only knob */, "no-dad-on-state-change" /* Disable DAD on interface state change */, "secure" ( /* SEND process configuration */ c( "security-level" ( /* Security level */ c( c( "default" /* Default level */, "secure-messages-only" /* Allow only secure messages */ ) ) ), "cryptographic-address" ( /* Cryptographic address configuration */ c( "key-length" arg /* RSA key length in bits */, "key-pair" arg /* Pathname of RSA key file */ ) ), "timestamp" ( /* Timestamp option configuration */ c( "new-peer-window" arg /* New peer window (delta) */, "known-peer-window" arg /* Known peer window (fuzz) */, "clock-drift" ( /* Clock drift */ unsigned_float /* Clock drift */ ) ) ), "traceoptions" ( /* Trace options for SEND */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("cryptographic-address" | "configuration" | "protocol" | "rsa" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ) ) ), "iccp" ( /* ICCP options */ c( "local-ip-addr" ( /* Local IP address to use by default for all peers */ ipv4addr /* Local IP address to use by default for all peers */ ), "session-establishment-hold-time" arg /* Time within which connection must succeed with peers */, "authentication-key" arg /* MD5 authentication key for all peers */, "peer" ( /* Redundancy Group Configuration */ peer_group /* Redundancy Group Configuration */ ), "traceoptions" ( /* Trace options for ICCP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("error" | "event" | "packet" | "pipe" | "pipe-detail" | "all")) /* Trace flag information */.as(:oneline) ) ) ) ), "ilmi" ( /* Interim Local Management Interface Protocol configuration */ c( "traceoptions" ( /* ILMI trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("database" | "routing-socket" | "state" | "debug" | "event" | "packet" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "traceoptions" ( /* LACP trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "process" | "startup" | "protocol" | "packet" | "ppm" | "bfd" | "mc-ae" | "all")) /* Events and packet types to include in the trace */.as(:oneline) ) ), "ppm" ( /* Force PPM processing */ ("centralized") ), "fast-hello-issu" /* ISSU support for peer lacp configured in fast periodic */ ) ), "oam" ( /* Operation, Administration, and Management configuration */ c( "ethernet" ( /* OAM configuration for Ethernet */ c( "link-fault-management" ( /* 802.3ah Ethernet OAM configuration */ c( "traceoptions" ( /* Trace options for link-fault management */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "action-profile" | "all")) /* Tracing parameters */.as(:oneline) ) ), "action-profile" arg ( /* Define an action profile */ c( "event" ( /* Events this action profile will check */ c( "link-adjacency-loss" /* Loss of adjacency with OAM peer */, "protocol-down" /* Upper layer indication on protocol down */, "link-event-rate" ( c( "symbol-period" arg /* Rate of receiving symbol period events */, "frame-error" arg /* Rate of receiving frame error events */, "frame-period" arg /* Rate of receiving frame period events */, "frame-period-summary" arg /* Rate of receiving frame period summary events */ ) ) ) ), "action" ( /* Action to take on specified events */ c( "syslog" /* Generate syslog message */, "link-down" /* Mark the interface down for transit traffic */, "send-critical-event" /* Start sending OAM PDUs with critical event bit set */ ) ) ) ), "interface" arg ( /* Interface on which to set Ethernet OAM parameters */ c( "apply-action-profile" arg /* Apply the specified action profile on the interface */, "pdu-interval" arg /* Periodic OAM protocol data unit interval */, "loopback-tracking" /* Enable link down on loopback detection */, "detect-loc" /* Detects initial lack of adjacency formation */, "link-discovery" ( /* Mode of discovery */ ("active" | "passive") ), "pdu-threshold" arg /* Number of PDUs missed before declaring peer lost */, "remote-loopback" /* Put remote DTE into remote-loopback mode */, "negotiation-options" ( /* 802.3ah features supported on the interface */ c( "no-allow-link-events" /* Do not emit periodic PDUs detailing framing and symbol errors */, "allow-remote-loopback" /* Allow local port to be put into loopback mode */ ) ), "event-thresholds" ( /* Thresholds for sending 802.3ah events */ c( "symbol-period" arg /* Threshold for sending symbol period events */, "frame-error" arg /* Threshold for sending frame error events */, "frame-period" arg /* Threshold for sending frame period error events */, "frame-period-summary" arg /* Threshold for sending frame period summary error events */ ) ) ) ) ) ), "connectivity-fault-management" ( /* Configurations related to 802.1ag ethernet oam */ c( "performance-monitoring" ( /* Configurations related to ethernet performance monitoring */ c( "hardware-assisted-timestamping" /* Enable timestamping feature in hardware */, "delegate-server-processing" /* Delegate performance measurement request handling to PFE */, "hardware-assisted-keepalives" ( /* Enable/Disable delegating keepalives to hardware */ ("enable" | "disable") ), "enhanced-sla-iterator" /* Enable Enhanced SLA Iterator Cycle-time */, "measurement-interval" ( /* Enables measurement-interval based PM (MEF 36 mode). Default 15 min in enhanced-cfm-mode */ ("2" | "5" | "15" | "30" | "60") ), "sla-iterator-profiles" arg ( /* Configuration related to an sla monitoring iterator */ c( "disable" /* Disable the iterator profile */, "measurement-type" ( /* Choice of the type of Y.1731(SLA measurement) frame to be sent */ ("two-way-delay" | "loss" | "slm" | "statistical-frame-loss") ), "flap-trap-monitor" arg /* Configurable timer value 1-360 */, "cycle-time" arg /* Time period of an iterator profile */, "iteration-period" arg /* Maximum services under this iterator profile */, "calculation-weight" ( /* Configure delay and delay variation calculation weight */ c( "delay" arg /* Weight used in delay calculation */, "delay-variation" arg /* Weight used in delay-variation calculation */ ) ), "avg-flr-forward-threshold" ( /* Avg forward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-flr-backward-threshold" ( /* Avg backward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fd-twoway-threshold" ( /* Avg frame delay threshold value */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fdv-twoway-threshold" ( /* Avg frame delay variance threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "measurement-interval" ( /* Measurement-interval to be used for this PM session (MEF 36 mode) */ ("2" | "5" | "15" | "30" | "60") ), "frame-delay" ( /* Bin configuration for frame delay */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "frame-delay-range" ( /* Bin configuration for frame delay range */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "ifdv" ( /* Bin configuration for IFDV */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "availability" ( /* Configuration of availabilty related parameters (MEF 36 mode) */ c( "num-consecutive-pdus" arg /* Number of consecutive LM/SLM PDUs to be used in availability measurement */, "flr-threshold" arg /* FLR threshold in milli-percent to be used for evaluating availability */, "num-consecutive-intervals" arg /* Number of consecutive availability indicators to detect change in availability */, "num-consecutive-highflr" arg /* Number of consecutive availability indicators to access CHLI */ ) ) ) ), "interface" arg ( /* Name of interface for the performance monitoring */ sc( "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */ ) ).as(:oneline), "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */, "colorless-loss-measurement" /* Enable colorless loss measurement in hardware */ ) ), "connection-protection" ( /* Configurations related to Carrier Ethernet Transport Mode */ c( "mark-connection-protection-tlv" /* Enable marking of Connection Protection TLV */, "uhp-label-lookup" /* Enable lookup for special UHP labels */ ) ), "no-aggregate-delegate-processing" /* Do not distribute aggregate session to pfe */, "enhanced-cfm-mode" /* Enables Enhanced CFM Mode */, "traceoptions" ( /* Trace options for connectivity fault management */ cfm_traceoptions /* Trace options for connectivity fault management */ ), "action-profile" arg ( /* Action profiles to use when one or more remote maintenance association endpoints are down */ c( "event" ( /* Events that need to be monitored */ c( "interface-status-tlv" ( /* Values that need to be monitored in interface status TLV */ ("down" | "lower-layer-down") ), "port-status-tlv" ( /* Values that need to be monitored in port status TLV */ ("blocked") ), "adjacency-loss" /* Connectivity is lost */, "rdi" /* RDI received from some MEP */, "connection-protection-tlv" ( /* Values that need to be monitored in connection protection TLV */ ("using-working-path" | "using-protection-path") ), "server-mep-defects" ( /* Defects which are monitored by Server MEP */ ("link-loss-defect" | "l2circuit-defect" | "l2vpn-defect") ), "ais-trigger-condition" ( /* Defect condition that generates alarm indication signal */ ("all-defects" | "adjacency-loss" | "cross-connect-ccm" | "erroneous-ccm" | "receive-ais") ) ) ), "action" ( c( "interface-down" /* Mark the interface as down */, "revertive-interface-down" /* Wait for CC loss-threshold to bring back the interface up */, "non-revertive-interface-down" /* Interface will not be brought up when CC is received */, "propagate-remote-mac-flush" /* Remote mac-flush */, "log-and-generate-ais" ( c( "level" arg /* Server maintenance domain levels range */, "interval" ( /* Interval between AIS messages */ ("1s" | "1m") ), "priority" arg /* 802.1p priority of AIS packet */ ) ) ) ), "clear-action" ( c( "interface-down" ( /* Mark the interface as down */ sc( "peer-interface" /* Mark the interface as down */ ) ).as(:oneline), "propagate-remote-mac-flush" /* Remote mac flush */ ) ), "default-actions" ( /* Action that needs to be taken */ c( "interface-down" /* Bring the interface down */ ) ) ) ), "server-mep" arg ( /* Server MEP to use when generation of AIS is required to monitor different services */ c( "protocol" ( /* Protocol that needs to be monitored by Server MEP */ c( c( "l2circuit" ( /* Protocol that need to be monitored is l2circuit protocol */ sc( "interface" ( /* Interface which is participating in l2circuit service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "l2vpn" ( /* Protocol that need to be monitored is l2vpn protocol */ sc( "interface" ( /* Interface which is participating in l2vpn service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "ethernet" ( /* Protocol that need to be monitored is physical ethernet service */ sc( "interface" ( /* Interface which is going to be monitored */ sc( interface_device /* Interface name */ ) ).as(:oneline) ) ).as(:oneline) ) ) ), "action-profile" ( /* Attached action profile for this Server MEP */ c( arg /* Name of the action profile */ ) ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for all sessions */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ), "linktrace" ( /* Linktrace protocol global options */ c( "path-database-size" arg /* Number of linktrace reply entries to be stored per linktrace request */, "age" ( /* Time after which a stale request-response entry is deleted */ ("10s" | "30s" | "1m" | "10m" | "30m") ) ) ), "maintenance-domain" ("default-0" | "default-1" | "default-2" | "default-3" | "default-4" | "default-5" | "default-6" | "default-7" | arg) ( /* Maintenance domain configuration */ c( "bridge-domain" arg ( /* Bridge-domain information for the default maintenance domain */ sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline), "vlan" arg /* VLAN information for the default maintenance domain */.as(:oneline), "virtual-switch" arg ( /* Virtual switch Bridge-domain information for the default maintenance domain */ c( "bridge-domain" arg ( sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline) ) ), "instance" arg /* VPLS instance name for the default maintenance domain */.as(:oneline), "interface" arg /* Name of interface for the default maintenance domain */.as(:oneline), "level" arg /* Level value for maintenance domain */, "name-format" ( /* Format of maintenance domain name */ ("none" | "dns" | "mac+2oct" | "character-string") ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit") ), "maintenance-association" arg ( /* Maintenance association configuration */ c( "debug-session" /* Debug the CFM session */, "short-name-format" ( /* Format of Maintenance Association Name */ ("2octet" | "rfc-2685-vpn-id" | "vlan" | "character-string" | "icc") ), "protect-maintenance-association" ( /* Maintenance association used for connection protection */ sc( arg, "aps-profile" arg /* Name of the automatic-protection-switching profile */, "detect-path-type" /* Enable detection of working and protect paths */ ) ).as(:oneline), "primary-vid" ( /* VLAN id */ ("none" | arg) ), "continuity-check" ( /* Continuity check configuration */ c( "interval" ( /* Interval between continuity-check messages */ ("10ms" | "100ms" | "1s" | "10s" | "1m" | "10m" | "3.3ms") ), "loss-threshold" arg /* Number of continuity-check messages lost before marking endpoint as down */, "hold-interval" arg /* Time before flushing MEP database if no updates occur */, "port-status-tlv" /* Include port status TLV in CCM */, "interface-status-tlv" /* Include interface status TLV in CCM */, "connection-protection-tlv" /* Include connection protection OUI TLV in CCM */, "convey-loss-threshold" /* Include Loss Threshold OUI TLV in CCM */, "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit" | "defer") ), "mep" arg ( /* Maintenance association endpoint configuration */ c( "interface" ( /* Name of interface */ sc( interface_unit, "vlan" arg /* Trunk port interface VLAN identifier */, c( "working" /* Monitory the primary path */, "protect" /* Monitory the protect path */ ) ) ).as(:oneline), "direction" ( /* Direction of maintenance endpoint */ ("up" | "down") ), "priority" arg /* 802.1p priority of continuity-check and link-trace packet */, "auto-discovery" /* Accept continuity-check messages from all remote MEPs */, "action-profile" arg /* Name of the action profile */, "remote-mep" arg ( /* Remote maintenance association endpoint configuration */ c( "action-profile" arg /* Name of the action profile */, "sla-iterator-profile" arg ( /* Name of the iterator profile */ c( "iteration-count" arg /* Iterations to partake for acquiring SLA measurements */, "priority" arg /* The vlan pcp value to be sent in the Y.1731 frame */, "data-tlv-size" arg /* Size of the data-tlv portion of Y.1731 frame */ ) ), "detect-loc" /* Detects initial loss of connectivity with remote mep */ ) ), "lowest-priority-defect" ( /* Lowest priority defect that is allowed to generate a fault alarm */ ("all-defects" | "mac-rem-err-xcon" | "rem-err-xcon" | "err-xcon" | "xcon" | "no-defect") ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for this session */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ) ) ) ) ), "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "evcs" arg ( /* Ethernet virtual circuits configuration */ c( "evc-protocol" ( /* Signaling protocol to monitor EVC status */ sc( c( "cfm" ( /* Connectivity fault management */ sc( "maintenance-domain" arg /* Maintenance domain name */, "maintenance-association" arg /* Maintenance association name */, "mep" arg /* Identifier for maintenance association endpoint */, "faults" ( /* CFM faults to trigger ELMI */ c( "rdi" /* RDI received from some MEP */ ) ) ) ).as(:oneline), "vpls" ( /* Virtual private LAN service (BGP/LDP) */ sc( "routing-instance" arg /* Routing instance name */ ) ).as(:oneline), "l2circuit" ( /* L2circuit */ c( "interface" ( /* Name of interface forming the Layer 2 circuit */ sc( interface_name ) ).as(:oneline) ) ), "l2vpn" ( /* L2vpn */ c( "interface" ( /* Name of interface forming the Layer 2 VPN */ sc( interface_name ) ).as(:oneline) ) ) ) ) ).as(:oneline), "remote-uni-count" arg /* Number of remote UNIs in the EVC */, "async-status-msg-transmit-interval" arg /* Time interval between E-LMI async status messages per EVC */, "multipoint-to-multipoint" /* Multipoint to Multipoint EVC */ ) ), "lmi" ( /* Ethernet local management interface configuration */ c( "traceoptions" ( /* Trace options for ethernet local management interface */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "init" | "error" | "packet" | "all")) /* Tracing parameters */.as(:oneline) ) ), "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "interface" arg ( /* Interface options */ c( "uni-id" arg /* UNI identifier */, "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "evc-map-type" ( /* CE-VLAN ID/EVC map type */ ("all-to-one-bundling" | "service-multiplexing" | "bundling") ), "evc" arg ( /* EVC configuration */ c( "default-evc" /* Default EVC */, "vlan-list" arg /* Vlans mapped to this EVC */ ) ) ) ) ) ), "fnp" ( /* Failure notification protocol configuration */ c( "traceoptions" ( /* Tracing options for FNP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("events" | "pdu" | "timers" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interval" ( /* Interval between FNP messages */ ("100ms" | "1s" | "10s" | "1m" | "10m") ), "loss-threshold" arg /* Number of FNP messages lost before clearing FNP state */, "interface" arg ( /* Interface configuration */ c( "domain-id" arg /* Ethernet domain identifier */ ) ) ) ) ) ), "gre-tunnel" ( c( "traceoptions" ( /* Trace options for GRE keepalives */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" arg ( c( "keepalive-time" arg /* Keepalive time */, "hold-time" arg /* Hold time */ ) ) ) ) ) ), "ancp" ( /* Access Node Control Protocol options */ juniper_protocols_ancp /* Access Node Control Protocol options */ ), "ptp" ( /* Precision Time Protocol v2 options */ c( "clock-mode" ( /* Clock mode */ ("ordinary" | "boundary") ), "profile-type" ( /* PTP profile type */ ("g.8275.1" | "g.8275.1.enh" | "enterprise-profile") ), "e2e-transparent" /* Enable end-to-end IEEE1588 transparent clock functionality */, "priority1" arg /* Used in selecting best master clock */, "priority2" arg /* Tie-breaker in selecting best master clock */, "local-priority" arg /* Priority assigned to the local clock */, "domain" arg /* PTP domain number */, "path-trace" /* Enable path tracing */, "unicast-negotiation" /* Enable unicast negotiation */, "phy-timestamping" /* PHY time-stamping feature */, "ipv4-dscp" arg /* IPv4 dscp value to be used for PTP packets */, "performance-monitor" ( /* PTP packet delay metrics */ c( "threshold" ( /* Configure delay and jitter thresholds */ c( "min-outbound-delay" arg /* Configure minimum outbound delay */, "max-outbound-delay" arg /* Configure maximum outbound delay */, "min-inbound-delay" arg /* Configure minimum inbound delay */, "max-inbound-delay" arg /* Configure maximum inbound delay */, "max-inbound-jitter-neg" arg /* Configure max inbound negetive jitter */, "max-inbound-jitter-pos" arg /* Configure max inbound positive jitter */, "max-outbound-jitter-neg" arg /* Configure max outbound negetive jitter */, "max-outbound-jitter-pos" arg /* Configure max outbound positive jitter */ ) ) ) ), "utc-leap-seconds" arg /* UTC leap seconds offset */, "slave" ( /* PTP Slave parameters */ c( "frequency-only" /* Only for frequency syntonization */, "delay-request" arg /* Log mean interval between delay requests */, "announce-timeout" arg /* Timeout period for announce messages */, "announce-interval" arg /* Log mean interval between announce messages */, "sync-interval" arg /* Requested log mean interval between sync messages */, "grant-duration" arg /* Length of grants in seconds requested during unicast-negotiation */, "convert-clock-class-to-quality-level" /* Enable PTP clock class to ESMC quality level mapping */, "clock-class-to-quality-level-mapping" ( /* PTP clock class to ESMC quality level mapping */ c( "quality-level" enum(("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu")) ( c( "clock-class" arg /* PTP clock class threshold value */ ) ) ) ), "interface" arg ( /* Interface on which to respond to upstream PTP master */ c( "unicast-mode" ( /* Configure upstream unicast PTP master clock sources */ c( "transport" ( /* Encapsulation for PTP packet transport */ ("ipv4" | "ipv6") ), "local-priority" arg /* Priority assigned to the port */, "clock-source" ( /* Configure PTP master parameters */ s( arg, "local-ip-address" arg /* Must be IP address on local interface */, c( "asymmetry" arg /* Adjust the slave-to-master delay by value specified in nanoseconds */ ) ) ) ) ), "multicast-mode" ( /* Configure PTP slave clock to use multicast frames */ c( "transport" ( /* Encapsulation for PTP packet transport */ c( c( "ieee-802.3" ( /* PTP over 802.3 frames */ sc( "link-local" /* Use link local 802.3 MAC address */ ) ).as(:oneline), "ipv4" /* Use IP as transport */.as(:oneline) ) ) ), "local-priority" arg /* Priority assigned to the port */, "asymmetry" arg /* Adjust the slave-to-master delay by value specified in nanoseconds */, "local-ip-address" ( /* IP address on local interface */ ipv4addr /* IP address on local interface */ ) ) ), "primary" arg /* Primary AE Child Interface name */, "secondary" arg /* Secondary AE Child Interface name */ ) ), "hybrid" ( /* Hybrid mode configuration options */ c( "periodic-alignment" ( /* PTP hybrid periodic phase re-alignment */ ("enable" | "disable") ), "re-alignment-threshold" arg, "synchronous-ethernet-mapping" ( /* PTP source to synchronous ethernet interface mapping */ c( "clock-source" arg ( /* PTP source being mapped */ c( "interface" (arg) /* Synchonous ethernet interface name */ ) ) ) ) ) ) ) ), "master" ( /* PTP Master parameters */ c( "announce-interval" arg /* Log mean interval between announce messages */, "sync-interval" arg /* Log mean interval between sync messages */, "min-announce-interval" arg /* Min log mean interval between announce messages */, "max-announce-interval" arg /* Max log mean interval between announce messages */, "min-sync-interval" arg /* Min log mean interval between sync messages */, "max-sync-interval" arg /* Max log mean interval between sync messages */, "min-delay-response-interval" arg /* Min log mean interval between delay-resp messages */, "max-delay-response-interval" arg /* Max log mean interval between delay-resp messages */, "clock-step" ( /* Type of clock step */ ("one-step" | "two-step") ), "interface" arg ( /* Interface on which to respond to downstream PTP slaves */ c( "unicast-mode" ( /* Configure downstream PTP clock slaves */ c( "transport" ( /* Encapsulation for PTP packet transport */ ("ipv4" | "ipv6") ), "clock-client" ( /* Configure PTP master parameters */ s( arg, "local-ip-address" arg /* IP address of local PTP master interface */, c( "manual" /* This slave does not use unicast negotiation */ ) ) ) ) ), "multicast-mode" ( /* Configure PTP master clock to use multicast frames */ c( "transport" ( /* Encapsulation for PTP packet transport */ c( c( "ieee-802.3" ( /* PTP over 802.3 frames */ sc( "link-local" /* Use link local 802.3 MAC address */ ) ).as(:oneline), "ipv4" /* Use IP as transport */.as(:oneline) ) ) ), "local-priority" arg /* Priority assigned to the port */, "local-ip-address" ( /* IP address on local interface */ ipv4addr /* IP address on local interface */ ) ) ), "primary" arg /* Primary AE Child Interface name */, "secondary" arg /* Secondary AE Child Interface name */ ) ) ) ), "stateful" ( /* PTP stateful parameters */ c( "interface" arg ( /* Interfaces which will set to PTP stateful role */ c( "multicast-mode" ( /* Configure PTP stateful clock to use multicast frames */ c( "transport" ( /* Encapsulation for PTP packet transport */ c( c( "ieee-802.3" ( /* PTP over 802.3 frames */ sc( "link-local" /* Use link local 802.3 MAC address */ ) ).as(:oneline) ) ) ), "local-priority" arg /* Priority assigned to the port */, "asymmetry" arg /* Adjust the slave-to-master delay by value specified in nanoseconds */ ) ) ) ) ) ) ) ), "clock-synchronization" ( /* Configuring parameters common to SyncE and PTP */ c( "traceoptions" ( /* Configure trace information for PTP and synce */ clksync_traceoptions /* Configure trace information for PTP and synce */ ) ) ), "dot1x" ( /* 802.1X options */ juniper_protocols_dot1x /* 802.1X options */ ), "ppp-service" ( /* Configure PPP service */ c( "traceoptions" ( /* Trace options for PPP service */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("accounting-statistics" | "authentication" | "chap" | "events" | "gres" | "init" | "interface-db" | "lcp" | "memory" | "ncp" | "packet-error" | "pap" | "parse" | "profile" | "receive-packets" | "routing-process" | "rtp" | "rtsock" | "session-db" | "smi-services-sentry" | "states" | "transmit-packets" | "tunnel" | "all")) /* Area of PPP service to enable debugging output */.as(:oneline), "filter" ( /* Trace filtering */ c( "aci" arg /* Regular expression to match ACI */, "ari" arg /* Regular expression to match ARI */, "service-name" arg /* Service name */, "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | arg) ), "user" ( /* Filter by user name */ c( arg ) ) ) ) ) ), "on-demand-ip-address" /* Enable On-Demand IPv4 address allocation and de-allocation */, "reject-unauthorized-ipv6cp" /* Reject IPv6 NCP if no appropriate IPv6 address or prefix is authorized */, "pppoe-lcp-options-strict" /* Enforce RFC 2516 MUST requirements for FCS, ACFC and ACCM */ ) ), "l2-learning" ( /* Layer 2 forwarding configuration */ juniper_protocols_bridge /* Layer 2 forwarding configuration */ ), "dcbx" ( c( "disable", "interface" ("all" | arg) ( c( "disable", "application-map" arg, "applications" ( c( "no-auto-negotiation" ) ), "enhanced-transmission-selection" ( c( "no-auto-negotiation", "no-recommendation-tlv", "recommendation-tlv" ( c( "no-auto-negotiation" ) ) ) ), "dcbx-version" ("auto-negotiate" | "ieee-dcbx" | "dcbx-version-1.01"), "priority-flow-control" ( c( "no-auto-negotiation" ) ) ) ) ) ), "lldp" ( /* Link Layer Detection Protocol */ c( ("disable"), "traceoptions" ( /* Trace options for LLDP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("all" | "configuration" | "rtsock" | "packet" | "protocol" | "interface" | "vlan" | "snmp")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "management-address" ( /* LLDP management address */ ipaddr /* LLDP management address */ ), "advertisement-interval" arg /* Transmit interval for LLDP messages */, "transmit-delay" arg /* Transmit delay time interval for LLDP messages */, "hold-multiplier" arg /* Hold timer interval for LLDP messages */, "ptopo-configuration-trap-interval" arg /* Interval for physical topology configuration change trap */, "ptopo-configuration-maximum-hold-time" arg /* Hold time for physical topology connection entries */, "lldp-configuration-notification-interval" arg /* Time interval for LLDP notification */, "port-id-subtype" ( /* Sub-type to be used for Port ID TLV generation */ ("locally-assigned" | "interface-name") ), "port-description-type" ( /* The Interfaces Group MIB object to be used for Port Description TLV generation */ ("interface-alias" | "interface-description") ), "neighbour-port-info-display" ( /* Show lldp neighbors to display port-id or port-description */ ("port-id" | "port-description") ), "mau-type" /* Populate mau-type in lldp PDU */, "interface" (arg | "all") ( /* Interface configuration */ c( ("disable"), "power-negotiation" ( /* LLDP power negotiation */ c( ("disable") ) ) ) ) ) ), "lldp-med" ( /* LLDP Media Endpoint Discovery */ c( "fast-start" arg /* Discovery count for MED */, "interface" (arg | "all") ( /* Interface configuration */ c( ("disable"), "location" ( c( c( "civic-based" ( /* Postal address */ civic_address_elements /* Postal address */ ), "elin" arg /* Emergency line identification (ELIN) string */, "co-ordinate" ( /* Address based on longitude and latitude coordinates */ co_ordinate_elements /* Address based on longitude and latitude coordinates */ ) ) ) ) ) ), "disable" ) ), "igmp-snooping" ( /* IGMP snooping configuration */ juniper_default_ri_protocols_igmp_snooping /* IGMP snooping configuration */ ), "mld-snooping" ( /* MLD snooping configuration */ juniper_default_ri_protocols_mld_snooping /* MLD snooping configuration */ ), "pcep" ( /* Path computation client configuration */ c( "message-rate-limit" arg /* Messages per minute rate that path computation client will handle at maximum. 0 - disabled */, "update-rate-limit" arg /* Updates per minute rate that path computation client will handle at maximum. 0 - disabled */, "max-provisioned-lsps" arg /* Defines max count of externally provisioned LSPs over all conected PCEs (default: 16000) */, "pce-group" arg ( /* PCE group definition */ c( "pce-type" ( /* Type of the PCE (e.g. stateful or stateless) */ sc( "active" /* The PCE can modify delegated LSPs */, c( "stateful" /* The PCE is stateful */ ) ) ).as(:oneline), "lsp-provisioning" /* The PCE is capable of provisioning LSPs */, "p2mp-lsp-report-capability" /* The PCE is capable of reporting P2MP LSPs */, "lsp-cleanup-timer" arg /* LSP cleanup time (default: 0) */, "spring-capability" /* PCE is capable of supporting SPRING based provisioning */, "max-sid-depth" arg /* Max SID Depth (default: 5) */, "lsp-retry-delegation" /* Retry LSP delegation process is enabled */, "lsp-retry-delegation-timer" arg /* LSP retry delegation timer in case delegation failure or re-delegate (default: 3600) */, "request-timer" arg /* The amount of time path computation client waits for a reply before resending its requests */, "max-unknown-requests" arg /* Max unknown requests per minute after which the connection will be closed. 0 - disabled */, "max-unknown-messages" arg /* Max unknown messages per minute after which the connection will be closed. 0 - disabled */, "traceoptions" ( /* Path Computation Element Protocol trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("pcep" | "all")) /* Area of Path Computation Client Daemon to enable debugging output */.as(:oneline) ) ), "delegation-cleanup-timeout" arg /* Return control of LSPs or Re-delegation time after PCEP session disconnect (default: 30) */ ) ), "pce" arg ( /* Per PCE configuration */ c( "local-address" ( /* Address of local end of PCEP session */ ipv4addr /* Address of local end of PCEP session */ ), "destination-ipv4-address" ( /* IPV4 Address of PCE */ ipv4addr /* IPV4 Address of PCE */ ), "destination-port" arg /* Destination TCP port PCE is listening on */, "delegation-priority" arg /* This PCE's priority among configured stateful PCEs in one pce-group */, "request-priority" arg /* This PCE's priority among configured stateless PCEs in one pce-group */, "pce-group" arg /* Assign this PCE to defined pce group. PCE will inherit default values from the pce-group */, "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5") ), "authentication-key-chain" arg /* Key chain name */, "pce-type" ( /* Type of the PCE (e.g. stateful or stateless) */ sc( "active" /* The PCE can modify delegated LSPs */, c( "stateful" /* The PCE is stateful */ ) ) ).as(:oneline), "lsp-provisioning" /* The PCE is capable of provisioning LSPs */, "p2mp-lsp-report-capability" /* The PCE is capable of reporting P2MP LSPs */, "lsp-cleanup-timer" arg /* LSP cleanup time (default: 0) */, "spring-capability" /* PCE is capable of supporting SPRING based provisioning */, "max-sid-depth" arg /* Max SID Depth (default: 5) */, "lsp-retry-delegation" /* Retry LSP delegation process is enabled */, "lsp-retry-delegation-timer" arg /* LSP retry delegation timer in case delegation failure or re-delegate (default: 3600) */, "request-timer" arg /* The amount of time path computation client waits for a reply before resending its requests */, "max-unknown-requests" arg /* Max unknown requests per minute after which the connection will be closed. 0 - disabled */, "max-unknown-messages" arg /* Max unknown messages per minute after which the connection will be closed. 0 - disabled */, "traceoptions" ( /* Path Computation Element Protocol trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("pcep" | "all")) /* Area of Path Computation Client Daemon to enable debugging output */.as(:oneline) ) ), "delegation-cleanup-timeout" arg /* Return control of LSPs or Re-delegation time after PCEP session disconnect (default: 30) */ ) ), "traceoptions" ( /* Path Computation Client Daemon trace options */ pccd_traceoptions_type /* Path Computation Client Daemon trace options */ ) ) ), "ppp" ( /* Configure PPP process */ c( "traceoptions" ( /* PPP trace options */ ppp_traceoptions_type /* PPP trace options */ ), "monitor-session" ( /* Monitor packet exchange for PPP session */ s( ("all" | arg) ) ) ) ), "pppoe" ( /* Configure PPPoE process */ c( "traceoptions" ( /* PPPoE trace options */ pppoe_traceoptions_type /* PPPoE trace options */ ), "pado-advertise" /* Enable PADO advertising of PPPoE Service-Names */, "service-name-tables" arg ( /* PPPoE Service Name Tables */ c( "empty-service" ( /* Empty Service configuration */ c( c( "terminate" /* Service Action Terminate */, "drop" /* Service Action Drop */, "delay" arg /* Service Action Delay */ ) ) ), "service" arg ( /* One or more named PPPoE services */ c( c( "terminate" /* Service Action Terminate */, "drop" /* Service Action Drop */, "delay" arg /* Service Action Delay */ ), "dynamic-profile" arg /* Attach dynamic-profile to entry */, "routing-instance" arg /* Attach routing-instance to entry */, "max-sessions" arg /* Maximum sessions associated with Service */, "agent-specifier" ( /* One or more ACI/ARI entries */ s( "aci" arg /* Agent Circuit ID */, "ari" arg /* Agent Remote ID */, c( c( "terminate" /* Service Action Terminate */, "drop" /* Service Action Drop */, "delay" arg /* Service Action Delay */ ), "dynamic-profile" arg /* Attach dynamic-profile to entry */, "routing-instance" arg /* Attach routing-instance to entry */, "static-interface" ( /* Attach static-interface to entry */ interface_unit /* Attach static-interface to entry */ ) ) ) ) ) ) ) ) ) ), "r2cp" ( /* Radio-to-Router Control Protocol configuration */ c( ("disable"), "traceoptions" ( /* R2CP trace options */ r2cp_traceoptions_type /* R2CP trace options */ ), "server-port" arg /* R2CP server port number */, "client-port" ( /* R2CP client port number */ sc( c( arg, c( "any" /* Accept R2CP messages sent on any port */ ) ) ) ).as(:oneline), "node-terminate-count" arg /* Node Term retransmit count */, "node-terminate-interval" arg /* Node Terminate interval */, "session-terminate-count" arg /* Session Term retransmit count */, "session-terminate-interval" arg /* Session Term interval */, "radio" arg ( c( "interface" ( /* Interface listening for R2CP messages */ interface_unit /* Interface listening for R2CP messages */ ), "down-count" arg /* Number of missed keepalives before radio is assumed 'down' */, "virtual-channel-group" arg /* Virtual channel group name */, "radio-interface" arg ) ) ) ), "sflow" ( /* SFLOW protocol */ c( "traceoptions" ( /* Trace options for SFLOW */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("configuration" | "rtsock" | "interface" | "client-server" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "agent-id" ( /* Sflow agent id configuration */ sc( ipv4addr /* Sflow agent ipv4 address */, "inet6" ( /* Sflow agent ipv6 address */ ipv6addr /* Sflow agent ipv6 address */ ) ) ).as(:oneline), "polling-interval" arg /* Interval between port statistics */, "adaptive-sample-rate" arg /* Trigger adaptive sampling */, "inline-sampling" /* Enable inline sampling of packets */, "sample-rate" ( /* Sampling rate */ c( "ingress" arg /* Ingress direction */, "egress" arg /* Egress direction */ ) ), "source-ip" ( /* Sflow agent id configuration */ sc( ipv4addr /* Sflow datagram source ipv4 address */, "inet6" ( /* Sflow datagram source ipv6 address */ ipv6addr /* Sflow datagram source ipv6 address */ ) ) ).as(:oneline), "collector" arg ( /* SFLOW collector configuration */ c( "udp-port" arg /* Collector UDP port */ ) ), "interfaces" arg ( /* Enable SFLOW on this interface */ c( "polling-interval" arg /* Interval between port statistics */, "sample-rate" ( /* Sampling rate */ c( "ingress" arg /* Ingress direction */, "egress" arg /* Egress direction */ ) ) ) ), "disable-sw-rate-limiter" /* Disable sw rate limiter */ ) ), "layer2-control" ( /* Global options for layer 2 protocols */ juniper_protocols_l2control /* Global options for layer 2 protocols */ ), "rstp" ( /* Rapid Spanning Tree Protocol options */ juniper_protocols_stp /* Rapid Spanning Tree Protocol options */ ), "mstp" ( /* Multiple Spanning Tree Protocol options */ juniper_protocols_mstp /* Multiple Spanning Tree Protocol options */ ), "vstp" ( /* VLAN Spanning Tree Protocol options */ juniper_protocols_vstp /* VLAN Spanning Tree Protocol options */ ), "loop-detect" ( /* Layer2 Loop Detect on interface with non-IP L2 Multicast mac as destination mac */ c( "interface" (arg | "all-extended-ports") ( /* Interface name to block Loop Detect PDUs on */ c( "disable" /* Disable loop detect feature on a port */ ) ), "destination-mac" ( /* Destination non-IP L2 multicast mac to be used for transmitting Loop Detect PDUs */ mac_multicast /* Destination non-IP L2 multicast mac to be used for transmitting Loop Detect PDUs */ ), "transmit-interval" arg /* Loop Detect PDU TX interval in sec */ ) ), "protection-group" ( /* Protection group */ juniper_protocols_protection_group /* Protection group */ ), "mvrp" ( /* MVRP configuration */ juniper_protocols_mvrp /* MVRP configuration */ ) ) end rule(:bandwidth_type) do c( arg /* Bandwidth to reserve */, "ct0" arg /* Bandwidth from traffic class 0 */, "ct1" arg /* Bandwidth from traffic class 1 */, "ct2" arg /* Bandwidth from traffic class 2 */, "ct3" arg /* Bandwidth from traffic class 3 */ ) end rule(:civic_address_elements) do c( "what" arg /* Type of address */, "country-code" arg /* Two-letter country code */, "ca-type" arg ( c( "ca-value" arg /* Address element value */ ) ) ) end rule(:clksync_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("init" | "routing-socket" | "synchronization" | "ptp" | "protocol" | "configuration" | "debug" | "ppm" | "error" | "hybrid" | "framer" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:co_ordinate_elements) do c( "longitude" arg /* Longitude vlaue */, "lattitude" arg /* Lattitude vlaue */ ) end rule(:juniper_default_ri_protocols_igmp_snooping) do c( "vlan" ("all" | arg) ( /* VLAN options */ c( "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "route" | "normal" | "general" | "state" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interface */, "host-only-interface" /* Enable interface to be treated as host-side interface */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interface */, "host-only-interface" /* Enable interface to be treated as host-side interface */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) ), "disable" ) ), "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) end rule(:juniper_default_ri_protocols_mld_snooping) do c( "vlan" ("all" | arg) ( /* VLAN options */ c( "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) ) ) ), "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) end rule(:juniper_ospf_authentication) do c( c( "simple-password" ( /* Authentication key */ unreadable /* Authentication key */ ), "md5" arg ( /* MD5 authentication key */ sc( "key" ( /* MD5 authentication key value */ unreadable /* MD5 authentication key value */ ), "start-time" ( /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ time /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ ) ) ).as(:oneline) ) ) end rule(:juniper_protocols_amt) do c( "traceoptions" ( /* Trace options for AMT */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "errors" | "tunnels" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "relay" ( /* AMT relay */ juniper_protocols_amt_relay /* AMT relay */ ) ) end rule(:juniper_protocols_amt_relay) do c( "family" ( /* Protocol family */ c( "inet" ( c( "anycast-prefix" ( /* IPv4 anycast prefix */ ipv4prefix /* IPv4 anycast prefix */ ), "local-address" ( /* IPv4 local address */ ipv4addr /* IPv4 local address */ ) ) ) ) ), "secret-key-timeout" arg /* Time interval for the secret key to expire */, "tunnel-limit" arg /* Number of AMT tunnels */, "unicast-stream-limit" arg /* Maximum number of AMT unicast streams(s,g,intf) */, "accounting" /* Enable AMT accounting */, "tunnel-devices" ( /* Tunnel devices to be used for creating ud interfaces */ interface_device /* Tunnel devices to be used for creating ud interfaces */ ) ) end rule(:juniper_protocols_ancp) do c( "traceoptions" ( /* Trace options for ANCP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "cos" | "routing-socket" | "packet" | "protocol" | "process" | "startup" | "session" | "general" | "restart" | "subscriber" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "qos-adjust" ( /* Enable QoS adjust for interfaces and interface-sets */ c( "sdsl-bytes" arg /* Set SDSL byte adjust value */, "sdsl-overhead-adjust" arg /* Set SDSL overhead adjusted */, "vdsl-bytes" arg /* Set VDSL byte adjust value */, "vdsl-overhead-adjust" arg /* Set VDSL overhead adjusted */, "vdsl2-bytes" arg /* Set VDSL2 byte adjust value */, "vdsl2-overhead-adjust" arg /* Set VDSL2 overhead adjusted */, "adsl-bytes" arg /* Set ADSL byte adjust value */, "adsl2-bytes" arg /* Set ADSL2 byte adjust value */, "adsl2-plus-bytes" arg /* Set ADSL-PLUS byte adjust value */, "other-bytes" arg /* Set OTHER byte adjust value */, "other-overhead-adjust" arg /* Set OTHER overhead adjusted */ ) ), "pre-ietf-mode" /* Enable backward compatibility mode */, "maximum-discovery-table-entries" arg /* Maximum number of discovery table entries per neighbor */, "adjacency-timer" arg /* Set adjacency timer in seconds */, "maximum-helper-restart-time" arg /* Set maximum helper restart timer */, "qos-adjust-adsl" arg /* Set ADSL QoS adjustment factor */, "qos-adjust-adsl2" arg /* Set ADSL2 QoS adjustment factor */, "qos-adjust-adsl2-plus" arg /* Set ADSL2+ QoS adjustment factor */, "qos-adjust-vdsl" arg /* Set VDSL QoS adjustment factor */, "qos-adjust-vdsl2" arg /* Set VDSL2 QoS adjustment factor */, "qos-adjust-sdsl" arg /* Set SDSL QoS adjustment factor */, "qos-adjust-other" arg /* Set OTHER QoS adjustment factor */, "gsmp-syn-wait" /* Enable partition ID learning */, "gsmp-syn-timeout" arg /* Set partition ID learning timeout */, "adjacency-loss-hold-time" arg /* Audit duration upon adjacency loss */, "interfaces" ( /* ANCP interface config options */ c( "interface-set" arg ( /* ANCP interface-set specific options */ c( "access-identifier" arg /* Subscriber specific access identifier information */, "neighbor" ( /* Neighbor IP address */ ipaddr /* Neighbor IP address */ ) ) ), ancp_interfaces_type ) ), "neighbor" arg ( /* ANCP neighbor config options */ c( "discovery-mode" /* Enable topology discovery */, c( "pre-ietf-mode" /* Enable backward compatibility mode */, "ietf-mode" /* Enable IETF mode */ ), "adjacency-timer" arg /* Set adjacency timer in seconds */, "maximum-discovery-table-entries" arg /* Maximum number of discovery table entries */, "auto-configure-trigger" ( /* Auto-configure trigger support */ c( "interface" ( interface_device ) ) ), "adjacency-loss-hold-time" arg /* Audit duration upon adjacency loss */ ) ) ) end rule(:ancp_interfaces_type) do arg.as(:arg) ( c( "access-identifier" arg /* Subscriber specific access identifier information */, "neighbor" ( /* Neighbor IP address */ ipaddr /* Neighbor IP address */ ), "overhead-accounting" /* Enable overhead accounting on per ACI basis */ ) ) end rule(:juniper_protocols_bd) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "vpws-service-id" ( /* Service-id for EVPN VPWS routing instance */ c( "local" arg /* Local EVPN VPWS service id */, "remote" arg /* Remote EVPN VPWS service id */ ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "remote-site-id" arg /* Site identifier associated with this interface */, "target-attachment-identifier" arg /* FEC 129 VPWS target attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to push Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this interface */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "description" arg /* Text description */ ) ), "traceoptions" ( /* Trace options for this bridge domain */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "routing-socket" | "interface-device" | "interface-logical" | "interface-family" | "learning-domain" | "ipc" | "mac-learning" | "initialization" | "flood-next-hop" | "storm-control" | "unknown-unicast-forwarding" | "all")) /* Type of operation or event to include in trace */.as(:oneline) ) ) ) end rule(:juniper_protocols_bgp) do c( ("disable"), "precision-timers" /* Use precision timers for scheduling keepalives */, "no-precision-timers" /* Don't use precision timers for scheduling keepalives */, "path-selection" ( /* Configure path selection strategy */ c( "cisco-non-deterministic" /* Use Cisco IOS nondeterministic path selection algorithm */, "always-compare-med" /* Always compare MED values, regardless of neighbor AS */, "med-plus-igp" ( /* Add IGP cost to next-hop to MED before comparing MED values */ c( "med-multiplier" arg /* Multiplier for MED */, "igp-multiplier" arg /* Multiplier for IGP cost to next-hop */ ) ), "external-router-id" /* Compare router ID on BGP externals */, "as-path-ignore" /* Ignore AS path comparison during path selection */, "l2vpn-use-bgp-rules" /* Use standard BGP rules during L2VPN path selection */ ) ), "snmp-options" ( /* Customize SNMP behaviors specifically for BGP MIBs */ c( "backward-traps-only-from-established" /* Limit traps for backward transitions to only those moving from Established state. */ ) ), "advertise-from-main-vpn-tables" /* Advertise VPN routes from bgp.Xvpn.0 tables in master instance */, "stale-labels-holddown-period" arg /* Duration (sec) MPLS labels allocated by BGP are kept after they go stale */, "holddown-all-stale-labels" /* Hold all BGP stale-labels, facilating make-before-break for new label advertisements */, "egress-te-backup-paths" ( /* Backup-path for Egress-TE peer interface failure */ c( "template" arg ( /* Backup-path template */ c( "peer" arg /* Egress peer TE backup exit path */, "remote-nexthop" ( /* Resolve and use tunnel to this next-hop as backup path */ c( ipaddr /* Address of remote-nexthop to use as backup path */ ) ), "ip-forward" ( /* Use IP-forward backup path for Egress TE */ c( arg /* Routing-instance to use as IP forward backup-path */ ) ) ) ) ) ), "traceoptions" ( /* Trace options for BGP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("damping" | "packets" | "open" | "update" | "keepalive" | "refresh" | "nsr-synchronization" | "bfd" | "4byte-as" | "add-path" | "graceful-restart" | "egress-te" | "thread-io" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ bgp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "description" arg /* Text description */, "metric-out" ( /* Route metric sent in MED */ sc( c( arg, "minimum-igp" ( /* Track the minimum IGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "igp" ( /* Track the IGP metric */ sc( arg /* Metric offset for MED */, "delay-med-update" /* Delay updating MED when IGP metric increases */ ) ).as(:oneline) ) ) ).as(:oneline), "multihop" ( /* Configure an EBGP multihop session */ c( "ttl" arg /* TTL value for the session */, "no-nexthop-change" /* Do not change next hop to self in advertisements */ ) ), "accept-remote-nexthop" /* Allow import policy to specify a non-directly connected next-hop */, "preference" arg /* Preference value */, "local-preference" arg /* Value of LOCAL_PREF path attribute */, "local-address" ( /* Address of local end of BGP session */ ipaddr /* Address of local end of BGP session */ ), "local-interface" ( /* Local interface for IPv6 link local EBGP peering */ interface_name /* Local interface for IPv6 link local EBGP peering */ ), "forwarding-context" arg /* Routing-instance used for data-forwarding and transport-session */, "hold-time" arg /* Hold time used when negotiating with a peer */, "passive" /* Do not send open messages to a peer */, "advertise-inactive" /* Advertise inactive routes */, "advertise-peer-as" /* Advertise routes received from the same autonomous system */, "no-advertise-peer-as" /* Don't advertise routes received from the same autonomous system */, "advertise-external" ( /* Advertise best external routes */ sc( "conditional" /* Route matches active route upto med-comparison rule */ ) ).as(:oneline), "keep" ( /* How to retain routes in the routing table */ ("all" | "none") ), "rfc6514-compliant-safi129" /* Compliant with RFC6514 SAFI129 format */, "no-aggregator-id" /* Set router ID in aggregator path attribute to 0 */, "mtu-discovery" /* Enable TCP path MTU discovery */, "enforce-first-as" /* Enforce first AS in AS-path is the neighbor's AS */, "out-delay" arg /* How long before exporting routes from routing table */, "ttl" ( /* TTL value for the single-hop peer */ ("1" | "255") ), "log-updown" /* Log a message for peer state transitions */, "damping" /* Enable route flap damping */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "nlri" ( /* NLRI type to include in updates */ ("unicast" | "multicast" | "any") ), "bgp-error-tolerance" ( /* Handle BGP malformed updates softly */ c( "malformed-update-log-interval" arg /* Time used when logging malformed update */, c( "malformed-route-limit" arg /* Maximum number of malformed routes from a peer */, "no-malformed-route-limit" /* No malformed route limit */ ) ) ), "family" ( /* Protocol family for NLRIs in updates */ c( "inet" ( /* IPv4 NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ), "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_labeled /* Include labeled unicast NLRI */ ) ) ), "inet-vpn" ( /* IPv4 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "inet6" ( /* IPv6 NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ), "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_inet6_labeled /* Include labeled unicast NLRI */ ) ) ), "inet6-vpn" ( /* IPv6 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "iso-vpn" ( /* ISO Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ) ) ), "l2vpn" ( /* MPLS-based Layer 2 VPN and VPLS NLRI parameters */ c( "auto-discovery-only" ( /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ bgp_afi_default /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ ), "auto-discovery-mspw" ( /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ bgp_afi_default /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ ), "signaling" ( /* Include Layer 2 VPN and VPLS signaling NLRI */ bgp_afi_l2vpn /* Include Layer 2 VPN and VPLS signaling NLRI */ ) ) ), "evpn" ( /* EVPN NLRI parameters */ c( "signaling" ( /* Include EVPN signaling NLRI */ bgp_afi_default /* Include EVPN signaling NLRI */ ) ) ), "inet-mvpn" ( /* IPv4 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv4 multicast VPN signaling NLRI */ ) ) ), "inet6-mvpn" ( /* IPv6 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv6 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv6 multicast VPN signaling NLRI */ ) ) ), "inet-mdt" ( /* IPv4 Multicast Distribution Tree (MDT) NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN auto-discovery NLRI */ bgp_afi_default /* Include IPv4 multicast VPN auto-discovery NLRI */ ) ) ), "traffic-engineering" ( /* Traffic Engineering (BGP-TE) NLRI parameters */ c( "unicast" ( /* Include BGP-TE NLRI */ bgp_afi_default /* Include BGP-TE NLRI */ ) ) ), "route-target" ( /* Route target NLRI used for VPN route filtering */ c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "proxy-generate" ( /* Generate route target NLRI for peers that don't support it */ c( "route-target-policy" ( /* Limit VPN routes that are used to generate proxy route-target filters */ policy_algebra /* Limit VPN routes that are used to generate proxy route-target filters */ ) ) ), "external-paths" arg /* Number of external paths accepted for route filtering */, "advertise-default" /* Advertise default and suppress more specific routes */, "damping" /* Enable route flap damping */, "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) ), "bridge-vpn" ( /* Bridge VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "fabric-vpn" ( /* Fabric VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ) ) ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96") ), "authentication-key-chain" arg /* Key chain name */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "vpn-apply-export" /* Apply BGP export policy when exporting VPN routes */, "egress-te" ( /* Use Egress Peering traffic engineering */ c( "backup-path" arg /* The 'egress-te-backup-paths template' to use for this peer */ ) ), "remove-private" ( /* Remove well-known private AS numbers */ c( "all" ( /* Remove all private AS numbers and do not stop at the first public AS number */ sc( "replace" ( /* Replace private AS numbers with the BGP Group's local AS number */ sc( "nearest" /* Use closest public AS number to replace a private AS number */ ) ).as(:oneline) ) ).as(:oneline), "no-peer-loop-check" /* Remove peer loop-check */ ) ), "cluster" ( /* Cluster identifier */ areaid /* Cluster identifier */ ), "no-client-reflect" /* Disable intracluster route redistribution */, "peer-as" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "local-as" ( /* Local autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "private" /* Hide this local AS in paths learned from this peering */, "alias" /* Treat this AS as an alias to the system AS */, "no-prepend-global-as" /* Do not prepend global autonomous-system number in advertised paths */ ) ).as(:oneline), "ipsec-sa" arg /* IPSec SA name */, "unconfigured-peer-graceful-restart" /* BGP unconfigured peer graceful restart options */, "graceful-restart" ( /* BGP graceful restart options */ c( ("disable"), "restart-time" arg /* Restart time used when negotiating with a peer */, "stale-routes-time" arg /* Maximum time for which stale routes are kept */, "long-lived" ( /* Long-lived graceful restart options */ c( "receiver" ( /* Long-lived graceful restart receiver (helper) options */ c( ("disable") ) ), "advertise-to-non-llgr-neighbor" ( /* Advertise stale routes to non-LLGR neighbors */ c( "omit-no-export" /* Do not attach no-export community to stale routes */ ) ) ) ), "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("as-rr-client" | "from-fib") ) ) ), "include-mp-next-hop" /* Include NEXT-HOP attribute in multiprotocol updates */, "idle-after-switch-over" ( /* Stop peer session from coming up after nonstop-routing switch-over */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline), "outbound-route-filter" ( /* Dynamically negotiated cooperative route filtering */ c( "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "extended-community" ( /* Extended community filtering */ c( "accept" /* Honor remote requests for extended community ORF */, "no-accept" /* Don't honor remote requests for extended community ORF */, "vrf-filter" /* Request remote filtering using locally configured VRF import targets */ ) ), "prefix-based" ( /* Prefix-based outbound route filtering */ c( "accept" ( /* Honor Prefix-based ORFs from remote peers */ c( "inet" /* Honor IPv4 prefix filters */, "inet6" /* Honor IPv6 prefix filters */ ) ) ) ) ) ), "tcp-mss" arg /* Maximum TCP segment size */, "tcp-aggressive-transmission" /* Enable aggressive transmission of pure TCP ACKs and retransmissions */, "bmp" ( /* Specific settings to override the routing-options settings */ c( "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route montoring messages */, "pre-policy" ( /* Send pre policy route montoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post policy route montoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline) ) ) ) ), "advertise-bgp-static" ( /* Advertise bgp-static routes */ c( "policy" ( /* Static route advertisement policy */ policy_algebra /* Static route advertisement policy */ ) ) ), "add-path-display-ipv4-address" /* Display add-path path-id in IPv4 address format */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "output-queue-priority" ( /* BGP output queue priority scheduler for updates */ c( "expedited" ( /* Expedited queue; highest priority */ sc( "update-tokens" arg /* Number of tokens */ ) ).as(:oneline), "priority" arg ( /* Output queue priority 1..16; higher is better */ sc( "update-tokens" arg /* Number of tokens */ ) ).as(:oneline), "defaults" ( /* Map policy's priority class and BGP output-queue */ c( "low" ( /* Assign the 'low' priority class to this output-queue */ bgp_output_queue_priority_class /* Assign the 'low' priority class to this output-queue */ ), "medium" ( /* Assign the 'medium' priority class to this output-queue */ bgp_output_queue_priority_class /* Assign the 'medium' priority class to this output-queue */ ), "high" ( /* Assign the 'high' priority class to this output-queue */ bgp_output_queue_priority_class /* Assign the 'high' priority class to this output-queue */ ) ) ) ) ), "group" arg ( /* Define a peer group */ c( "type" ( /* Type of peer group */ ("internal" | "external") ), "protocol" ( /* IGP to use to resolve the next hop */ ("rip" | "ospf" | "isis") ), "traceoptions" ( /* Trace options for BGP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("damping" | "packets" | "open" | "update" | "keepalive" | "refresh" | "nsr-synchronization" | "bfd" | "4byte-as" | "add-path" | "graceful-restart" | "egress-te" | "thread-io" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ bgp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "description" arg /* Text description */, "metric-out" ( /* Route metric sent in MED */ sc( c( arg, "minimum-igp" ( /* Track the minimum IGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "igp" ( /* Track the IGP metric */ sc( arg /* Metric offset for MED */, "delay-med-update" /* Delay updating MED when IGP metric increases */ ) ).as(:oneline) ) ) ).as(:oneline), "multihop" ( /* Configure an EBGP multihop session */ c( "ttl" arg /* TTL value for the session */, "no-nexthop-change" /* Do not change next hop to self in advertisements */ ) ), "accept-remote-nexthop" /* Allow import policy to specify a non-directly connected next-hop */, "preference" arg /* Preference value */, "local-preference" arg /* Value of LOCAL_PREF path attribute */, "local-address" ( /* Address of local end of BGP session */ ipaddr /* Address of local end of BGP session */ ), "local-interface" ( /* Local interface for IPv6 link local EBGP peering */ interface_name /* Local interface for IPv6 link local EBGP peering */ ), "forwarding-context" arg /* Routing-instance used for data-forwarding and transport-session */, "hold-time" arg /* Hold time used when negotiating with a peer */, "passive" /* Do not send open messages to a peer */, "advertise-inactive" /* Advertise inactive routes */, "advertise-peer-as" /* Advertise routes received from the same autonomous system */, "no-advertise-peer-as" /* Don't advertise routes received from the same autonomous system */, "advertise-external" ( /* Advertise best external routes */ sc( "conditional" /* Route matches active route upto med-comparison rule */ ) ).as(:oneline), "keep" ( /* How to retain routes in the routing table */ ("all" | "none") ), "rfc6514-compliant-safi129" /* Compliant with RFC6514 SAFI129 format */, "no-aggregator-id" /* Set router ID in aggregator path attribute to 0 */, "mtu-discovery" /* Enable TCP path MTU discovery */, "enforce-first-as" /* Enforce first AS in AS-path is the neighbor's AS */, "out-delay" arg /* How long before exporting routes from routing table */, "ttl" ( /* TTL value for the single-hop peer */ ("1" | "255") ), "log-updown" /* Log a message for peer state transitions */, "damping" /* Enable route flap damping */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "nlri" ( /* NLRI type to include in updates */ ("unicast" | "multicast" | "any") ), "bgp-error-tolerance" ( /* Handle BGP malformed updates softly */ c( "malformed-update-log-interval" arg /* Time used when logging malformed update */, c( "malformed-route-limit" arg /* Maximum number of malformed routes from a peer */, "no-malformed-route-limit" /* No malformed route limit */ ) ) ), "family" ( /* Protocol family for NLRIs in updates */ c( "inet" ( /* IPv4 NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ), "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_labeled /* Include labeled unicast NLRI */ ) ) ), "inet-vpn" ( /* IPv4 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "inet6" ( /* IPv6 NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ), "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_inet6_labeled /* Include labeled unicast NLRI */ ) ) ), "inet6-vpn" ( /* IPv6 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "iso-vpn" ( /* ISO Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ) ) ), "l2vpn" ( /* MPLS-based Layer 2 VPN and VPLS NLRI parameters */ c( "auto-discovery-only" ( /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ bgp_afi_default /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ ), "auto-discovery-mspw" ( /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ bgp_afi_default /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ ), "signaling" ( /* Include Layer 2 VPN and VPLS signaling NLRI */ bgp_afi_l2vpn /* Include Layer 2 VPN and VPLS signaling NLRI */ ) ) ), "evpn" ( /* EVPN NLRI parameters */ c( "signaling" ( /* Include EVPN signaling NLRI */ bgp_afi_default /* Include EVPN signaling NLRI */ ) ) ), "inet-mvpn" ( /* IPv4 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv4 multicast VPN signaling NLRI */ ) ) ), "inet6-mvpn" ( /* IPv6 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv6 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv6 multicast VPN signaling NLRI */ ) ) ), "inet-mdt" ( /* IPv4 Multicast Distribution Tree (MDT) NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN auto-discovery NLRI */ bgp_afi_default /* Include IPv4 multicast VPN auto-discovery NLRI */ ) ) ), "traffic-engineering" ( /* Traffic Engineering (BGP-TE) NLRI parameters */ c( "unicast" ( /* Include BGP-TE NLRI */ bgp_afi_default /* Include BGP-TE NLRI */ ) ) ), "route-target" ( /* Route target NLRI used for VPN route filtering */ c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "proxy-generate" ( /* Generate route target NLRI for peers that don't support it */ c( "route-target-policy" ( /* Limit VPN routes that are used to generate proxy route-target filters */ policy_algebra /* Limit VPN routes that are used to generate proxy route-target filters */ ) ) ), "external-paths" arg /* Number of external paths accepted for route filtering */, "advertise-default" /* Advertise default and suppress more specific routes */, "damping" /* Enable route flap damping */, "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) ), "bridge-vpn" ( /* Bridge VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "fabric-vpn" ( /* Fabric VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ) ) ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96") ), "authentication-key-chain" arg /* Key chain name */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "vpn-apply-export" /* Apply BGP export policy when exporting VPN routes */, "egress-te" ( /* Use Egress Peering traffic engineering */ c( "backup-path" arg /* The 'egress-te-backup-paths template' to use for this peer */ ) ), "remove-private" ( /* Remove well-known private AS numbers */ c( "all" ( /* Remove all private AS numbers and do not stop at the first public AS number */ sc( "replace" ( /* Replace private AS numbers with the BGP Group's local AS number */ sc( "nearest" /* Use closest public AS number to replace a private AS number */ ) ).as(:oneline) ) ).as(:oneline), "no-peer-loop-check" /* Remove peer loop-check */ ) ), "cluster" ( /* Cluster identifier */ areaid /* Cluster identifier */ ), "no-client-reflect" /* Disable intracluster route redistribution */, "peer-as" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "local-as" ( /* Local autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "private" /* Hide this local AS in paths learned from this peering */, "alias" /* Treat this AS as an alias to the system AS */, "no-prepend-global-as" /* Do not prepend global autonomous-system number in advertised paths */ ) ).as(:oneline), "ipsec-sa" arg /* IPSec SA name */, "unconfigured-peer-graceful-restart" /* BGP unconfigured peer graceful restart options */, "graceful-restart" ( /* BGP graceful restart options */ c( ("disable"), "restart-time" arg /* Restart time used when negotiating with a peer */, "stale-routes-time" arg /* Maximum time for which stale routes are kept */, "long-lived" ( /* Long-lived graceful restart options */ c( "receiver" ( /* Long-lived graceful restart receiver (helper) options */ c( ("disable") ) ), "advertise-to-non-llgr-neighbor" ( /* Advertise stale routes to non-LLGR neighbors */ c( "omit-no-export" /* Do not attach no-export community to stale routes */ ) ) ) ), "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("as-rr-client" | "from-fib") ) ) ), "include-mp-next-hop" /* Include NEXT-HOP attribute in multiprotocol updates */, "idle-after-switch-over" ( /* Stop peer session from coming up after nonstop-routing switch-over */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline), "outbound-route-filter" ( /* Dynamically negotiated cooperative route filtering */ c( "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "extended-community" ( /* Extended community filtering */ c( "accept" /* Honor remote requests for extended community ORF */, "no-accept" /* Don't honor remote requests for extended community ORF */, "vrf-filter" /* Request remote filtering using locally configured VRF import targets */ ) ), "prefix-based" ( /* Prefix-based outbound route filtering */ c( "accept" ( /* Honor Prefix-based ORFs from remote peers */ c( "inet" /* Honor IPv4 prefix filters */, "inet6" /* Honor IPv6 prefix filters */ ) ) ) ) ) ), "tcp-mss" arg /* Maximum TCP segment size */, "tcp-aggressive-transmission" /* Enable aggressive transmission of pure TCP ACKs and retransmissions */, "bmp" ( /* Specific settings to override the routing-options settings */ c( "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route montoring messages */, "pre-policy" ( /* Send pre policy route montoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post policy route montoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline) ) ) ) ), "advertise-bgp-static" ( /* Advertise bgp-static routes */ c( "policy" ( /* Static route advertisement policy */ policy_algebra /* Static route advertisement policy */ ) ) ), "add-path-display-ipv4-address" /* Display add-path path-id in IPv4 address format */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "multipath" ( /* Allow load sharing among multiple BGP paths */ sc( "multiple-as" /* Use paths received from different ASs */ ) ).as(:oneline), "as-override" /* Replace neighbor AS number with our AS number */, "allow" ( /* Configure peer connections for specific networks */ ipprefix /* Configure peer connections for specific networks */ ), "optimal-route-reflection" ( /* Enable optimal route reflection for this client group */ c( "igp-primary" ( /* Primary node identifier for this client group */ ipv4addr /* Primary node identifier for this client group */ ), "igp-backup" ( /* Backup node identifier for this client group */ ipv4addr /* Backup node identifier for this client group */ ) ) ), "mvpn-iana-rt-import" /* Use IANA assigned rt-import type value for MVPN */, "neighbor" arg ( /* Configure a neighbor */ c( "traceoptions" ( /* Trace options for BGP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("damping" | "packets" | "open" | "update" | "keepalive" | "refresh" | "nsr-synchronization" | "bfd" | "4byte-as" | "add-path" | "graceful-restart" | "egress-te" | "thread-io" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ bgp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "description" arg /* Text description */, "metric-out" ( /* Route metric sent in MED */ sc( c( arg, "minimum-igp" ( /* Track the minimum IGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "igp" ( /* Track the IGP metric */ sc( arg /* Metric offset for MED */, "delay-med-update" /* Delay updating MED when IGP metric increases */ ) ).as(:oneline) ) ) ).as(:oneline), "multihop" ( /* Configure an EBGP multihop session */ c( "ttl" arg /* TTL value for the session */, "no-nexthop-change" /* Do not change next hop to self in advertisements */ ) ), "accept-remote-nexthop" /* Allow import policy to specify a non-directly connected next-hop */, "preference" arg /* Preference value */, "local-preference" arg /* Value of LOCAL_PREF path attribute */, "local-address" ( /* Address of local end of BGP session */ ipaddr /* Address of local end of BGP session */ ), "local-interface" ( /* Local interface for IPv6 link local EBGP peering */ interface_name /* Local interface for IPv6 link local EBGP peering */ ), "forwarding-context" arg /* Routing-instance used for data-forwarding and transport-session */, "hold-time" arg /* Hold time used when negotiating with a peer */, "passive" /* Do not send open messages to a peer */, "advertise-inactive" /* Advertise inactive routes */, "advertise-peer-as" /* Advertise routes received from the same autonomous system */, "no-advertise-peer-as" /* Don't advertise routes received from the same autonomous system */, "advertise-external" ( /* Advertise best external routes */ sc( "conditional" /* Route matches active route upto med-comparison rule */ ) ).as(:oneline), "keep" ( /* How to retain routes in the routing table */ ("all" | "none") ), "rfc6514-compliant-safi129" /* Compliant with RFC6514 SAFI129 format */, "no-aggregator-id" /* Set router ID in aggregator path attribute to 0 */, "mtu-discovery" /* Enable TCP path MTU discovery */, "enforce-first-as" /* Enforce first AS in AS-path is the neighbor's AS */, "out-delay" arg /* How long before exporting routes from routing table */, "ttl" ( /* TTL value for the single-hop peer */ ("1" | "255") ), "log-updown" /* Log a message for peer state transitions */, "damping" /* Enable route flap damping */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "nlri" ( /* NLRI type to include in updates */ ("unicast" | "multicast" | "any") ), "bgp-error-tolerance" ( /* Handle BGP malformed updates softly */ c( "malformed-update-log-interval" arg /* Time used when logging malformed update */, c( "malformed-route-limit" arg /* Maximum number of malformed routes from a peer */, "no-malformed-route-limit" /* No malformed route limit */ ) ) ), "family" ( /* Protocol family for NLRIs in updates */ c( "inet" ( /* IPv4 NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ), "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_labeled /* Include labeled unicast NLRI */ ) ) ), "inet-vpn" ( /* IPv4 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "inet6" ( /* IPv6 NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ), "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_inet6_labeled /* Include labeled unicast NLRI */ ) ) ), "inet6-vpn" ( /* IPv6 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "iso-vpn" ( /* ISO Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ) ) ), "l2vpn" ( /* MPLS-based Layer 2 VPN and VPLS NLRI parameters */ c( "auto-discovery-only" ( /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ bgp_afi_default /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ ), "auto-discovery-mspw" ( /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ bgp_afi_default /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ ), "signaling" ( /* Include Layer 2 VPN and VPLS signaling NLRI */ bgp_afi_l2vpn /* Include Layer 2 VPN and VPLS signaling NLRI */ ) ) ), "evpn" ( /* EVPN NLRI parameters */ c( "signaling" ( /* Include EVPN signaling NLRI */ bgp_afi_default /* Include EVPN signaling NLRI */ ) ) ), "inet-mvpn" ( /* IPv4 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv4 multicast VPN signaling NLRI */ ) ) ), "inet6-mvpn" ( /* IPv6 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv6 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv6 multicast VPN signaling NLRI */ ) ) ), "inet-mdt" ( /* IPv4 Multicast Distribution Tree (MDT) NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN auto-discovery NLRI */ bgp_afi_default /* Include IPv4 multicast VPN auto-discovery NLRI */ ) ) ), "traffic-engineering" ( /* Traffic Engineering (BGP-TE) NLRI parameters */ c( "unicast" ( /* Include BGP-TE NLRI */ bgp_afi_default /* Include BGP-TE NLRI */ ) ) ), "route-target" ( /* Route target NLRI used for VPN route filtering */ c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "proxy-generate" ( /* Generate route target NLRI for peers that don't support it */ c( "route-target-policy" ( /* Limit VPN routes that are used to generate proxy route-target filters */ policy_algebra /* Limit VPN routes that are used to generate proxy route-target filters */ ) ) ), "external-paths" arg /* Number of external paths accepted for route filtering */, "advertise-default" /* Advertise default and suppress more specific routes */, "damping" /* Enable route flap damping */, "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) ), "bridge-vpn" ( /* Bridge VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "fabric-vpn" ( /* Fabric VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ) ) ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96") ), "authentication-key-chain" arg /* Key chain name */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "vpn-apply-export" /* Apply BGP export policy when exporting VPN routes */, "egress-te" ( /* Use Egress Peering traffic engineering */ c( "backup-path" arg /* The 'egress-te-backup-paths template' to use for this peer */ ) ), "remove-private" ( /* Remove well-known private AS numbers */ c( "all" ( /* Remove all private AS numbers and do not stop at the first public AS number */ sc( "replace" ( /* Replace private AS numbers with the BGP Group's local AS number */ sc( "nearest" /* Use closest public AS number to replace a private AS number */ ) ).as(:oneline) ) ).as(:oneline), "no-peer-loop-check" /* Remove peer loop-check */ ) ), "cluster" ( /* Cluster identifier */ areaid /* Cluster identifier */ ), "no-client-reflect" /* Disable intracluster route redistribution */, "peer-as" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "local-as" ( /* Local autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "private" /* Hide this local AS in paths learned from this peering */, "alias" /* Treat this AS as an alias to the system AS */, "no-prepend-global-as" /* Do not prepend global autonomous-system number in advertised paths */ ) ).as(:oneline), "ipsec-sa" arg /* IPSec SA name */, "unconfigured-peer-graceful-restart" /* BGP unconfigured peer graceful restart options */, "graceful-restart" ( /* BGP graceful restart options */ c( ("disable"), "restart-time" arg /* Restart time used when negotiating with a peer */, "stale-routes-time" arg /* Maximum time for which stale routes are kept */, "long-lived" ( /* Long-lived graceful restart options */ c( "receiver" ( /* Long-lived graceful restart receiver (helper) options */ c( ("disable") ) ), "advertise-to-non-llgr-neighbor" ( /* Advertise stale routes to non-LLGR neighbors */ c( "omit-no-export" /* Do not attach no-export community to stale routes */ ) ) ) ), "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("as-rr-client" | "from-fib") ) ) ), "include-mp-next-hop" /* Include NEXT-HOP attribute in multiprotocol updates */, "idle-after-switch-over" ( /* Stop peer session from coming up after nonstop-routing switch-over */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline), "outbound-route-filter" ( /* Dynamically negotiated cooperative route filtering */ c( "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "extended-community" ( /* Extended community filtering */ c( "accept" /* Honor remote requests for extended community ORF */, "no-accept" /* Don't honor remote requests for extended community ORF */, "vrf-filter" /* Request remote filtering using locally configured VRF import targets */ ) ), "prefix-based" ( /* Prefix-based outbound route filtering */ c( "accept" ( /* Honor Prefix-based ORFs from remote peers */ c( "inet" /* Honor IPv4 prefix filters */, "inet6" /* Honor IPv6 prefix filters */ ) ) ) ) ) ), "tcp-mss" arg /* Maximum TCP segment size */, "tcp-aggressive-transmission" /* Enable aggressive transmission of pure TCP ACKs and retransmissions */, "bmp" ( /* Specific settings to override the routing-options settings */ c( "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route montoring messages */, "pre-policy" ( /* Send pre policy route montoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post policy route montoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline) ) ) ) ), "advertise-bgp-static" ( /* Advertise bgp-static routes */ c( "policy" ( /* Static route advertisement policy */ policy_algebra /* Static route advertisement policy */ ) ) ), "add-path-display-ipv4-address" /* Display add-path path-id in IPv4 address format */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "multipath" ( /* Allow load sharing among multiple BGP paths */ sc( "multiple-as" /* Use paths received from different ASs */ ) ).as(:oneline), "as-override" /* Replace neighbor AS number with our AS number */ ) ) ) ), "drop-path-attributes" arg, "minimum-hold-time" arg ) end rule(:bgp_af_gr) do c( "long-lived" ( /* Long-lived graceful restart options */ c( "restarter" ( /* Long-lived graceful restart restarter options */ c( ("disable"), "stale-time" arg /* Stale time in seconds or dhms notation (1..16777215) */ ) ) ) ), "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("set" | "from-fib") ) ) end rule(:bgp_afi_default) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) end rule(:apath_options) do c( "receive" /* Receive multiple paths from peer */, "send" ( /* Send multiple paths to peer */ c( "prefix-policy" ( /* Perform add-path only for prefixes that match policy */ policy_algebra /* Perform add-path only for prefixes that match policy */ ), "path-count" arg /* Number of paths to advertise */, "multipath" /* Include only multipath contributor routes */ ) ) ) end rule(:bgp_afi_flow) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "no-validate" ( /* Bypass validation procedure for routes that match policy */ policy_algebra /* Bypass validation procedure for routes that match policy */ ), "strip-nexthop" /* Strip the next-hop from the outgoing flow update */, "allow-policy-add-nexthop" /* Allow policy to add nexthop to a route without nexthop */ ) end rule(:bgp_afi_inet6_labeled) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "per-group-label" /* Advertise prefixes with unique labels per group */, "traffic-statistics" ( /* Collect statistics for BGP label-switched paths */ bgpaf_traffic_statistics /* Collect statistics for BGP label-switched paths */ ), "rib" ( /* Select table used by labeled unicast routes */ c( "inet6.3" /* Use inet6.3 to exchange labeled unicast routes */ ) ), "explicit-null" ( /* Advertise explicit null */ sc( "connected-only" /* Advertise explicit null only for connected routes */ ) ).as(:oneline), "protection" /* Compute backup path for active nexthop failure */.as(:oneline) ) end rule(:bgp_afi_l2vpn) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "egress-protection" ( /* Egress router protection */ c( "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ), "keep-import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) ) end rule(:bgp_afi_labeled) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "per-prefix-label" /* Allocate a unique label to each advertised prefix */, "per-group-label" /* Advertise prefixes with unique labels per group */, "traffic-statistics" ( /* Collect statistics for BGP label-switched paths */ bgpaf_traffic_statistics /* Collect statistics for BGP label-switched paths */ ), "rib" ( /* Select table used by labeled unicast routes */ c( "inet.3" /* Use inet.3 to exchange labeled unicast routes */ ) ), "explicit-null" ( /* Advertise explicit null */ sc( "connected-only" /* Advertise explicit null only for connected routes */ ) ).as(:oneline), "protection" /* Compute backup path for active nexthop failure */, "egress-protection" ( /* Egress router protection */ c( "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ), "keep-import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ), "resolve-vpn" /* Install received NLRI in inet.3 also */, "entropy-label" ( /* Use entropy label for entropy label capable BGP LSPs */ c( "import" ( /* Policy to select BGP LSPs to use entropy label */ policy_algebra /* Policy to select BGP LSPs to use entropy label */ ), "no-next-hop-validation" /* Don't validate next hop field against route next hop */ ) ) ) end rule(:bgp_afi_topo) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "protection" /* Compute backup path for active nexthop failure */.as(:oneline), "topology" arg ( /* Multi topology routing tables */ c( "community" arg /* Community to identify multi topology routes */ ) ) ) end rule(:bgp_afi_vpn) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ) ) end rule(:bgp_afi_vpn_protection) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "egress-protection" ( /* Egress router protection */ c( "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ), "keep-import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) ) end rule(:bgp_output_queue_priority_class) do c( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ).as(:oneline) end rule(:bgp_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("prefix") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:bgpaf_accepted_prefix_limit) do c( "maximum" arg /* Maximum number of prefixes accepted from a peer */, "teardown" ( /* Clear peer connection on reaching limit */ sc( arg, "idle-timeout" ( /* Timeout before attempting to restart peer */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline) ) ).as(:oneline) ) end rule(:bgpaf_aigp_options) do c( "disable" /* Disable sending and receiving of AIGP attribute */ ) end rule(:bgpaf_loops) do c( arg ).as(:oneline) end rule(:bgpaf_prefix_limit) do c( "maximum" arg /* Maximum number of prefixes from a peer */, "teardown" ( /* Clear peer connection on reaching limit */ sc( arg, "idle-timeout" ( /* Timeout before attempting to restart peer */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline) ) ).as(:oneline) ) end rule(:bgpaf_traffic_statistics) do c( "file" ( /* Statistics file options */ trace_file_type /* Statistics file options */ ), "interval" arg /* Time to collect statistics (seconds) */ ) end rule(:juniper_protocols_bridge) do c( "traceoptions" ( /* Trace options for Layer 2 address service */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "routing-socket" | "interface-device" | "interface-logical" | "interface-family" | "bridging-domain" | "routing-instance" | "bridge-interface" | "learning-domain" | "ipc" | "mac-learning" | "initialization" | "flood-next-hop" | "irb" | "vpls-ping" | "vpls-loop-prev" | "logical-system" | "bmac-next-hop" | "bridge-bmac-next-hop" | "isid" | "mc-ae" | "kack" | "storm-control" | "redundant-trunk-group" | "unknown-unicast-forwarding" | "vxlan" | "all")) /* Type of operation or event to include in trace */.as(:oneline), "in-memory-debug" /* Enable trace parameters in the memory */ ) ), "global-mac-move" ( /* Enable mac move related options at global level */ c( "notification-time" arg /* Periodical time interval in secs during which MAC move notification occurs */, "threshold-time" arg /* Time during which if certain number of MAC moves happen warrant recording */, "reopen-time" arg /* Time after which a blocked interface is reopened */, "threshold-count" arg /* Count of MAC moves which warrant recording when happen in certain time */, "traceoptions" ( /* Enable logging for the MAC moves */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ), "log" /* Syslog all the MAC moves as stored in the mac-move-buffer */, "disable-action" /* Disable mac move action globally */ ) ), "vpls-mac-move" ( /* Enable VPLS loop prevention related options at global level */ c( "cooloff-time" arg /* Time interval in secs during which no further actions are taken */, "statistical-approach-wait-time" arg /* Time during which MAC moves are monitored to collect statistics */, "interface-recovery-time" arg /* Time interval after which interface is made operationally up */, "virtual-mac" arg /* Virtual MAC addresses to be not considered in VPLS loop prevention algorithm */ ) ), "global-mac-table-aging-time" arg /* System level MAC table aging time */, "global-mode" ( /* Global L2 Mode */ ("transparent-bridge" | "switching") ), "global-le-aging-time" arg /* Set LE aging time */, "global-le-bridge-domain-aging-time" arg /* Set LE bridge-domain aging time */, "global-mac-pinning-discard-notification-interval" arg /* Set interval for MAC Pinning discard notification */, "global-mac-limit" ( /* System level MAC limit options */ c( arg, "packet-action" ( ("drop") ) ) ), "global-mac-statistics" /* Enable MAC address statistics at system level */, "decapsulate-accept-inner-vlan" /* Accept VxLAN packets with inner VLAN disabled by default */, "destination-udp-port" arg /* VXLAN destination UDP port */, "disable-vxlan-multicast-transit" ( /* VXLAN multicast group configuration */ c( "vxlan-multicast-group" ("all" | "multicast-group-ip") /* VXLAN multicast group that requires multicast transit disabled */ ) ), "global-no-mac-learning" /* Disable dynamic MAC address learning at system level */, "global-no-control-mac-aging" /* Disable control MAC-address aging from software */, "mclag-arp-nd-sync" /* Arp and ND entry sync from peer device. */ ) end rule(:juniper_protocols_dot1x) do c( "traceoptions" ( /* Trace options for 802.1X */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("dot1x-debug" | "parse" | "esw-if" | "eapol" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "vlan" | "all" | "dot1x-ipc" | "dot1x-event" | "iccp")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "authenticator" ( /* 802.1X authenticator options */ c( "authentication-profile-name" arg /* Access profile name to use for authentication */, "no-mac-table-binding" /* Disable association between mac table and dot1x */, "radius-options" ( /* Info sent to radius server */ ("use-vlan-name" | "use-vlan-id") ), "static" arg ( /* Static MAC configuration needed to bypass 802.1X */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "bridge-domain-assignment" arg /* Bridge-domain name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ), "interface" ("all" | arg) ( /* 802.1X interface specific options */ c( "authentication-order" ( /* Flexible authentication order */ ("dot1x" | "mac-radius" | "captive-portal") ), "disable" /* Disable 802.1X on this interface */, "supplicant" ( /* Set supplicant mode for this interface */ ("single" | "single-secure" | "multiple") ), "retries" arg /* Number of retries after which port is placed into wait state */, "quiet-period" arg /* Time to wait after an authentication failure */, "transmit-period" arg /* Interval before retransmitting initial EAPOL PDUs */, "mac-radius" ( /* Enable MAC-RADIUS */ c( "restrict" /* Bypass dot1x authentication, use MAC RADIUS only */, "flap-on-disconnect" /* Reset an interface on receiving a disconnect request */, "authentication-protocol" ( /* Set mac-radius authentication method */ c( c( "eap-md5" /* Authentication protocol EAP-MD5 */, "pap" /* Authentication protocol PAP */, "eap-peap" ( /* Authentication protocol EAP-PEAP */ c( "resume" /* Enable resume functionality for faster authentication */ ) ) ) ) ) ) ), c( "no-reauthentication" /* Disable reauthentication */, "reauthentication" arg /* Reauthentication interval */ ), "supplicant-timeout" arg /* Time to wait for a client response */, "server-timeout" arg /* Authentication server timeout interval */, "maximum-requests" arg /* Number of EAPOL RequestIDs to send before timing out */, "guest-vlan" arg /* VLAN name or 802.1q tag for unauthenticated or non-responsive hosts */, "guest-bridge-domain" arg /* Bridge-domain name or 802.1q tag for unauthenticated or non-responsive hosts */, "server-reject-vlan" ( /* VLAN name or 802.1q tag for authentication rejected clients */ sc( arg /* VLAN name or VLAN Tag (1..4095) */, "block-interval" arg /* Interval for authenticator to ignore the EAP-Start packets. */, "eapol-block" /* Force the authenticator to ignore EAPOL-Start packets. */ ) ).as(:oneline), "server-reject-bridge-domain" ( /* VLAN name or 802.1q tag for authentication rejected clients */ sc( arg /* Bridge-domain name or VLAN Tag (1..4095) */, "block-interval" arg /* Interval for authenticator to ignore the EAP-Start packets. */, "eapol-block" /* Force the authenticator to ignore EAPOL-Start packets. */ ) ).as(:oneline), "eapol-block" ( /* Force the authenticator to ignore EAPOL-Start packets */ c( "server-fail" ( /* Block EAPOL-Start during RADIUS Timeout */ c( arg ) ), "mac-radius" /* Block EAPOL-Start when client is authenticated in mac-radius mode */, "captive-portal" /* Block EAPOL-Start when client is authenticated in captive-portal mode */ ) ), "lldp-med-bypass" /* Bypass dot1x authentication, use lldp-med based authentication */, "server-fail" ( /* Action to be taken when server is inaccessible */ sc( c( "deny" /* Force client authentication to fail */, "permit" /* Force client authentication to succeed */, "vlan-name" arg /* VLAN name or 802.1q tag for unreachable servers */, "bridge-domain" arg /* Bridge-domain name or 802.1q tag for unreachable servers */, "use-cache" /* Use the previous state of the client */ ) ) ).as(:oneline), "server-fail-voip" ( /* Action to be taken for VOIP client when server is inaccessible */ sc( c( "deny" /* Force VoIP client authentication to fail */, "permit" /* Force VoIP client authentication to succeed */, "vlan-name" arg /* Configured VoIP VLAN name or 802.1q tag for unreachable servers */, "use-cache" /* Use the previous state of the VoIP client */ ) ) ).as(:oneline), "redirect-url" arg /* CWA redirect URL to be used for unauthenticated users */, "no-tagged-mac-authentication" /* Don't allow tagged mac for radius authentication */ ) ) ) ) ) end rule(:juniper_protocols_esis) do c( ("disable"), "traceoptions" ( /* Trace options for ES-IS */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "esh" | "ish" | "graceful-restart" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "preference" arg /* Preference of routes */, "graceful-restart" ( /* ES-IS graceful restart options */ sc( ("disable"), "restart-duration" arg /* Maximum time for graceful restart to finish */ ) ).as(:oneline), "interface" arg ( /* Interface configuration */ c( "hold-time" arg /* Time after which neighbors think the interface is down */, "end-system-configuration-timer" arg /* Suggested end system configuration timer */, ("disable") ) ) ) end rule(:juniper_protocols_isis) do c( ("disable"), "traceoptions" ( /* Trace options for IS-IS */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "spf" | "packets" | "hello" | "lsp" | "psn" | "csn" | "layer2-map" | "lsp-generation" | "graceful-restart" | "ldp-synchronization" | "nsr-synchronization" | "traffic-statistics" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "layer2-map" /* Kernel ARP/ND creation for nexthops */, "no-layer2-map" /* Don't kernel ARP/ND creation for nexthops */, "lsp-lifetime" arg /* Lifetime of LSPs */, "max-lsp-size" arg /* Maximum size allowed for LSPs */, "max-hello-size" arg /* Maximum size allowed for ISIS Hello PDUs */, "max-snp-size" arg /* Maximum size allowed for Sequence Number (Complete/Partial) PDUs */, "spf-delay" arg /* Time to wait before running an SPF */, "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "loose-authentication-check" /* Verify authentication only if PDU has authentication TLV */, "max-areas" arg /* Maximum number of advertised Areas */, "no-authentication-check" /* Disable authentication checking */, "no-ipv4-routing" /* Disable IPv4 routing */, "no-ipv6-routing" /* Disable IPv6 routing */, "clns-routing" /* Enable CLNS routing */, "clns-updown-compatibility" /* Set the Up/Down Bit in place of the I/E bit in CLNS TLVs */, "no-adjacency-holddown" /* Disable adjacency hold down */, "multicast-topology" /* Enable multicast topology */, "ignore-attached-bit" /* Ignore the attached bit in Level 1 LSPs */, "rib-group" ( /* Routing table group for importing IS-IS routes */ rib_group_type /* Routing table group for importing IS-IS routes */ ), "spf-options" ( /* Configure SPF attributes */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of rapid SPF runs before SPF holddown */, "multipath" ( /* Configure multipath options */ c( "weighted" ( /* Weighted multipath options */ c( "one-hop" /* Enable load balancing on onehop multipath based on interface bandwidth */ ) ) ) ) ) ), "backup-spf-options" ( /* Configure backup SPF attributes */ c( "per-prefix-calculation" /* Calculate backup nexthops for non-best prefix originators */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "node-link-degradation" /* Degrade to link protection when nodelink protection not available */, "use-source-packet-routing" /* Use SPRING routed paths for protection */ ) ), "topologies" ( /* Enable topologies */ c( "ipv4-multicast" /* Enable IPv4-multicast topology */, "ipv6-unicast" /* Enable IPv6-unicast topology */, "ipv6-multicast" /* Enable IPv6-multicast topology */ ) ), "overload" ( /* Set the overload bit (no transit traffic) */ c( "timeout" arg /* Time after which overload bit is reset */, "advertise-high-metrics" /* Advertise high metrics instead of setting the overload bit */, "allow-route-leaking" /* Allow routes to be leaked when overload is configured */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( ("disable"), "credibility-protocol-preference" /* Follow IGP protocol preference for TED protocol credibility */, "ipv4-multicast-rpf-routes" /* Install IPv4 routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "family" enum(("inet" | "inet6" | "inet-mpls" | "inet6-mpls")) ( /* Address family specific traffic-engineering attributes */ c( "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "multicast-rpf-routes" /* Install routes for multicast RPF checks into multicast RIB */ ) ) ) ), "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */ ) ), "multipath" ( /* Configure label-switched-path multipath behavior */ c( "lsp-equal-cost" /* Include equal cost label-switched-paths */ ) ) ) ), "graceful-restart" ( /* IS-IS graceful restart options */ sc( ("disable"), "helper-disable" /* Disable graceful restart helper capability */, "restart-duration" arg /* Maximum time for graceful restart to finish */ ) ).as(:oneline), "source-packet-routing" ( /* Enable Source Packet Routing (SPRING) */ c( "adjacency-segment" ( /* Configure attributes for Adjacency Segments in SPRING */ c( "hold-time" arg /* Duration(ms) for which adjacency segments will be retained after isolating from an interface */ ) ), "srgb" ( /* Set the SRGB global block in SPRING */ sc( "start-label" arg /* Start range for SRGB label block */, "index-range" arg /* Index to the SRGB start label block */ ) ).as(:oneline), "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set IPv4 Node Segment index */, "ipv6-index" arg /* Set IPv6 Node Segment index */, "index-range" arg /* Set Range of Node Segment indices allowed */ ) ), "explicit-null" /* Set E and P bits in all Prefix SID advertisements */ ) ), "level" arg ( /* Configure global level attributes */ c( ("disable"), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "purge-originator" ( /* Add Purge Originator information */ ("self" | "empty") ), "no-hello-authentication" /* Disable authentication for hello packets */, "no-csnp-authentication" /* Disable authentication for CSN packets */, "no-psnp-authentication" /* Disable authentication for PSN packets */, "authentication-key-chain" arg /* Key chain name */, "wide-metrics-only" /* Generate wide metrics only */, "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled IS-IS routes */, "prefix-export-limit" arg /* Maximum number of external prefixes that can be exported */, "source-packet-routing" ( /* Enable Source Packet Routing (SPRING) */ c( ("disable") ) ) ) ), "interface" arg ( /* Interface configuration */ c( ("disable"), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "flood-group" arg /* ISO Area that this interface should send LSPs to */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "hello-authentication-key" ( /* Authentication key (password) for hello packets */ unreadable /* Authentication key (password) for hello packets */ ), "hello-authentication-type" ( /* Authentication type for hello packets */ ("md5" | "simple") ), "hello-padding-type" ( /* Type of padding for hello packets */ ("strict" | "adaptive" | "loose" | "disable") ), "interface-group-holddown-delay" arg /* Time to wait before including in BBM calculation */, "layer2-map" /* Kernel ARP/ND creation for nexthops */, "no-layer2-map" /* Don't kernel ARP/ND creation for nexthops */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "max-hello-size" arg /* Maximum size allowed for ISIS Hello PDUs */, "lsp-interval" arg /* Interval between LSP transmissions */, "csnp-interval" ( /* Rate of CSN packets (for LAN interfaces only) */ sc( c( arg, "disable" /* Do not send CSN packets on this interface */ ) ) ).as(:oneline), "mesh-group" ( /* Add the interface to a mesh group */ sc( c( arg /* Mesh group number for this interface */, "blocked" /* Do not flood new LSPs on this interface */ ) ) ).as(:oneline), "point-to-point" /* Treat interface as point to point */, c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible for backup traffic from protected interfaces */, "passive" ( /* Do not run IS-IS, but advertise it */ c( "remote-node-iso" ( /* ISO System-ID of the remote node */ sysid /* ISO System-ID of the remote node */ ), "remote-node-id" ( /* Remote address of the link */ ipv4addr /* Remote address of the link */ ) ) ), "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "checksum" /* Enable checksum for packets on this interface */, "no-unicast-topology" /* Do not include this interface in the unicast topology */, "no-ipv4-multicast" /* Do not include this interface in the IPv4 multicast topology */, "no-ipv6-unicast" /* Do not include this interface in the IPv6 unicast topology */, "no-ipv6-multicast" /* Do not include this interface in the IPv6 multicast topology */, "no-adjacency-down-notification" /* Do not inform other protocols about adjacency down events */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), "family" enum(("inet" | "inet6")) ( /* Address family specific interface attributes */ c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ) ) ), "level" arg ( /* Configure levels on this interface */ c( ("disable"), "metric" arg /* Metric for this level */, "ipv4-multicast-metric" arg /* IPv4 multicast metric for this level */, "ipv6-unicast-metric" arg /* IPv6 unicast metric for this level */, "ipv6-multicast-metric" arg /* IPv6 multicast metric for this level */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this level */, "te-metric" arg /* Traffic engineering metric */, "topology" enum(("default" | "ipv4-multicast" | "ipv6-unicast" | "ipv6-multicast")) ( /* Topology specific attributes */ c( "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "hello-authentication-key" ( /* Authentication key (password) for hello packets */ unreadable /* Authentication key (password) for hello packets */ ), "hello-authentication-type" ( /* Authentication type for hello packets */ ("md5" | "simple") ), "hello-authentication-key-chain" arg /* Key chain name */, "hello-interval" arg /* Interval between hello packet transmissions */, "hold-time" arg /* Time after which neighbors think the interface is down */, "priority" arg /* Designated router election priority */, "passive" ( /* Do not run IS-IS at this level, but advertise it */ c( "remote-node-iso" ( /* ISO System-ID of the remote node */ sysid /* ISO System-ID of the remote node */ ), "remote-node-id" ( /* Remote address of the link */ ipv4addr /* Remote address of the link */ ) ) ) ) ), "link-degradation-threshold" ( /* Link up and down thresholds (in %) for proactive link protection */ sc( "link-down" arg /* Signal degradation threshold above which link marked down */, "link-up" arg /* Signal degradation threshold below which link is marked up. */ ) ).as(:oneline) ) ), "interface-group" arg ( /* Interface grouping configuration */ c( "interface" arg /* List interfaces for this group */, "level" arg ( /* Configure levels on this interface-group */ c( "topology" enum(("default" | "ipv4-multicast" | "ipv6-unicast" | "ipv6-multicast")) ( /* Topology specific attributes */ c( "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "link-group-protection" ( /* Configure link group protection */ c( "minimum-bandwidth" arg /* Minimum bandwidth to carry traffic */, "revert-bandwidth" arg /* Revert bandwidth to carry traffic */ ) ) ) ), "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( "level" arg ( /* Level to advertise this label-switched path */ c( ("disable"), "metric" arg /* SPF metric for this level */ ) ) ) ), "context-identifier" arg ( /* Configuration for advertisement of a context-identifier */ c( "level" arg ( /* Level to advertise this context-identifier */ c( ("disable") ) ) ) ) ) end rule(:juniper_protocols_l2control) do c( "traceoptions" ( /* Global tracing options for STP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "regex-parse" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "ppmlite" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "nonstop-bridging" /* Enable nonstop operation */, "bpdu-block" ( /* Block BPDU on interface (BPDU Protect) */ c( "interface" (arg | "all") ( /* Interface name to block BPDU on */ c( "disable" /* Disable bpdu-block on a port */, "drop" /* Drop xSTP BPDUs */ ) ), "disable-timeout" arg /* Disable timeout for BPDU Protect */ ) ), "mac-rewrite" ( /* Mac rewrite functionality */ c( "interface" arg ( c( "enable-all-ifl" /* Enable tunneling for all the IFLs under the interface */, "protocol" ( /* Protocols for which mac rewrite need to be enabled */ c( "stp" /* Enable mac rewrite for STP */, "vtp" /* Enable mac rewrite for VTP */, "cdp" /* Enable mac rewrite for CDP */, "ieee8021x" /* Enable mac rewrite for 8021X */, "ieee8023ah" /* Enable mac rewrite for 8023AH */, "elmi" /* Enable mac rewrite for ELMI */, "lacp" /* Enable mac rewrite for LACP */, "lldp" /* Enable mac rewrite for LLDP */, "mmrp" /* Enable mac rewrite for MMRP */, "mvrp" /* Enable mac rewrite for MVRP */, "pvstp" /* Enable mac rewrite for PVSTP+ */, "gvrp" /* Enable mac rewrite for GVRP */, "vstp" /* Enable mac rewrite for VSTP */ ) ) ) ) ) ) ) end rule(:juniper_protocols_ldp) do c( "traceoptions" ( /* Trace options for LDP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "event" | "packet-dump" | "packets" | "periodic" | "initialization" | "notification" | "address" | "label" | "binding" | "path" | "ppmd" | "nsr-synchronization" | "link-protection" | "p2mp-nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ ldp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "traffic-statistics" ( /* Collect statistics for LDP label-switched paths */ c( "file" ( /* Statistics file options */ trace_file_type /* Statistics file options */ ), "interval" arg /* Time to collect statistics (seconds) */, "no-penultimate-hop" /* No penultimate hop statistics collection */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "helper-disable" /* Disable the graceful restart helper capability */, "recovery-time" arg /* Time required for recovery */, "maximum-neighbor-recovery-time" arg /* Maximum time stale mappings are maintained */, "reconnect-time" arg /* Time required to reestablish session after graceful restart */, "maximum-neighbor-reconnect-time" arg /* Maximum reconnect time allowed from a restarting neighbor */ ) ), "auto-targeted-session" ( /* Configure auto targeted session parameters for rLFA only */ c( "teardown-delay" arg /* Auto targeted session tear down delay */, "maximum-sessions" arg /* Auto targeted maximum sessions */ ) ), "preference" arg /* Route preference */, "no-forwarding" /* Do not use LDP ingress routes for forwarding */, "rib-group" arg /* Routing table group for importing ingress routes */, "l2-smart-policy" /* Do not export or import Layer 3 FECs for Layer 2 sessions */, "track-igp-metric" /* Track the IGP metric */, "strict-targeted-hellos" /* Do not send targeted hellos to unconfigured neighbors */, "longest-match" ( /* Configure longest match */ c( arg ) ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "egress-policy" ( /* Configure LSP egress policy */ policy_algebra /* Configure LSP egress policy */ ), "dod-request-policy" ( /* Configure DoD label request policy */ policy_algebra /* Configure DoD label request policy */ ), "next-hop" ( /* LDP next-hop control */ c( "merged" ( /* Merged next hop */ c( "policy" ( /* Merged next-hop policy */ policy_algebra /* Merged next-hop policy */ ) ) ), "no-rsvp-tunneling" ( /* No rsvp tunneling */ c( "policy" ( /* No rsvp tunneling next-hop policy */ policy_algebra /* No rsvp tunneling next-hop policy */ ) ) ) ) ), "mtu-discovery" /* Enable TCP path MTU discovery */, "no-mtu-discovery" /* Don't enable TCP path MTU discovery */, "deaggregate" /* Deaggregate FECs into separate labels */, "no-deaggregate" /* Don't deaggregate FECs into separate labels */, "explicit-null" /* Advertise the EXPLICIT_NULL label for egress FECs */, "label-withdrawal-delay" arg /* Delay label withdrawal for FECs to avoid label churn */, "make-before-break" ( /* Configure make before break */ c( "timeout" arg /* Make before break timeout */, "switchover-delay" arg /* Make before break switchover delay */ ) ), "transport-address" ( /* Address used for TCP sessions */ sc( c( "router-id" /* Use router ID for TCP connections */, "interface" /* Use interface address for TCP connections */, ipaddr /* Use specified address for TCP connections */ ) ) ).as(:oneline), "keepalive-interval" arg /* Keepalive interval (seconds) */, "keepalive-timeout" arg /* Keepalive timeout (seconds) */, "interface" arg ( /* Enable LDP on this interface */ c( ("disable"), "hello-interval" arg /* Hello interval (seconds) */, "hold-time" arg /* Hello hold time (seconds) */, "link-protection" ( /* Enable link protection to protect interface for link faults only */ c( ("disable"), "dynamic-rsvp-lsp" /* Enable setup of dynamic rsvp lsp for link protection */ ) ), "transport-address" ( /* Address used for TCP sessions */ ("router-id" | "interface") ), "allow-subnet-mismatch" /* Allow subnet mismatch for source address in hello packet */, "no-allow-subnet-mismatch" /* Don't allow subnet mismatch for source address in hello packet */ ) ), "neighbor" arg /* Configure a remote LDP neighbor */, "session" arg ( /* Configure session parameters */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96") ), "authentication-key-chain" arg /* Key chain name */, "downstream-on-demand" /* Configure downstream on demand label distribution mode */, "mtu-discovery" /* Enable TCP path MTU discovery */, "no-mtu-discovery" /* Don't enable TCP path MTU discovery */ ) ), "session-group" arg ( /* Configure session group parameters */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96") ), "authentication-key-chain" arg /* Key chain name */, "downstream-on-demand" /* Configure downstream on demand label distribution mode */, "mtu-discovery" /* Enable TCP path MTU discovery */, "no-mtu-discovery" /* Don't enable TCP path MTU discovery */ ) ), "session-protection" ( /* Configure session protection */ sc( "timeout" arg /* Session protection timeout */ ) ).as(:oneline), "igp-synchronization" ( /* Configure IGP synchronization parameters */ c( "holddown-interval" arg /* Time to hold the up notification to the IGPs */ ) ), "log-updown" ( /* Logging actions for LSP up/down events */ c( "trap" ( /* SNMP traps options */ sc( ("disable") ) ).as(:oneline) ) ), "policing" ( /* Configure policing for an LDP FEC */ c( "fec" arg ( /* Forwarding equivalence class */ c( "ingress-traffic" arg /* Name of filter to use for policing ingress LDP traffic */, "transit-traffic" arg /* Name of filter to use for policing transit LDP traffic */ ) ) ) ), "entropy-label" ( /* Insert entropy label for a LDP FEC */ c( "ingress-policy" ( /* Entropy label ingress policy */ policy_algebra /* Entropy label ingress policy */ ) ) ), "oam" ( /* Configure periodic OAM for a LDP FEC */ c( "ingress-policy" ( /* OAM ingress policy */ policy_algebra /* OAM ingress policy */ ), "bfd-port-egress-policy" ( /* OAM egress policy */ policy_algebra /* OAM egress policy */ ), "fec" arg ( /* Forwarding equivalence class */ c( c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "ecmp" /* Enable equal cost multipath (ECMP) support for BFD */, "failure-action" ( /* Action to take when BFD session goes down */ sc( c( "remove-route" /* Remove LDP route from the ribs */, "remove-nexthop" /* Remove LDP nexthop from the route */ ) ) ).as(:oneline), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "no-router-alert-option" /* Do not set Router-Alert options in IP header for MPLS-BFD */, "use-ip-ttl-1" /* Set TTL value to 1 in IP header for MPLS-BFD */ ) ), "no-bfd-liveness-detection" /* Disable BFD liveness detection */ ), "periodic-traceroute" ( /* Configure periodic traceroute */ c( "frequency" arg /* Time between traceroute attempts */, "ttl" arg /* Maximum time-to-live value */, "retries" arg /* Number of times to resend probe */, "wait" arg /* Time to wait before resending probe */, "paths" arg /* Maximum number of paths to traverse */, "source" ( /* Source address to use when sending probes */ ipv4addr /* Source address to use when sending probes */ ), "exp" arg /* Class-of-service value to use when sending probes */, "fanout" arg /* Maximum number of nexthops to search per node */, "disable" /* Disable periodic traceroute for a FEC */ ) ) ) ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "ecmp" /* Enable equal cost multipath (ECMP) support for BFD */, "failure-action" ( /* Action to take when BFD session goes down */ sc( c( "remove-route" /* Remove LDP route from the ribs */, "remove-nexthop" /* Remove LDP nexthop from the route */ ) ) ).as(:oneline), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "no-router-alert-option" /* Do not set Router-Alert options in IP header for MPLS-BFD */, "use-ip-ttl-1" /* Set TTL value to 1 in IP header for MPLS-BFD */ ) ), "periodic-traceroute" ( /* Configure periodic traceroute */ c( "frequency" arg /* Time between traceroute attempts */, "ttl" arg /* Maximum time-to-live value */, "retries" arg /* Number of times to resend probe */, "wait" arg /* Time to wait before resending probe */, "paths" arg /* Maximum number of paths to traverse */, "source" ( /* Source address to use when sending probes */ ipv4addr /* Source address to use when sending probes */ ), "exp" arg /* Class-of-service value to use when sending probes */, "fanout" arg /* Maximum number of nexthops to search per node */ ) ), "lsp-ping-interval" arg /* Time interval between LSP ping messages */ ) ), "targeted-hello" ( /* Configure targeted hello parameters */ c( "hello-interval" arg /* Hello interval (seconds) */, "hold-time" arg /* Hold interval (seconds) */ ) ), "p2mp" ( /* Advertise P2MP capability to peers */ c( "recursive" ( /* Configure P2MP recursive parameters */ c( "route" /* Allow recursive route resolution to signal P2MP FEC */ ) ), "root-address" arg ( /* Configure the root address of P2MP LSP */ c( "lsp-id" arg /* Configure the generic LSP identifier */, "group-address" arg ( /* IPv4/Ipv6 group address for mLDP LSP */ c( "source-address" arg /* IPv4/Ipv6 source address */ ) ) ) ) ) ), "upstream-label-assignment" /* Allow Upstream Label Assignment capability */, "family" enum(("inet" | "inet6")) /* Address family */, "transport-preference" ( /* TCP transport preference */ ("ipv4" | "ipv6") ), "dual-transport" ( /* Use separate IPv4 and IPv6 TCP transport */ c( "inet-lsr-id" ( /* LSR identifier for address family inet */ ipv4addr /* LSR identifier for address family inet */ ), "inet6-lsr-id" ( /* LSR identifier for address family inet6 */ ipv4addr /* LSR identifier for address family inet6 */ ) ) ) ) end rule(:juniper_protocols_lmp) do c( "te-link" arg ( /* Traffic engineering link */ c( "local-address" ( /* Address of the local end of the link */ ipaddr /* Address of the local end of the link */ ), "remote-address" ( /* Address of the remote end of the link */ ipaddr /* Address of the remote end of the link */ ), "remote-id" arg /* Link ID for the remote end of the link */, "te-metric" arg /* Traffic engineering metric of the link */, ("disable"), "ethernet-vlan" ( /* TE link used for setup of L2 VLAN LSP */ c( "vlan-id-range" arg /* VLAN id */ ) ), c( "interface" arg ( /* Member interface of TE link */ c( "local-address" ( /* Local address of the resource */ ipaddr /* Local address of the resource */ ), "remote-address" ( /* Remote address of the resource */ ipaddr /* Remote address of the resource */ ), "remote-id" arg /* Interface ID for the remote end of the resource */, ("disable") ) ), "label-switched-path" arg ( /* Member forwarding adjacency LSP of TE link */ c( "local-address" ( /* Local address of the resource */ ipaddr /* Local address of the resource */ ), "remote-address" ( /* Remote address of the resource */ ipaddr /* Remote address of the resource */ ), "remote-id" arg /* Interface ID for the remote end of the resource */, ("disable") ) ) ) ) ), "peer" arg ( /* Define a network or LMP peer */ c( "address" ( /* Address of peer */ ipaddr /* Address of peer */ ), "lmp-protocol" ( /* LMP protocol attributes */ c( "hello-interval" arg /* Interval between Hello messages */, "hello-dead-interval" arg /* Delay for control channel shutdown when no Hello received */, "retransmission-interval" arg /* Minimum time before retransmitting a message */, "retry-limit" arg /* Number of times to retransmit a message */, "passive" /* Do not send Config messages to peer */ ) ), "control-channel" ( /* Control channel interfaces by priority */ interface_name /* Control channel interfaces by priority */ ), "lmp-control-channel" ( /* Control channel IDs */ lmp_control_channel_type /* Control channel IDs */ ), "te-link" arg /* List of TE links managed by this peer */ ) ), "traceoptions" ( /* LMP trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("init" | "show" | "route-socket" | "parse" | "process" | "server" | "routing" | "packets" | "hello-packets" | "state" | "nsr-synchronization" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) end rule(:juniper_protocols_mpls) do c( ("disable"), "lsp-external-controller" arg ( /* External path computing entity */ c( "label-switched-path-template" ( /* Template for externally provisioned LSP parameters */ c( c( arg, "default-template" /* Use default parameters */ ) ) ), "pce-controlled-lsp" arg ( /* Template for externally provisioned LSP using regular expression */ c( "label-switched-path-template" ( /* Template for externally provisioned LSP parameters */ c( arg ) ) ) ) ) ), "path-mtu" ( /* Path MTU configuration */ c( "allow-fragmentation" /* If needed, fragment IP before encapsulating in MPLS */, "rsvp" ( /* RSVP-specific path MTU options */ c( "mtu-signaling" /* Enable RSVP path MTU signaling */ ) ) ) ), "diffserv-te" ( /* Global diffserv-traffic-engineering options */ c( "bandwidth-model" ( /* Bandwidth constraint model supported */ ("extended-mam" | "mam" | "rdm") ), "te-class-matrix" ( /* Supported combinations of traffic-class and preemption */ c( "te0" ( /* Definition for traffic-engineering class te0 */ te_class_object /* Definition for traffic-engineering class te0 */ ).as(:oneline), "te1" ( /* Definition for traffic-engineering class te1 */ te_class_object /* Definition for traffic-engineering class te1 */ ).as(:oneline), "te2" ( /* Definition for traffic-engineering class te2 */ te_class_object /* Definition for traffic-engineering class te2 */ ).as(:oneline), "te3" ( /* Definition for traffic-engineering class te3 */ te_class_object /* Definition for traffic-engineering class te3 */ ).as(:oneline), "te4" ( /* Definition for traffic-engineering class te4 */ te_class_object /* Definition for traffic-engineering class te4 */ ).as(:oneline), "te5" ( /* Definition for traffic-engineering class te5 */ te_class_object /* Definition for traffic-engineering class te5 */ ).as(:oneline), "te6" ( /* Definition for traffic-engineering class te6 */ te_class_object /* Definition for traffic-engineering class te6 */ ).as(:oneline), "te7" ( /* Definition for traffic-engineering class te7 */ te_class_object /* Definition for traffic-engineering class te7 */ ).as(:oneline) ) ) ) ), "auto-policing" ( /* Automatic policing of LSPs */ c( "class" enum(("all" | "ct0" | "ct1" | "ct2" | "ct3")) ( /* Forwarding class */ c( c( "drop" /* Drop packets if bandwidth is exceeded */, "loss-priority-high" /* Set loss priority to high if bandwidth is exceeded */, "loss-priority-low" /* Set loss priority to low if bandwidth is exceeded */ ) ) ) ) ), "statistics" ( /* Collect statistics for signaled label-switched paths */ c( "file" ( /* Statistics file options */ trace_file_type /* Statistics file options */ ), "interval" arg /* Time to collect statistics (seconds) */, "auto-bandwidth" /* Enable auto bandwidth allocation */, "no-transit-statistics" /* Disable transit LSP statistics collection */, c( "no-transit-statistics-polling" /* Disable polling and display of transit lsp statistics */, "transit-statistics-polling" /* Enable polling and display of transit lsp statistics */ ), "statistics-query-batch-size" arg /* Number of LSPs for which statistics will be queried together */, "traffic-class-statistics" /* Create per traffic class statistics sensors for LSPs */ ) ), "log-updown" ( /* Logging actions for LSP up/down events */ c( "syslog" /* Send syslog messages */, "no-syslog" /* Don't send syslog messages */, c( "trap" /* Send SNMP traps */, "no-trap" ( /* Don't send SNMP traps */ c( "mpls-lsp-traps" /* Dont send mpls lsp up/down traps */, "rfc3812-traps" /* Dont send rfc3812 traps */ ) ) ), "trap-path-down" /* Send SNMP traps when a path goes down */, "trap-path-up" /* Send SNMP traps when a path goes up */ ) ), "optimize-adaptive-teardown" ( /* Post make before break adaptive teardown */ c( "p2p" /* Turn on post make before break adaptive teardown for p2p */ ) ), "traffic-engineering" ( /* Traffic-engineering control */ c( c( "bgp" /* BGP destinations only */, "bgp-igp" /* BGP and IGP destinations */, "bgp-igp-both-ribs" /* BGP and IGP destinations with routes in both routing tables */, "mpls-forwarding" /* Use MPLS routes for forwarding, not routing */ ), "database" ( /* Traffic engineering database */ c( "import" ( /* Configure TED import parameters */ c( "policy" ( /* Configure import policy */ policy_algebra /* Configure import policy */ ), "identifier" arg /* BGP-TE identifier */, "bgp-ls-identifier" arg /* BGP-TE domain identifier */ ) ), "export" ( /* Configure TED export related parameters */ c( "policy" ( /* Export policy */ policy_algebra /* Export policy */ ), "credibility" ( /* TED credibility value for entries from BGP-TE */ c( "unknown" arg /* Entries sourced from unknown entities */, "direct" arg /* Entries sourced from directly connected links */, "static" arg /* Entries sourced from static configuration */, "ospf" arg /* Entries sourced from ospf */, "isis-level-1" arg /* Entries sourced from ISIS Level 1 */, "isis-level-2" arg /* Entries sourced from ISIS Level 2 */ ) ) ) ) ) ) ) ), "traceoptions" ( /* Trace options for MPLS */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("connection" | "connection-detail" | "cspf" | "cspf-node" | "cspf-link" | "cspf-abstract" | "state" | "error" | "lsping" | "graceful-restart" | "nsr-synchronization" | "nsr-synchronization-detail" | "static" | "egress-protection" | "all" | "autobw-state" | "externally-controlled-lsp" | "ted-import" | "ted-export" | "lsp-history" | "abstract-hop")) /* Tracing parameters */.as(:oneline) ) ), "admin-groups" arg ( /* Administrative groups */ c( arg ) ), "advertisement-hold-time" arg /* Time that an 'LSP down' advertisement will be delayed */, "rsvp-error-hold-time" arg /* Time that RSVP PathErr events will be remembered */, "optimize-aggressive" /* Run aggressive optimization algorithm based on IGP metric only */, "smart-optimize-timer" arg /* Path optimization interval after a link traversed by the path goes down */, "optimize-switchover-delay" arg /* Delay before switching LSP to newly optimized path */, "no-propagate-ttl" /* Disable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop) */, "sensor-based-stats" /* Enable sensor based statistics collection */, "explicit-null" /* Advertise the EXPLICIT_NULL label when the router is the egress */, "ipv6-tunneling" /* Allow MPLS LSPs to be used for tunneling IPv6 traffic */, "icmp-tunneling" /* Allow MPLS LSPs to be used for tunneling ICMP error packets */, "revert-timer" arg /* Hold-down window before reverting back to primary path, 0 means disable */, "optimize-hold-dead-delay" arg /* Delay before tearing down the old optimized path */, "expand-loose-hop" /* Perform CSPF path computation to expand loose hops */, "mib-mpls-show-p2mp" /* Show p2mp tunnels entries in mpls mib walk */, "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "priority" ( /* Preemption priorities */ c( arg, arg ) ), "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "label-switched-path" arg ( /* Label-switched path */ c( ("disable"), "traceoptions" ( /* Trace options for MPLS label-switched path */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("cspf" | "cspf-node" | "cspf-link" | "cspf-abstract" | "state" | "all")) /* Tracing parameters */.as(:oneline) ) ), "no-install-to-address" /* Don't install host route 'to' address into routing tables */, "backup" /* Use LSP for IGP backup */, "from" ( /* Address of ingress router */ ipv4addr /* Address of ingress router */ ), c( "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "template" /* Template for dynamic lsp paramaters */ ), "corouted-bidirectional" /* Setup the LSP as a corouted bidirectional LSP */, "corouted-bidirectional-passive" /* Associate LSP with incoming corouted bidirectional LSP */, "metric" arg /* Metric value */, "ldp-tunneling" /* Allow LDP to use this LSP for tunneling */, "soft-preemption" /* Attempt make-before-break service while preempting this LSP */, "install" arg ( /* Install prefix */ sc( "active" /* Install prefix into forwarding table */ ) ).as(:oneline), "retry-timer" arg /* Time before retrying the primary path */, "retry-limit" arg /* Maximum number of times to retry primary path */, "lsp-attributes" ( /* Attributes for generalized LSP */ c( "signal-bandwidth" ( /* Signal bandwidth for the LSP */ ("ds1" | "vt1-5" | "e1" | "vt2" | "ethernet" | "e3" | "ds3" | "sts-1" | "fastether" | "stm-1" | "stm-4" | "gigether" | "stm-16" | "stm-64" | "10gigether" | "stm-256" | "100gige") ), "switching-type" ( /* LSP switching type desired */ ("psc-1" | "lambda" | "fiber" | "tdm" | "ethernet-vlan") ), "encoding-type" ( /* LSP encoding type desired */ ("packet" | "ethernet" | "pdh" | "sonet-sdh") ), "gpid" ( /* Generalized PID */ ("ipv4" | "ethernet" | "ppp" | "hdlc" | "pos-no-scrambling-crc-16" | "pos-no-scrambling-crc-32" | "pos-scrambling-crc-16" | "pos-scrambling-crc-32") ), "upstream-label" ( /* Upstream Label for the bidirectional label-switched path */ c( "vlan-id" arg /* VLAN ID label for the label-switched path */ ) ) ) ), "revert-timer" arg /* Hold-down window before reverting back to primary path, 0 means disable */, "optimize-hold-dead-delay" arg /* Delay before tearing down the old optimized path */, "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "priority" ( /* Preemption priorities */ c( arg, arg ) ), "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "entropy-label" /* Enable entropy label */, "self-ping-duration" arg /* Duration over which to run self-ping (65535 = until success) */, "no-self-ping" /* Do not run self-ping for this LSP */, c( "random" /* Randomly select among equal-cost paths */, "least-fill" /* Select the least filled among equal-cost paths */, "most-fill" /* Select the most filled among equal-cost paths */ ), "description" arg /* Text description of label-switched path */, c( "link-protection" /* Protect LSP from link faults only */, "node-link-protection" /* Protect LSP from both link and node faults */ ), "intra-domain" /* Intra-domain LSP */, "inter-domain" /* Inter-domain LSP */, "adaptive" /* Have the LSP smoothly cut over to new routes */, "fast-reroute" ( /* Fast reroute */ c( "hop-limit" arg /* Maximum allowed router hops */, c( "bandwidth" arg /* Bandwidth to reserve (bps) */, "bandwidth-percent" arg /* Percentage of main path bandwidth to reserve */ ), c( "no-include-any" /* Disable include-any checking */, "include-any" arg /* Groups, one or more of which must be present */ ), c( "no-include-all" /* Disable include-all checking */, "include-all" arg /* Groups, all of which must be present */ ), c( "no-exclude" /* Disable exclude checking */, "exclude" arg /* Groups, all of which must be absent */ ) ) ), "p2mp" ( /* Point-to-multipoint label-switched path */ sc( arg /* Name of point-to-multipoint LSP */ ) ).as(:oneline), "auto-bandwidth" ( /* Do auto bandwidth allocation for this LSP */ c( "adjust-interval" arg /* Time to adjust LSP bandwidth */, "adjust-threshold" arg /* Change in average LSP utilization to trigger auto-adjustment */, "adjust-threshold-activate-bandwidth" arg /* Adjusts signaled bw if greater than this value */, "minimum-bandwidth" arg /* Minimum LSP bandwidth */, "maximum-bandwidth" arg /* Maximum LSP bandwidth */, "minimum-bandwidth-adjust-interval" arg /* Duration for which minimum bandwidth will be frozen */, "minimum-bandwidth-adjust-threshold-change" arg /* Change in max average bandwidth to freeze min bandwidth */, "minimum-bandwidth-adjust-threshold-value" arg /* Freeze min bandwidth if max average bandwidth falls below this bw */, "monitor-bandwidth" /* Monitor LSP bandwidth without adjustments */, "adjust-threshold-overflow-limit" arg /* Number of consecutive overflow samples to trigger auto-adjustment */, "adjust-threshold-underflow-limit" arg /* Number of consecutive underflow samples to trigger auto-adjustment */, "resignal-minimum-bandwidth" /* Resignal the LSP using minimum-bandwidth */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */ ) ), "optimize-on-change" ( /* Specify additional re-optimization triggers for this LSP */ c( "link-congestion" /* Optimize when a link becomes congested */ ) ), "deselect-on-bandwidth-failure" ( /* Deselect active path if it cannot meet the bandwidth constraint */ c( "tear-lsp" /* Bring down active path when all paths fail to reserve required bandwidth */ ) ), "associate-lsp" ( /* Associate the LSP for OAM */ c( arg /* Name of assocation LSP */, "from" ( /* Address of ingress router of associated LSP */ ipv4addr /* Address of ingress router of associated LSP */ ) ) ), "primary" arg ( /* Preferred path */ c( "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "priority" ( /* Preemption priorities */ c( arg, arg ) ), "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "adaptive" /* Have the LSP smoothly cut over to new routes */, "select" ( ("manual" | "unconditional") ), "upstream-label" ( /* Upstream Label for the bidirectional label-switched path */ c( "vlan-id" arg /* VLAN ID label for the label-switched path */ ) ), "optimize-on-change" ( /* Specify additional re-optimization triggers for this path */ c( "link-congestion" /* Optimize when a link becomes congested */ ) ) ) ), "secondary" arg ( /* Backup path */ c( "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "priority" ( /* Preemption priorities */ c( arg, arg ) ), "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "adaptive" /* Have the LSP smoothly cut over to new routes */, "select" ( ("manual" | "unconditional") ), "upstream-label" ( /* Upstream Label for the bidirectional label-switched path */ c( "vlan-id" arg /* VLAN ID label for the label-switched path */ ) ), "optimize-on-change" ( /* Specify additional re-optimization triggers for this path */ c( "link-congestion" /* Optimize when a link becomes congested */ ) ) ) ), "policing" ( /* Traffic policing for this LSP */ sc( "filter" arg /* Name of filter to use for policing LSP traffic */, "no-auto-policing" /* Turn off automatic policing for this LSP */ ) ).as(:oneline), "lsp-external-controller" arg /* Name of the external path computing entity */, "associate-backup-pe-groups" /* Associate this LSP with backup-pe groups */, "egress-protection" /* Use this LSP for egress protection data transport */ ) ), "deselect-on-bandwidth-failure" ( /* Deselect active path if it cannot meet the bandwidth constraint */ c( "tear-lsp" /* Bring down active path when all paths fail to reserve required bandwidth */ ) ), "container-label-switched-path" arg ( c( ("disable"), "description" arg /* Text description of label-switched path */, "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg, "default-template" /* Use default parameters */ ) ) ), "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "suffix" arg /* Suffix to generate names of members of container LSP */, "splitting-merging" ( /* Do splitting and merging */ c( "maximum-member-lsps" arg /* Maximum number of LSPs */, "minimum-member-lsps" arg /* Minimum number of LSPs */, "splitting-bandwidth" arg /* Maximum bandwidth threshold for splitting */, "merging-bandwidth" arg /* Minimum bandwidth threshold for merging */, "maximum-signaling-bandwidth" arg /* Maximum bandwidth for signaling during normalization */, "minimum-signaling-bandwidth" arg /* Minimum bandwidth for signaling during normalization */, "splitting-merging-threshold" arg /* Change in aggregate LSP utilization to trigger splitting or merging */, "normalization" ( /* Do normalization */ c( "normalize-interval" arg /* Time to normalize container LSP */, "failover-normalization" /* Do pre-mature normalization in case some LSPs go down before next normalization */, "no-incremental-normalize" /* Do not normalize unless all LSPs are successfully signaled */, "normalization-retry-duration" arg /* Time before retrying the container LSP normalization */, "normalization-retry-limits" arg /* Maximum number of times to retry container LSP normalization */ ) ), "sampling" ( /* Sampling information */ c( "cut-off-threshold" arg /* Cut-off percentile to remove outliers from aggregate samples */, c( "use-average-aggregate" /* Use average of the samples */, "use-percentile" arg /* Use a percentile of the samples */ ) ) ) ) ), "lsp-external-controller" arg /* Name of the external path computing entity */ ) ), "transit-lsp-association" arg ( /* Transit label switch path assoication */ c( "lsp-name-1" arg /* Name of assocation LSP 1 */, "from-1" ( /* Address of associated LSP 1 */ ipv4addr /* Address of associated LSP 1 */ ), "lsp-name-2" arg /* Name of assocation LSP 2 */, "from-2" ( /* Address of associated LSP 2 */ ipv4addr /* Address of associated LSP 2 */ ) ) ), "path" arg ( /* Route of a label-switched path */ c( sc( "abstract" /* Next system in path is abstract */, c( "loose" /* Next hop might not be adjacent */, "loose-link" /* Next hop link might not be adjacent */, "strict" /* Next hop must be adjacent */ ) ).as(:oneline) ) ), "static-label-switched-path" arg ( /* Static label-switched path */ c( c( "bypass" ( /* Bypass ingress label-switched path */ c( "bandwidth" arg /* Bandwidth to reserve */, "description" arg /* Text description of label-switched path */, "next-hop" ( /* IPv4 or IPv6 address or interface of next-hop router */ ipaddr_or_interface /* IPv4 or IPv6 address or interface of next-hop router */ ), "push" arg /* Label to push */, "to" ( /* Address of egress router */ ipaddr /* Address of egress router */ ) ) ), "transit" arg ( /* Transit label-switched path */ c( "bandwidth" arg /* Bandwidth to reserve */, "description" arg /* Text description of label-switched path */, "link-protection" ( /* Bypass link protection */ sc( "bypass-name" arg /* Bypass label-switched path name */ ) ).as(:oneline), "next-hop" ( /* IPv4 or IPv6 address or interface of next-hop router */ ipaddr_or_interface /* IPv4 or IPv6 address or interface of next-hop router */ ), "node-protection" ( /* Bypass node protection */ sc( "bypass-name" arg /* Bypass label-switched path name */, "next-next-label" arg /* Label expected by next-next-hop */ ) ).as(:oneline), c( "swap" arg /* Swap top label with this label */, "pop" /* Pop the top label */, "stitch" /* Swap top label with the resolved LSP */ ) ) ), "ingress" ( /* Ingress LSR configuration for a static LSP */ c( "bandwidth" arg /* Bandwidth to reserve */, "class-of-service" arg /* Class-of-service value */, "description" arg /* Text description of label-switched path */, "install" arg ( /* Install prefix */ sc( "active" /* Install prefix into forwarding table */ ) ).as(:oneline), "metric" arg /* Metric value */, "next-hop" ( /* IPv4 address or interface of next-hop router */ ipv4addr_or_interface /* IPv4 address or interface of next-hop router */ ), "link-protection" ( /* Bypass link protection */ sc( "bypass-name" arg /* Bypass label-switched path name */ ) ).as(:oneline), "node-protection" ( /* Bypass node protection */ sc( "bypass-name" arg /* Bypass label-switched path name */, "next-next-label" arg /* Label expected by next-next-hop */ ) ).as(:oneline), "no-install-to-address" /* Don't install host route 'to' address into routing tables */, "policing" ( /* Traffic policing for this LSP */ sc( "filter" arg /* Name of filter to use for policing LSP traffic */, "no-auto-policing" /* Turn off automatic policing for this LSP */ ) ).as(:oneline), "preference" arg /* Preference value */, "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "push" arg /* Label to push */, "entropy-label" /* Enable entropy label */ ) ) ) ) ), "constituent-list" arg ( /* MPLS constituent list for abstract hops */ c( "srlg" arg /* SRLG Name */, "admin-group" arg /* Administrative groups */, "admin-group-extended" arg /* Extended administrative groups */ ) ), "abstract-hop" arg ( /* MPLS abstract hop */ c( "operator" ( /* Operation among constituent lists */ ("AND" | "OR") ), "constituent-list" arg ( /* Building abstract hop using constituent lists */ c( c( "include-any-list" /* Include any */, "include-all-list" /* Include all */, "exclude-any-list" /* Exclude any */, "exclude-all-list" /* Exclude all */ ) ) ) ) ), "interface" arg ( /* MPLS interface options */ c( ("disable"), "srlg" arg /* SRLG Name */, "always-mark-connection-protection-tlv" /* Mark connection protection tlv on this interface */, "switch-away-lsps" /* Switch away protected LSPs to their bypass LSPs */, "admin-group" arg /* Administrative groups */, "admin-group-extended" arg /* Extended administrative groups */, "static" ( /* Static label-switch path related configurations */ c( "protection-revert-time" arg /* FRR revert wait time, 0 means disable */ ) ) ) ), "egress-protection" ( /* Egress router protection */ c( "context-identifier" arg ( /* Context identifier */ c( c( "primary" /* Primary */, "protector" /* Protector */ ), "metric" arg /* IGP metric */, "advertise-mode" ( /* Advertise mode */ ("stub-proxy" | "stub-alias") ), "admin-group" arg /* Administrative groups */ ) ), "traceoptions" ( /* Trace options for egress-protection */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("state" | "route" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "label-range" ( /* MPLS labels ranges */ c( "lsi-label-range" arg ( /* LSI-label-range */ sc( arg ) ).as(:oneline), "block-label-range" arg ( /* Block-label-range */ sc( arg ) ).as(:oneline), "dynamic-label-range" arg ( /* Dynamic-label-range */ sc( arg ) ).as(:oneline), "static-label-range" arg ( /* Static-label-range */ sc( arg ) ).as(:oneline), "label-limit" arg /* Limit for the number of concurrent active labels */ ) ) ) end rule(:admin_group_include_exclude) do c( c( "include-any" arg /* Groups, one or more of which must be present */ ), c( "include-all" arg /* Groups, all of which must be present */ ), c( "exclude" arg /* Groups, all of which must be absent */ ) ) end rule(:juniper_protocols_msdp) do c( "data-encapsulation" ( /* Set encapsulation of data packets */ ("disable" | "enable") ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ), ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "peer" arg ( /* Configure an MSDP peer */ c( ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ), "keep-alive" arg /* Time limit for sending out periodic keep alive to peer */, "hold-time" arg /* Max time to terminating a peer for having not received any message from */, "sa-hold-time" arg /* Max time for holding a sa message before timing out */, "default-peer" /* Default RPF peer */, "authentication-key" arg /* MD5 authentication key */ ) ), "keep-alive" arg /* Time limit for sending out periodic keep alive to peer */, "hold-time" arg /* Max time to terminating a peer for having not received any message from */, "sa-hold-time" arg /* Max time for holding a sa message before timing out */, "source" arg ( /* Configure parameters for each source */ c( "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ) ) ), "group" arg ( /* Configure MSDP peer groups */ c( "mode" ( /* MSDP group source-active flooding mode */ ("standard" | "mesh-group") ), ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "peer" arg ( /* Configure an MSDP peer */ c( ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ), "keep-alive" arg /* Time limit for sending out periodic keep alive to peer */, "hold-time" arg /* Max time to terminating a peer for having not received any message from */, "sa-hold-time" arg /* Max time for holding a sa message before timing out */, "default-peer" /* Default RPF peer */, "authentication-key" arg /* MD5 authentication key */ ) ) ) ) ) end rule(:juniper_protocols_mstp) do c( ("disable"), "bpdu-destination-mac-address" ( /* Destination MAC address in the spanning tree BPDUs */ ("provider-bridge-group") ), "configuration-name" arg /* Configuration name (part of MST configuration identifier) */, "revision-level" arg /* Revision level (part of MST configuration identifier) */, "max-hops" arg /* Maximum number of hops */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "bpdu-block-on-edge" /* Block BPDU on all interfaces configured as edge (BPDU Protect) */, "vpls-flush-on-topology-change" /* Enable VPLS MAC flush on root protected CE interface receving topology change */, "priority-hold-time" arg /* Hold time before switching to primary priority when core domain becomes up */, "system-id" ( /* System ID to IP mapping */ system_id_ip_map /* System ID to IP mapping */ ), "interface" ( /* Interface options */ mstp_interface /* Interface options */ ), "msti" arg ( /* Per-MSTI options */ c( "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "vlan" arg /* VLAN ID or VLAN ID range [1..4094] */, "interface" ( /* Interface options */ mstp_interface /* Interface options */ ) ) ) ) end rule(:juniper_protocols_mvpn) do c( "traceoptions" ( /* Trace options for BGP-MVPN */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "nlri" | "topology" | "tunnel" | "umh" | "intra-as-ad" | "inter-as-ad" | "spmsi-ad" | "leaf-ad" | "source-active" | "cmcast-join" | "mdt-safi-ad" | "mvpn-limit" | "nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "autodiscovery-only" ( /* Use MVPN exclusively for PE router autodiscovery */ c( "intra-as" ( /* Intra-AS autodiscovery options */ c( "inclusive" /* Inclusive provider tunnel autodiscovery */ ) ) ) ), "family" ( /* BGP-MVPN address family */ c( "any" ( /* BGP-MVPN properties for all families */ c( "disable" /* Disable all families */ ) ), "inet" ( /* IPv4 BGP-MVPN properties */ c( "autodiscovery-only" ( /* Use MVPN exclusively for PE router autodiscovery */ c( "intra-as" ( /* Intra-AS autodiscovery options */ c( "inclusive" /* Inclusive provider tunnel autodiscovery */ ) ) ) ), "disable" /* Disable family IPv4 */ ) ), "inet6" ( /* IPv6 BGP-MVPN properties */ c( "disable" /* Disable family IPv6 */ ) ) ) ), c( "receiver-site" /* MVPN instance has sites only with multicast receivers */, "sender-site" /* MVPN instance has sites only with multicast sources */ ), "unicast-umh-election" /* Upstream Multicast Hop election based on unicast route preference */, "static-umh" ( /* Upstream Multicast Hop election based on static configuration */ c( "primary" ( /* Primary Upstream Multicast Hop */ ipv4addr /* Primary Upstream Multicast Hop */ ), "backup" ( /* Secondary Upstream Multicast Hop */ ipv4addr /* Secondary Upstream Multicast Hop */ ), c( "source-tree" /* Mandatory attribute - static-umh applies only to MVPN source-tree c-multicast joins */ ) ) ), "cmcast-joins-limit-inet" arg /* Maximum number of cmcast entries for v4 */, "cmcast-joins-limit-inet6" arg /* Maximum number of cmcast entries for v6 */, "mvpn-mode" ( /* MVPN mode of operation */ c( c( "rpt-spt" ( /* MVPN works in multicast RPT and SPT mode */ c( "spt-switch-timer" arg /* Timeout before a PE router switches between RPT and SPT */ ) ), "spt-only" ( /* MVPN works in multicast SPT only mode (default mode) */ c( "source-active-advertisement" ( /* Attributes associated with advertising Source-Active A-D routes */ c( "dampen" arg /* Time to wait before re-advertising source-active route */, "min-rate" arg /* Minimum traffic rate required to advertise Source-Active route */ ) ) ) ) ) ) ), "route-target" ( /* Configure route-targets for MVPN routes */ c( "import-target" ( /* Target communities used when importing routes */ c( "unicast" ( /* Use the same target community as configured for unicast */ sc( c( "receiver" /* Target community used when importing receiver site routes */, "sender" /* Target community used when importing sender site routes */ ) ) ).as(:oneline), "target" ( /* Target community */ sc( arg, c( "receiver" /* Target community used when importing receiver site routes */, "sender" /* Target community used when importing sender site routes */ ) ) ).as(:oneline) ) ), "export-target" ( /* Target communities used when exporting routes */ c( "unicast" /* Use the same target community as configured for unicast */, "target" arg /* Target community */ ) ) ) ), "mvpn-join-load-balance" ( /* MVPN Join Load Balancing Algorithm */ c( c( "bytewise-xor-hash" /* Upstream selection using bytewise XOR hash */ ) ) ), "install-discard" /* Install MVPN discard forwarding entries */, "sender-based-rpf" /* Forward multicast traffic only from a selected sender PE */, "hot-root-standby" ( /* MVPN live-live - hot root standby */ c( c( "source-tree" /* MVPN live-live - hot root standby for source tree */ ), "min-rate" ( /* Minimum traffic rate for the provider tunnel below which switchover is initiated (in bps) */ c( "rate" arg /* Minium traffic rate for the provider tunnel below which switchover is initiated (in bps) */, "revert-delay" arg /* Time to delay updating of multicast routes to allow for multicast convergence */ ) ) ) ), "hierarchical-nexthop" /* Enable hierarchical nexthop usage */, "no-nexthop-sharing-for-selective-tunnel" /* Disable Tunnel nexthops from getting shared for selective tunnel */, "inter-region-template" ( /* MVPN inter-region tunnel mapping template */ c( "template" arg ( /* Define a inter-region template */ c( "region" arg ( /* BGP peer group names used as region */ c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "incoming" /* Same as incoming provider tunnel */ ) ) ), "all-regions" ( /* Used for all regions not specified */ c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "incoming" /* Same as incoming provider tunnel */ ) ) ) ) ) ) ), "source-redundancy" /* Assume all the sources for a particular group is sending same data */, "umh-selection-additional-input" ( /* Additional parameters to consider during UMH */ c( "source-active-preference" /* Use the preference set in the source active route */, "tunnel-status" /* Use the RSVP tunnel status */ ) ) ) end rule(:juniper_protocols_mvrp) do c( "traceoptions" ( /* Tracing options for MVRP */ mrp_trace_options /* Tracing options for MVRP */ ), "join-timer" arg /* Join timer interval */, "leave-timer" arg /* Leave timer interval */, "leaveall-timer" arg /* Leaveall timer interval */, "no-dynamic-vlan" /* Disable dynamic VLAN creation */, "no-attribute-length-in-pdu" /* No attribute length while sending pdu */, "bpdu-destination-mac-address" ( /* Destination MAC address in the MVRP BPDUs */ ("provider-bridge-group") ), "interface" arg ( /* Configure interface options */ c( "join-timer" arg /* Join timer interval */, "leave-timer" arg /* Leave timer interval */, "leaveall-timer" arg /* Leaveall timer interval */, "point-to-point" /* Port is point to point */, "registration" ( /* Registration mode */ ("normal" | "restricted" | "forbidden") ) ) ) ) end rule(:juniper_protocols_ospf) do c( ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-group" arg /* Routing table group for importing OSPF routes */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ) ) ), "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "te-metric" arg /* Traffic engineering metric */, "priority" arg /* Designated router priority */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ) ) ) ) end rule(:juniper_protocols_overlayd) do c( "traceoptions" ( /* Overlayd trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("socket" | "rtsock" | "config" | "all")) /* Tracing flag parameters */.as(:oneline) ) ) ) end rule(:juniper_protocols_pgm) do c( "traceoptions" ( /* PGM trace options */ c( "flag" enum(("init" | "show" | "route-socket" | "parse" | "state" | "packets" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) end rule(:juniper_protocols_pim) do c( "family" ( /* Local address family */ c( "any" ( /* Default properties for all address families */ c( "disable" /* Disable all families */ ) ), "inet" ( /* IPv4 specific properties */ c( ("disable") ) ), "inet6" ( /* IPv6 specific properties */ c( ("disable") ) ) ) ), ("disable"), "nonstop-routing" ( /* Configure PIM nonstop-routing attributes */ c( ("disable") ) ), "traceoptions" ( /* Trace options for PIM */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("route" | "packets" | "hello" | "register" | "join" | "prune" | "graft" | "bootstrap" | "rp" | "autorp" | "assert" | "mdt" | "nsr-synchronization" | "bidirectional-df-election" | "mofrr" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ pim_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "dense-groups" ( /* Dense mode groups for sparse-dense mode */ c( "dynamic-reject" /* Reject dynamic autorp negative dense-mode prefixes learnt from network */, sc( ("reject" | "announce") ).as(:oneline) ) ), "vpn-tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ), "vpn-group-address" ( /* Group address for the VPN in provider space */ ipv4addr /* Group address for the VPN in provider space */ ), "tunnel-devices" ( /* Tunnel devices to be used for creating mt interfaces */ interface_device /* Tunnel devices to be used for creating mt interfaces */ ), "rpf-selection" ( /* Select RPF neighbor */ c( "group" arg ( /* IP prefix of multicast group */ c( "wildcard-source" ( /* Select RPF for (*,g) and unspecified (s,g) joins */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ), "source" arg ( /* IP prefix of one or more multicast sources */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ) ) ), "prefix-list" arg ( /* Multicast group prefix list */ c( "wildcard-source" ( /* Select RPF for (*,g) and unspecified (s,g) joins */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ), "source" arg ( /* IP prefix of one or more multicast sources */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ) ) ) ) ), "mvpn" ( /* PIM MVPN control-plane options */ c( "autodiscovery" ( /* PE router autodiscovery options for SSM MDTs */ c( "inet-mdt" /* MDT-SAFI PE autodiscovery for SSM MDTs */ ) ), "family" ( /* PIM MVPN address family */ c( "inet" ( /* IPv4 PIM MVPN specific properties */ c( "rosen-mvpn", "ngen-mvpn", "autodiscovery" ( /* PE router autodiscovery options for SSM MDTs */ c( "inet-mdt" /* MDT-SAFI PE autodiscovery for SSM MDTs */ ) ), "disable" /* Disable family IPv4 */ ) ), "inet6" ( /* IPv6 PIM MVPN specific properties */ c( "rosen-mvpn", "ngen-mvpn" ) ) ) ) ) ), "rib-group" ( /* Routing table group */ rib_group_type /* Routing table group */ ), "import" ( /* PIM sparse import join policy */ policy_algebra /* PIM sparse import join policy */ ), "export" ( /* PIM sparse export join policy */ policy_algebra /* PIM sparse export join policy */ ), "mldp-inband-signalling" ( c( "policy" ( /* PIM MLDP join translation filter policy */ policy_algebra /* PIM MLDP join translation filter policy */ ) ) ), "assert-timeout" arg /* Set assert timeout */, "assert-robust-count" arg /* Number of assert messages an assert winner sends in one cycle */, "join-prune-timeout" arg /* Set join/prune timeout */, "spt-threshold" ( /* Set shortest-path-tree threshold policy */ c( "infinity" ( /* Apply policy to always remain on shared tree */ policy_algebra /* Apply policy to always remain on shared tree */ ) ) ), "sglimit" ( /* Set limit on number of (S,G) states */ c( "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "rp" ( /* Router's rendezvous point properties */ c( "bootstrap-priority" arg /* Eligibility to be the bootstrap router (IPv4 only) */, "bootstrap-import" ( /* Bootstrap import policy (IPv4 only) */ policy_algebra /* Bootstrap import policy (IPv4 only) */ ), "bootstrap-export" ( /* Bootstrap export policy (IPv4 only) */ policy_algebra /* Bootstrap export policy (IPv4 only) */ ), "bootstrap" ( /* Bootstrap properties */ c( "family" ( /* Bootstrap address family */ c( "inet" ( /* IPv4 bootstrap properties */ pim_bootstrap_options_type /* IPv4 bootstrap properties */ ), "inet6" ( /* IPv6 bootstrap properties */ pim_bootstrap_options_type /* IPv6 bootstrap properties */ ) ) ) ) ), "register-limit" ( /* Set limit on incoming registers that create (S,G) state */ c( "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "group-rp-mapping" ( /* Group-rp-mapping */ c( "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "rp-register-policy" ( /* RP policy applied to incoming register messages */ policy_algebra /* RP policy applied to incoming register messages */ ), "dr-register-policy" ( /* DR policy applied to outgoing register messages */ policy_algebra /* DR policy applied to outgoing register messages */ ), "local" ( /* Router's local RP properties */ c( "address" ( /* Local RP address (IPv4 only) */ ipv4addr /* Local RP address (IPv4 only) */ ), ("disable"), "priority" arg /* Router's priority for becoming an RP (IPv4 only) */, "hold-time" arg /* How long neighbor considers this router to be up, in seconds (IPv4 only) */, "group-ranges" arg /* Group address range for which this router can be an RP (IPv4 only) */, "override" /* Static RP mapping will take precedence over dynamic */, "family" ( /* Local RP address family */ c( "inet" ( /* IPv4 local RP properties */ c( "address" ( /* Local RP address */ ipv4addr /* Local RP address */ ), ("disable"), "priority" arg /* Router's priority for becoming an RP */, "hold-time" arg /* How long neighbor considers this router to be up, in seconds */, "group-ranges" arg /* Group address range for which this router can be an RP */, "override" /* Static RP mapping will take precedence over dynamic */, "anycast-pim" ( /* Attributes for IPv4 anycast PIM */ c( "rp-set" ( /* Rendezvous points belonging to anycast RP set */ c( "address" arg ( /* IPv4 address of one or more remote anycast RPs */ c( "forward-msdp-sa" /* Forward SAs learned from MSDP to this RP */ ) ) ) ), "local-address" ( /* Local address for replicating register messages to other RPs */ ipaddr /* Local address for replicating register messages to other RPs */ ) ) ) ) ), "inet6" ( /* IPv6 local RP properties */ c( "address" ( /* Local RP address */ ipv6addr /* Local RP address */ ), ("disable"), "priority" arg /* Router's priority for becoming an RP */, "hold-time" arg /* How long neighbor considers this router to be up, in seconds */, "group-ranges" arg /* Group address range for which this router can be an RP */, "override" /* Static RP mapping will take precedence over dynamic */, "anycast-pim" ( /* Attributes for IPv6 anycast PIM */ c( "rp-set" ( /* Rendezvous points belonging to anycast RP set */ c( "address" arg /* IPv6 address of one or more remote anycast RPs */ ) ), "local-address" ( /* Local address for replicating register messages to other RPs */ ipv6addr /* Local address for replicating register messages to other RPs */ ) ) ) ) ) ) ) ) ), "embedded-rp" ( /* Set embedded-RP mode (IPv6 only) */ c( "group-ranges" ( /* Group address range of RP */ pim_rp_group_range_type /* Group address range of RP */ ), "maximum-rps" arg /* Maximum number of embedded RPs */ ) ), "auto-rp" ( /* Set auto-RP mode (IPv4 only) */ c( ("discovery" | "announce" | "mapping"), "mapping-agent-election" /* Consider higher-addressed mapping agents as authoritative */, "no-mapping-agent-election" /* Don't consider higher-addressed mapping agents as authoritative */ ) ), "static" ( /* Configure static PIM RPs */ c( "address" arg ( /* RP address */ c( "version" arg /* PIM version of RP */, "group-ranges" ( /* Group address range of RP */ pim_rp_group_range_type /* Group address range of RP */ ), "override" /* Static RP mapping will take precedence over dynamic */ ) ) ) ), "bidirectional" ( /* Configure PIM bidirectional-mode RPs */ c( "address" arg ( /* RP address */ c( "priority" arg /* Router's priority for becoming an RP */, "hold-time" arg /* How long neighbor considers this router to be up */, "group-ranges" ( /* Group address range of RP */ pim_rp_group_range_type /* Group address range of RP */ ) ) ) ) ), "register-probe-time" arg /* Register probe time */ ) ), "interface" ("$junos-interface-name" | arg) ( /* PIM interface options */ c( "family" ( /* Local address family */ c( "any" ( /* Default properties for all families */ c( "disable" /* Disable all families */ ) ), "inet" ( /* IPv4 specific properties */ c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), "mcae-mac-synchronize" /* Mclag mac synchronization */, ("disable") ) ), "inet6" ( /* IPv6 specific properties */ c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), ("disable") ) ) ) ), ("disable"), "bidirectional" ( /* PIM bidirectional mode properties */ c( "df-election" ( /* Bidir designated forwarder properties */ c( "robustness-count" arg /* Election robustness count */, "offer-period" arg /* Election offer message period */, "backoff-period" arg /* Election backoff period */ ) ) ) ), "mode" ( /* Mode of interface */ ("dense" | "sparse" | "sparse-dense" | "bidirectional-sparse" | "bidirectional-sparse-dense") ), "priority" arg /* Hello option DR priority */, "version" arg /* Force PIM version */, "hello-interval" arg /* Hello interval */, "neighbor-policy" ( /* PIM neighbor policy applied to incoming hello messages */ policy_algebra /* PIM neighbor policy applied to incoming hello messages */ ), "accept-remote-source" /* Accept traffic from remote source */, "dual-dr" ( /* Configure PIM Dual DR */ c( "enhanced" /* Enable enhanced PIM Dual DR */ ) ), "distributed-dr" /* PIM Distributed DR */, "reset-tracking-bit" /* Clear tracking-bit in PIM Hello LAN Prune Delay Option */, "propagation-delay" arg /* Propagation delay value */, "override-interval" arg /* Override interval value */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options (ipv4 only) */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ) ) ), "mdt" ( /* Configure multicast data tunnel parameters */ c( "threshold" ( /* Threshold for creation of multicast tunnels */ c( "group" arg ( /* IP prefix of multicast group */ c( "source" arg ( /* IP prefix of one or more multicast sources */ c( "rate" arg /* Data threshold to create new tunnel */ ) ) ) ) ) ), "data-mdt-reuse" /* Allow multiple customer streams to be transmitted over one data tunnel */, "tunnel-limit" arg /* Maximum multicast data tunnels */, "group-range" ( /* Group address range for multicast data tunnels */ ipprefix /* Group address range for multicast data tunnels */ ) ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Maximum time for graceful restart to finish (seconds) */, "no-bidirectional-mode" /* Disable PIM graceful restart for bidirectional mode */, "restart-complete-duration" arg /* Maximum time for graceful restart to complete (seconds) */ ) ), "join-load-balance" ( /* Configure PIM join load balancing */ c( "automatic" /* Enable automatic PIM join load balancing */ ) ), "standby-path-creation-delay" arg /* Amount of time to wait before creating standby path */, "idle-standby-path-switchover-delay" arg /* Amount of time to wait before switching over to idle standby path */, "dr-election-on-p2p" /* Enable DR election on Point-to-Point Interfaces */, "no-wildcard-register-stop" /* Disable sending of wildcard register stop message */, "nexthop-hold-time" arg /* Nexthop hold time in milliseconds */, "mpls-internet-multicast" /* Enable support for Internet Multicast over MPLS */, "join-make-before-break" ( /* Enable PIM Join Make-Before-Break during RPF neighbor change */ c( ("disable") ) ), "reset-tracking-bit" /* Clear tracking-bit in PIM Hello LAN Prune Delay Option */, "propagation-delay" arg /* Propagation delay value */, "override-interval" arg /* Override interval value */, "default-vpn-source" ( /* Let all VRFs use master loopback address for mt interfaces */ c( "interface-name" ( /* Master loopback interface name */ interface_unit /* Master loopback interface name */ ) ) ), "static" ( /* Static PIM Join */ c( "distributed" /* Distributed all PIM Joins */, "group" arg ( /* IP multicast group address */ c( "distributed" /* Distributed static group */, "source" arg ( /* IP multicast source address */ c( "distributed" /* Distributed static source */ ) ) ) ) ) ) ) end rule(:juniper_protocols_protection_group) do c( "ethernet-aps" ( /* Ethernet APS configuration */ juniper_protocols_protection_group_eaps /* Ethernet APS configuration */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ erp_trace_options /* Tracing options for debugging protocol operation */ ), "restore-interval" arg /* Wait to restore interval */, "guard-interval" arg /* Guard timer interval in 10ms steps */, "hold-interval" arg /* Hold off timer interval in 100ms steps */, "ethernet-ring" ( /* Ethernet ring */ juniper_protocols_protection_group_ethernet_ring /* Ethernet ring */ ) ) end rule(:erp_trace_options) do c( "flag" enum(("events" | "pdu" | "timers" | "state-machine" | "periodic-packet-management" | "config" | "normal" | "debug" | "all")) /* Tracing parameters */.as(:oneline), "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ) ) end rule(:juniper_protocols_protection_group_eaps) do c( juniper_protocols_protection_group_eaps_profile ) end rule(:juniper_protocols_protection_group_eaps_profile) do arg.as(:arg) ( c( "protocol" ( /* Protocol value */ ("ccm" | "G.8031") ), "revert-time" arg /* Reversion time in minutes, 0 would mean no reversion */, "hold-time" arg /* Hold time in seconds */, "local-request" ( /* Local APS request */ ("lockout") ) ) ) end rule(:juniper_protocols_protection_group_ethernet_ring) do arg.as(:arg) ( c( "node-id" ( /* Node ID of the protection group, by default bridge's MAC */ mac_unicast /* Node ID of the protection group, by default bridge's MAC */ ), "ring-protection-link-owner" /* Ring protection link owner flag, one ring should have only one node as a ring protection link owner */, "level" arg /* MPG Level value for R-APS PDU */, "restore-interval" arg /* Wait to restore interval */, "guard-interval" arg /* Guard timer interval in 10ms */, "hold-interval" arg /* Hold off timer interval in 100ms steps */, "non-revertive" /* Non-revertive mode of operation */, "wait-to-block-interval" arg /* Wait to block interval */, "major-ring-name" arg /* Name of major-ring to which this sub-ring node attached */, "propagate-tc" /* Enable Topology Change Propagation to major-ring from the sub-ring */, "compatibility-version" arg /* G.8032 compatibility version */, "ring-id" arg /* Ethernet Ring ID of protection group */, "non-vc-mode" /* Node is operating in non virtual channel mode */, "dot1p-priority" arg /* IEEE 802.1p priority of transmitted R-APS */, "east-interface" ( /* East interface configuration */ erp_interface /* East interface configuration */ ), "west-interface" ( /* West interface configuration */ erp_interface /* West interface configuration */ ), "control-vlan" arg /* Dedicated VLAN identifier - VLAN id or VLAN name */, "data-channel" ( /* Ring instance data channel */ erp_data_channel /* Ring instance data channel */ ) ) ) end rule(:erp_data_channel) do c( "vlan" arg /* VLAN ID or VLAN ID range [1..4094] */ ) end rule(:erp_interface) do c( "control-channel" ( /* Control channel of ring port */ c( "vlan" arg /* Dedicated VLAN identifier */, interface_name ) ), "ring-protection-link-end" /* Port is connecting to ring protection link */, "interface-none" /* Port is not used */ ) end rule(:juniper_protocols_rip) do c( "traceoptions" ( /* Trace options for RIP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("auth" | "error" | "expiration" | "holddown" | "packets" | "request" | "trigger" | "update" | "nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ rip_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "rib-group" ( /* Routing table group for importing RIP routes */ rib_group_inet_type /* Routing table group for importing RIP routes */ ), "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIP send options */ sc( c( "broadcast" /* Broadcast RIPv2 packets (RIPv1 compatible) */, "multicast" /* Multicast RIPv2 packets */, "none" /* Do not send RIP updates */, "version-1" /* Broadcast RIPv1 packets */ ) ) ).as(:oneline), "receive" ( /* Configure RIP receive options */ sc( c( "both" /* Accept both RIPv1 and RIPv2 packets */, "none" /* Do not receive RIP packets */, "version-1" /* Accept RIPv1 packets only */, "version-2" /* Accept only RIPv2 packets */ ) ) ).as(:oneline), "check-zero" /* Check reserved fields on incoming RIPv2 packets */, "no-check-zero" /* Don't check reserved fields on incoming RIPv2 packets */, "message-size" arg /* Number of route entries per update message */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "holddown" arg /* Hold-down time */, "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "group" arg ( /* Instance configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "preference" arg /* Preference of routes learned by this group */, "metric-out" arg /* Default metric of exported routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "demand-circuit" /* Enable demand circuit on this interface */, "max-retrans-time" arg /* Maximum time to re-transmit a message in demand-circuit */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), "neighbor" arg ( /* Neighbor configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "interface-type" ( /* Interface type for the neighbor */ ("p2mp") ), "dynamic-peers" /* Learn peers dynamically on a p2mp interface */, "peer" arg /* P2MP peer */.as(:oneline), "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIP send options */ sc( c( "broadcast" /* Broadcast RIPv2 packets (RIPv1 compatible) */, "multicast" /* Multicast RIPv2 packets */, "none" /* Do not send RIP updates */, "version-1" /* Broadcast RIPv1 packets */ ) ) ).as(:oneline), "receive" ( /* Configure RIP receive options */ sc( c( "both" /* Accept both RIPv1 and RIPv2 packets */, "none" /* Do not receive RIP packets */, "version-1" /* Accept RIPv1 packets only */, "version-2" /* Accept only RIPv2 packets */ ) ) ).as(:oneline), "demand-circuit" /* Enable demand circuit on this interface */, "max-retrans-time" arg /* Maximum time to re-transmit a msg in demand-circuit */, "check-zero" /* Check reserved fields on incoming RIPv1 packets */, "no-check-zero" /* Don't check reserved fields on incoming RIPv1 packets */, "any-sender" /* Disable strict checks on sender address */, "message-size" arg /* Number of route entries per update message */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ) ) ) ) ), "graceful-restart" ( /* RIP graceful restart options */ c( ("disable"), "restart-time" arg /* Time after which RIP is declared out of restart */ ) ) ) end rule(:juniper_protocols_ripng) do c( "traceoptions" ( /* Trace options for RIPng */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "expiration" | "holddown" | "packets" | "request" | "trigger" | "update" | "nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIPng send options */ sc( c( "none" /* Do not send RIPng updates */ ) ) ).as(:oneline), "receive" ( /* Configure RIPng receive options */ sc( c( "none" /* Do not receive RIPng packets */ ) ) ).as(:oneline), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "holddown" arg /* Hold-down time */, "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "group" arg ( /* Instance configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "preference" arg /* Preference of routes learned by this group */, "metric-out" arg /* Default metric of exported routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "neighbor" arg ( /* Neighbor configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIPng send options */ sc( c( "none" /* Do not send RIPng updates */ ) ) ).as(:oneline), "receive" ( /* Configure RIPng receive options */ sc( c( "none" /* Do not receive RIPng packets */ ) ) ).as(:oneline), "import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) ) ), "graceful-restart" ( /* RIPng graceful restart options */ c( ("disable"), "restart-time" arg /* Time after which RIPng is declared out of restart */ ) ) ) end rule(:juniper_protocols_router_discovery) do c( ("disable"), "traceoptions" ( /* Trace options for router discovery */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" arg ( /* Interfaces on which to configure router discovery */ c( "max-advertisement-interval" arg /* Maximum time before sending advertisements */, "min-advertisement-interval" arg /* Minimum time before sending advertisements */, "lifetime" arg /* How long addresses in advertisements are valid */ ) ), "address" arg ( /* IP addresses to include in advertisements */ c( "advertise" /* Advertise the IP address in advertisements */, "ignore" /* Do not advertise the IP address in advertisements */, "broadcast" /* Include IP address only in broadcast advertisements */, "multicast" /* Include IP address only in multicast advertisements */, "ineligible" /* IP address can never become a default router */, "priority" arg /* Preference of the address to become a default router */ ) ) ) end rule(:juniper_protocols_rsvp) do c( ("disable"), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "helper-disable" /* Disable graceful restart helper capability */, "maximum-helper-restart-time" arg /* Maximum wait time from down event to neighbor dead */, "maximum-helper-recovery-time" arg /* Maximum time restarting neighbor states are kept */ ) ), "tunnel-services" ( /* Use tunnel services for P2MP LSP ultimate-hop popping */ c( "devices" ( /* Tunnel services devices to use for P2MP LSPs */ interface_device /* Tunnel services devices to use for P2MP LSPs */ ) ) ), "no-p2mp-sublsp" /* Disable P2MP sub-LSP object generation */, "no-node-id-subobject" /* Do not include the node-id sub-object in the RRO */, "no-interface-hello" /* Disble interface Hellos on all RSVP interfaces */, "hello-acknowledgements" /* Acknowledge Hellos on RSVP interfaces not having sessions */, "no-hello-acknowledgements" /* Do not ack Hellos on RSVP interfaces not having sessions */, "node-hello" ( /* Enable node-ID based Hellos on all RSVP interfaces */ sc( "hello-interval" arg /* Hello interval */ ) ).as(:oneline), "no-node-hello" /* Disable node-ID based Hellos on the router */, "allow-bidirectional" /* Enable bidirectional support in RSVP */, "local-reversion" /* Enable local reversion at this Point of Local Repair */, "no-local-reversion" /* Disable local reversion at this Point of Local Repair */, "fast-reroute" ( /* One-to-one fast-reroute protection mechanism */ c( "optimize-timer" arg /* Frequency of reoptimization for fast-reroute detour */ ) ), "load-balance" ( /* Per-packet load-balancing algorithm */ c( "bandwidth" /* Per-packet load balancing proportional to LSP bandwidth */ ) ), "traceoptions" ( /* Trace options for RSVP */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("io-event" | "io-packets" | "packets" | "path" | "resv" | "pathtear" | "resvtear" | "state" | "error" | "route" | "lmp" | "event" | "nsr-synchronization" | "lsp-prefix" | "enhanced-frr" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "refresh-time" arg /* Refresh time in seconds */, "keep-multiplier" arg /* Keep multiplier */, "graceful-deletion-timeout" arg /* Time to complete graceful deletion signaling */, "setup-protection" /* Enable setup protection */, "cross-credibility-cspf" /* Compute CSPF paths spanning protocols for bypass LSP, detour LSP and loose hop expansion */, "preemption" ( /* Set RSVP session preemption attributes */ c( c( "disabled" /* No RSVP session preemption */, "normal" /* Run RSVP session preemption to accommodate new sessions */, "aggressive" /* Run RSVP session preemption whenever necessary */ ), "soft-preemption" ( /* Options for establishing new path before tearing down a preempted LSP */ c( "cleanup-timer" arg /* Time a soft-preempted LSP will be maintained */ ) ) ) ), "authentication-key" ( /* Authentication password */ unreadable /* Authentication password */ ), "associated-bidirectional-lsp" ( /* Set associated bidirectional LSP attributes */ c( "single-sided-provisioning" /* Enable unidirectional reverse LSP setup for single sided provisioned forward LSP */ ) ), "no-enhanced-frr-bypass" /* Disable enhanced facility backup FRR */, "interface" arg ( /* RSVP interface options */ c( ("disable"), "authentication-key" ( /* Authentication password */ unreadable /* Authentication password */ ), "aggregate" /* Permit refresh reduction extensions on the interface */, "no-aggregate" /* Don't permit refresh reduction extensions on the interface */, "reliable" /* Permit reliable message delivery on the interface */, "no-reliable" /* Don't permit reliable message delivery on the interface */, "hello-interval" arg /* Hello interval */, "subscription" ( /* Link bandwidth percentage for RSVP reservation */ subscription_type /* Link bandwidth percentage for RSVP reservation */ ), "bandwidth" arg /* Available bandwidth for the interface units bps */, "update-threshold" arg /* Percentage change in reserved bandwidth to trigger IGP update */, "link-protection" ( /* Protect traffic with a label-stacked LSP */ c( ("disable"), "bandwidth" ( /* Bandwidth for each bypass */ bandwidth_type /* Bandwidth for each bypass */ ), "max-bypasses" arg /* Max number of bypasses permitted for protecting this interface */, "subscription" arg /* Percent of bandwidth guaranteed when admitting protected LSPs into bypasses */, "no-node-protection" /* Disallow node protection on this interface */, "optimize-timer" arg /* Interval between bypass reoptimizations */, "class-of-service" arg /* Class of service for the bypass LSP */, "hop-limit" arg /* Maximum allowed router hops for bypass */, "no-cspf" /* Disable automatic path computation */, "exclude-srlg" /* Exclude SRLG links */, "priority" ( /* Preemption priorities for the bypass LSP */ c( arg, arg ) ), "path" arg ( /* Explicit route of bypass path */ sc( c( "loose" /* Next hop might not be adjacent */, "strict" /* Next hop must be adjacent */ ) ) ).as(:oneline), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "bypass" arg ( /* Bypass with specific constraints */ c( "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "bandwidth" ( /* Bandwidth for each bypass */ bandwidth_type /* Bandwidth for each bypass */ ), "description" arg /* Text description of bypass */, "priority" ( /* Preemption priorities for bypass */ c( arg, arg ) ), "class-of-service" arg /* Class of service for the bypass LSP */, "hop-limit" arg /* Maximum allowed router hops for bypass */, "no-cspf" /* Disable automatic path computation */, "exclude-srlg" /* Exclude SRLG links */, "path" arg ( /* Explicit route of bypass path */ sc( c( "loose" /* Next hop might not be adjacent */, "strict" /* Next hop must be adjacent */ ) ) ).as(:oneline), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ) ) ) ) ) ) ), "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "authentication-key" ( /* Authentication password */ unreadable /* Authentication password */ ), "aggregate" /* Permit refresh reduction extensions on the interface */, "no-aggregate" /* Don't permit refresh reduction extensions on the interface */, "reliable" /* Permit reliable message delivery on the interface */, "no-reliable" /* Don't permit reliable message delivery on the interface */, "hello-interval" arg /* Hello interval */, "dynamic-bidirectional-transport" ( /* Enable dynamic setup of bidirectional packet LSP for transporting non-packet GMPLS LSP */ c( "template" arg /* Template for the dynamic bidirectional packet LSP */ ) ) ) ), "lsp-set" arg ( /* Configuration for lsp set */ c( ("disable"), "match-criteria" ( /* Match criteria for this lsp set */ lsp_set_match_type /* Match criteria for this lsp set */ ), "traceoptions" ( /* Trace options for this lsp set */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("io-event" | "io-packets" | "packets" | "path" | "resv" | "pathtear" | "resvtear" | "state" | "error" | "route" | "lmp" | "event" | "nsr-synchronization" | "lsp-prefix" | "enhanced-frr" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ) ) end rule(:juniper_protocols_stp) do c( ("disable"), "bpdu-destination-mac-address" ( /* Destination MAC address in the spanning tree BPDUs */ ("provider-bridge-group") ), "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "vpls-flush-on-topology-change" /* Enable VPLS MAC flush on root protected CE interface receving topology change */, "priority-hold-time" arg /* Hold time before switching to primary priority when core domain becomes up */, "system-id" ( /* System ID to IP mapping */ system_id_ip_map /* System ID to IP mapping */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ), "extended-system-id" arg /* Extended system identifier */, "force-version" ( /* Force protocol version */ ("stp") ), "bpdu-block-on-edge" /* Block BPDU on all interfaces configured as edge (BPDU Protect) */ ) end rule(:juniper_protocols_vni_options) do c( "vni" arg ( /* Per-vni options */ c( "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community */ ) ) ) ) ) end rule(:juniper_protocols_vstp) do c( ("disable"), "force-version" ( /* Force protocol version */ ("stp") ), "bpdu-block-on-edge" /* Block BPDU on all interfaces configured as edge (BPDU Protect) */, "vpls-flush-on-topology-change" /* Enable VPLS MAC flush on root protected CE interface receving topology change */, "priority-hold-time" arg /* Hold time before switching to primary priority when core domain becomes up */, "system-id" ( /* System ID to IP mapping */ system_id_ip_map /* System ID to IP mapping */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ), "vlan" (arg | "all") ( /* VLAN spanning tree options */ c( "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ) ) ), "vlan-group" ( /* Spanning tree options for group of VLANs */ c( "group" arg ( /* Name if VLAN group */ c( "vlan" arg /* VLAN ID or VLAN ID range [1..4094] */, "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ) ) ) ) ) ) end rule(:juniper_radius) do c( "traceoptions" ( /* Trace options related to RADIUS servers */ radius_traceoptions /* Trace options related to RADIUS servers */ ), "servers" ( /* RADIUS server configuration */ juniper_radius_server /* RADIUS server configuration */ ), "clients" ( /* RADIUS client configuration */ juniper_radius_client /* RADIUS client configuration */ ), "network-elements" ( /* Network element configuration */ juniper_radius_network_element /* Network element configuration */ ), "network-element-groups" ( /* Network element group configuration */ juniper_radius_network_element_group /* Network element group configuration */ ), "snoop-segments" ( /* Radius snooping segments */ juniper_radius_snoop_segment /* Radius snooping segments */ ) ) end rule(:juniper_radius_client) do arg.as(:arg) ( c( "address" ( /* RADIUS client ipv4address/prefix */ ipv4prefix /* RADIUS client ipv4address/prefix */ ), "source-interface" ( /* Source interface in which RADIUS packets will be rcvd */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "prefer-framed-ip-address" /* Prefer framed-ip-address/framed-netmask attributes over framed-route attribute */, "prefer-framed-ipv6-prefix" /* Prefer framed-ipv6-prefix attrbiute over delegated-ipv6-prefix attribute */, "accounting" ( /* Accounting parameters */ c( "secret" arg /* Shared secret with RADIUS client for accounting */, "response-cache-timeout" arg /* Accounting response Cache timeout period */, "port" arg /* Radius clients accounting server port number */ ) ) ) ) end rule(:juniper_radius_network_element) do arg.as(:arg) ( c( "server" arg ( /* RADIUS server and its priority */ sc( "priority" arg /* Server priority */ ) ).as(:oneline), "maximum-pending-reqs-limit" arg /* Maximum number of pending requests queued to the network-element */, "pending-queue-watermark" arg /* Watermark in percentage at which flow-control for pending queue of this network-element is turned on */, "pending-queue-watermark-abate" arg /* Watermark in percentage at which flow-control for pending queue of this network-element is turned off */ ) ) end rule(:juniper_radius_network_element_group) do arg.as(:arg) ( c( "network-element" arg ( /* Specify the network-elements in this group */ sc( "mandatory" /* This network-element must respond to the request */ ) ).as(:oneline), "broadcast" /* Send the request to all network-elements in the group */ ) ) end rule(:juniper_radius_server) do arg.as(:arg) ( c( "address" ( /* RADIUS server address */ ipv4addr /* RADIUS server address */ ), "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* RADIUS server accounting port number */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" arg /* Shared secret with RADIUS server */, "accounting-secret" arg /* Shared secret with RADIUS server for accounting */, "allow-dynamic-requests" /* Allows dynamic-requests to be received from the radius server */, "dynamic-request-secret" arg /* Shared secret with RADIUS client for dynamic-requests */, "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "dead-criteria" ( /* Dead server detection criteria */ sc( "retries" arg /* Number of retransmits before marking the server dead */, "interval" arg /* Interval during which the number of retries are tracked */, "revert-interval" arg /* Rervert-interval period */ ) ).as(:oneline), "source-interface" ( /* Source interface from which RADIUS packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline) ) ) end rule(:juniper_radius_snoop_segment) do arg.as(:arg) ( c( "destination-ip-address" ( /* Destination address of snoop segment */ ipv4addr /* Destination address of snoop segment */ ), "source-ip-address" ( /* Source address of snoop segment */ ipv4addr /* Source address of snoop segment */ ), "destination-port" arg /* Destination port of snoop segment */, "shared-secret" arg /* Shared secret between source and destination of snoop segment */, "source-interface" ( /* Source interface on which packets have to be snooped */ sc( interface_name /* Interface name */ ) ).as(:oneline), "request-cache-timeout" arg /* Time duration to cache request */ ) ) end rule(:juniper_routing_instance) do arg.as(:arg) ( c( "description" arg /* Text description of routing instance */, "vlan-model" ( /* Subscriber vlan-model in L2Wholesale framework */ ("one-to-one") ), "vtep-source-interface" ( /* Source layer-3 IFL for VXLAN */ sc( interface_unit, c( "inet" /* IPv4 source */, "inet6" /* IPv6 source */ ) ) ).as(:oneline), "vtep-remote-interface" ( /* Remote VTEP interface */ c( "remote-ip" arg ( /* Remote VTEP IP address */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ), "default" ( /* To all remote vtep interface */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ) ) ), "remote-vtep-list" ( /* Configure static remote VXLAN tunnel endpoints */ ipaddr /* Configure static remote VXLAN tunnel endpoints */ ), "remote-vtep-v6-list" ( /* Configurate static ipv6 remote VXLAN tunnel endpoints */ ipv6addr /* Configurate static ipv6 remote VXLAN tunnel endpoints */ ), "instance-role" ( /* Primary role of L2Backhaul-vpn router */ ("access" | "nni") ), "instance-type" ( /* Type of routing instance */ ("forwarding" | "vrf" | "no-forwarding" | "l2vpn" | "vpls" | "virtual-switch" | "l2backhaul-vpn" | "virtual-router" | "layer2-control" | "mpls-internet-multicast" | "evpn" | "mpls-forwarding" | "evpn-vpws") ), c( "no-vrf-propagate-ttl" /* Disable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop) */, "vrf-propagate-ttl" /* Enable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop) */ ), "egress-protection" ( /* Egress instance protection */ c( "protector" /* Enable Edge Protector functionality for this VPN */, "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ) ) ), c( "vlan-id" ( /* IEEE 802.1q VLAN identifier for bridging domain */ ("all" | "none" | arg) ), "vlan-tags" ( /* IEEE 802.1q VLAN tags for bridging domain */ sc( "outer" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */, "inner" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ) ).as(:oneline) ), "system" ( /* System parameters */ c( "services" ( /* System services */ c( "dhcp-local-server" ( /* Dynamic Host Configuration Protocol server configuration */ jdhcp_local_server_type /* Dynamic Host Configuration Protocol server configuration */ ), "dhcp-proxy-client" ( /* Dynamic Host Configuration Protocol Proxy client configuration */ jdhcp_proxy_client_type /* Dynamic Host Configuration Protocol Proxy client configuration */ ), "static-subscribers" ( /* Static Subscriber Client configuration */ jsscd_static_subscribers_type /* Static Subscriber Client configuration */ ) ) ) ) ), "access" ( /* Network access configuration */ c( "address-assignment" ( /* Address assignment configuration */ address_assignment_type /* Address assignment configuration */ ), "address-protection" /* Initiate Duplicate Address Protection */ ) ), "access-profile" ( /* Access profile for this instance */ sc( arg /* Profile name */ ) ).as(:oneline), "interface" ("$junos-interface-name" | arg) ( /* Interface name for this routing instance */ c( c( "any" /* Interface used for both unicast and multicast traffic */, "unicast" /* Interface used for unicast traffic only */, "multicast" /* Interface used for multicast traffic only */ ), "primary" /* Preferred multicast vt interface for the routing-instance */ ) ), "routing-interface" ( /* Routing interface name for this routing-instance */ interface_unit /* Routing interface name for this routing-instance */ ), "vxlan" ( c( "ovsdb-managed" /* Managed remotely via VXLAN OVSDB Controller */, "vni" arg /* VXLAN identifier */, "multicast-group" ( /* Multicast group registered for VXLAN segment */ ipv4addr /* Multicast group registered for VXLAN segment */ ), "multicast-v6-group" ( /* Multicast IPv6 group registered for VXLAN segment */ ipv6addr /* Multicast IPv6 group registered for VXLAN segment */ ), "encapsulate-inner-vlan" /* Retain inner VLAN in the packet */, "decapsulate-accept-inner-vlan" /* Accept VXLAN packets with inner VLAN */, "unreachable-vtep-aging-timer" arg /* Unreachable VXLAN tunnel endpoint removal timer */, "ingress-node-replication" /* Enable ingress node replication */ ) ), "l3-interface" ( /* L3 interface name for this routing-instance */ interface_unit /* L3 interface name for this routing-instance */ ), "no-local-switching" /* Disable local switching within CE-facing interfaces */, "qualified-bum-pruning-mode" /* Enable BUM pruning for VPLS instance */, "no-irb-layer-2-copy" /* Disable transmission of layer-2 copy of packets of irb routing-interface */, "route-distinguisher" ( /* Route distinguisher for this instance */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline), "l2vpn-id" ( /* Layer-2 vpn-id for this instance */ c( arg /* L2VPN ID community for FEC129 VPLS/VPWS with BGP auto-discovery */ ) ), "provider-tunnel" ( /* Provider tunnel configuration */ c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress Replication Tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "pim-asm" ( /* PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address */ ipv4addr /* PIM-SM provider tunnel group address */ ), "family" ( /* PIM-SM provider tunnel address family */ c( "inet" ( /* IPv4 PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address for IPV4 */ ipv4addr /* PIM-SM provider tunnel group address for IPV4 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ), "inet6" ( /* IPv6 PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address for IPV6 */ ipv4addr /* PIM-SM provider tunnel group address for IPV6 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ) ) ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address */ ipv4addr /* PIM-SSM provider tunnel group address */ ), "family" ( /* PIM-SSM provider tunnel address family */ c( "inet" ( /* IPv4 PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address for IPV4 */ ipv4addr /* PIM-SSM provider tunnel group address for IPV4 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ), "inet6" ( /* IPv6 PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address for IPV6 */ ipv4addr /* PIM-SSM provider tunnel group address for IPV6 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ) ) ) ) ) ), "inter-region" ( /* Inter-region segmented tunnels */ c( c( "template" arg /* Use inter-region segmentation template */, "no-inter-region-segmentation" /* Do not participate in inter-region segmentation */ ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by fan-out factor only */ c( "fan-out" arg /* Number of remote Leaf-AD routes */ ) ), "selective" ( /* Selective tunnels */ c( "tunnel-limit" arg /* Maximum number of selective tunnels */, "leaf-tunnel-limit-inet" arg /* Maximum number of selective leaf tunnels for v4 */, "leaf-tunnel-limit-inet6" arg /* Maximum number of selective leaf tunnels for v6 */, "wildcard-group-inet" ( /* IPv4 wilcard group matching any group address */ c( "wildcard-source" ( /* Use Selective-Tunnel for wildcard-source (*,G) joins */ c( "threshold-rate" arg /* Data threshold to create new tunnel */, c( "ingress-replication" ( /* Ingress Replication Tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by fan-out factor only */ c( "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ) ) ), "wildcard-group-inet6" ( /* IPv6 wilcard group matching any group address */ c( "wildcard-source" ( /* Use Selective-Tunnel for wildcard-source (*,G) joins */ c( "threshold-rate" arg /* Data threshold to create new tunnel */, c( "ingress-replication" ( /* Ingress Replication Tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by fan-out factor only */ c( "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ) ) ), "group" arg ( /* IP prefix of multicast group */ c( "wildcard-source" ( /* Use Selective-Tunnel for wildcard-source (*,G) joins */ c( "threshold-rate" arg /* Data threshold to create new tunnel */, c( "ingress-replication" ( /* Ingress Replication Tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by threshold rate and/or fan-out */ c( "threshold" arg /* Data threshold rate to trigger segmentation */, "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ), "source" arg ( /* IP prefix of one or more multicast sources */ c( c( "ingress-replication" ( /* Ingress Replication Tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */ ), "threshold-rate" arg /* Data threshold to create new tunnel */, "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by threshold rate and/or fan-out */ c( "threshold" arg /* Data threshold rate to trigger segmentation */, "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ) ) ) ) ), "mdt" ( /* Data MDT tunnels for PIM MVPN */ c( "threshold" ( /* Threshold for creation of multicast tunnels */ c( "group" arg ( /* IP prefix of multicast group */ c( "source" arg ( /* IP prefix of one or more multicast sources */ c( "rate" arg /* Data threshold to create new tunnel */ ) ) ) ) ) ), "data-mdt-reuse" /* Allow multiple customer streams to be transmitted over one data tunnel */, "tunnel-limit" arg /* Maximum multicast data tunnels */, "group-range" ( /* Group address range for multicast data tunnels */ ipprefix /* Group address range for multicast data tunnels */ ) ) ), "family" ( c( "inet" ( c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress Replication Tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "pim-asm" ( /* PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address */ ipv4addr /* PIM-SM provider tunnel group address */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address */ ipv4addr /* PIM-SSM provider tunnel group address */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ) ) ) ), "inet6" ( c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress Replication Tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "pim-asm" ( /* PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address */ ipv4addr /* PIM-SM provider tunnel group address */ ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address */ ipv4addr /* PIM-SSM provider tunnel group address */ ) ) ) ) ) ) ) ) ) ), "vrf-import" ( /* Import policy for VRF instance RIBs */ policy_algebra /* Import policy for VRF instance RIBs */ ), "vrf-export" ( /* Export policy for VRF instance RIBs */ policy_algebra /* Export policy for VRF instance RIBs */ ), "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community to use in import and export */, "import" arg /* Target community to use when filtering on import */, "export" arg /* Target community to use when marking routes on export */, "auto" /* Auto derive import and export target community from BGP AS & L2 */ ) ), "no-vrf-advertise" /* Don't advertise this instance to remote PEs */, "connector-id-advertise" /* Advertise connector-id attribute */, "vrf-advertise-selective" ( /* Override no-vrf-advertise knob for the specified address family */ c( "family" ( /* Protocol family to be selectively advertised */ c( "inet-mvpn" /* IPv4 MVPN Address Family */, "inet6-mvpn" /* IPv6 MVPN Address Family */ ) ) ) ), "vrf-table-label" ( /* Advertise a single VPN label for all routes in the VRF */ sc( "static" arg /* Specify label value to be used */, "source-class-usage" /* Enable source class usage */ ) ).as(:oneline), "routing-options" ( /* Protocol-independent routing option configuration */ juniper_routing_options /* Protocol-independent routing option configuration */ ), "forwarding-options" ( /* Forwarding options configuration */ juniper_forwarding_options /* Forwarding options configuration */ ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "igmp-snooping-options" ( /* IGMP snooping option configuration */ juniper_igmp_snooping_options /* IGMP snooping option configuration */ ), "mld-snooping-options" ( /* MLD snooping option configuration */ juniper_mld_snooping_options /* MLD snooping option configuration */ ), "protocols" ( /* Routing protocol configuration */ c( "bgp" ( /* BGP options */ juniper_protocols_bgp /* BGP options */ ), "mpls" ( /* MPLS configuration */ juniper_protocols_mpls /* MPLS configuration */ ), "rsvp" ( /* RSVP configuration */ juniper_protocols_rsvp /* RSVP configuration */ ), "ospf" ( /* OSPF configuration */ juniper_protocols_ospf /* OSPF configuration */ ), "ospf3" ( /* OSPF3 configuration */ c( "realm" ("ipv6-unicast" | "ipv6-multicast" | "ipv4-unicast" | "ipv4-multicast") ( /* OSPFv3 realm configuration */ c( ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-group" arg /* Routing table group for importing OSPF routes */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ) ) ), "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "te-metric" arg /* Traffic engineering metric */, "priority" arg /* Designated router priority */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ) ) ) ) ), ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-group" arg /* Routing table group for importing OSPF routes */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ) ) ), "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "te-metric" arg /* Traffic engineering metric */, "priority" arg /* Designated router priority */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ) ) ) ) ), "rip" ( /* RIP options */ juniper_protocols_rip /* RIP options */ ), "ripng" ( /* RIPng options */ juniper_protocols_ripng /* RIPng options */ ), "isis" ( /* IS-IS configuration */ juniper_protocols_isis /* IS-IS configuration */ ), "esis" ( /* ES-IS configuration */ juniper_protocols_esis /* ES-IS configuration */ ), c( "l2vpn" ( /* Layer 2 VPN configuration */ juniper_protocols_l2vpn /* Layer 2 VPN configuration */ ), "vpls" ( /* VPLS configuration */ juniper_protocols_l2vpn /* VPLS configuration */ ), "evpn" ( /* EVPN configuration */ juniper_protocols_l2vpn /* EVPN configuration */ ) ), "pim" ( /* PIM configuration */ juniper_protocols_pim /* PIM configuration */ ), "amt" ( /* AMT relay configuration */ juniper_protocols_amt /* AMT relay configuration */ ), "ldp" ( /* LDP configuration */ juniper_protocols_ldp /* LDP configuration */ ), "router-discovery" ( /* ICMP router discovery options */ juniper_protocols_router_discovery /* ICMP router discovery options */ ), "msdp" ( /* MSDP configuration */ juniper_protocols_msdp /* MSDP configuration */ ), "mvpn" ( /* BGP-MVPN configuration */ juniper_protocols_mvpn /* BGP-MVPN configuration */ ), "igmp-snooping" ( /* IGMP snooping configuration */ juniper_ri_protocols_igmp_snooping /* IGMP snooping configuration */ ), "mld-snooping" ( /* MLD snooping configuration */ juniper_ri_protocols_mld_snooping /* MLD snooping configuration */ ), "pim-snooping" ( /* PIM snooping configuration */ juniper_protocols_pim_snooping /* PIM snooping configuration */ ), "rstp" ( /* RSTP configuration */ juniper_protocols_stp /* RSTP configuration */ ), "mstp" ( /* MSTP configuration */ juniper_protocols_mstp /* MSTP configuration */ ), "vstp" ( /* VSTP configuration */ juniper_protocols_vstp /* VSTP configuration */ ), "mvrp" ( /* MVRP configuration */ juniper_protocols_mvrp /* MVRP configuration */ ) ) ), "bridge-domains" ( /* Bridge domain configuration */ c( juniper_bridge_domains ) ), "switch-options" ( /* L2 options for routing-instance of type virtual-switch */ juniper_routing_instance_switch_options /* L2 options for routing-instance of type virtual-switch */ ), "pbb-options" ( /* Provider backbone bridging options for routing-instance */ juniper_routing_instance_pbb_options /* Provider backbone bridging options for routing-instance */ ), "service-groups" ( /* Service group configuration for routing-instance */ juniper_routing_instance_service_groups /* Service group configuration for routing-instance */ ), "layer3-domain-identifier" arg /* Layer3 domain identifier */, "l2-domain-id-for-l3" arg /* Layer2 domain identifier for L3 */, "vlans" ( /* VLAN configuration */ c( vlan_types /* Virtual LAN */ ) ) ) ) end rule(:juniper_igmp_snooping_options) do c( "use-p2mp-lsp" /* P2MP will be used to forward traffic instead of PW */, "snoop-pseudowires" /* VPLS PE would send traffic selectively to PE's having interest */ ) end rule(:juniper_mld_snooping_options) do c( "use-p2mp-lsp" /* P2MP will be used to forward traffic instead of PW */, "snoop-pseudowires" /* VPLS PE would send traffic selectively to PE's having interest */ ) end rule(:juniper_protocols_l2vpn) do c( "traceoptions" ( /* Trace options for Layer 2 VPNs */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "topology" | "nlri" | "connections" | "automatic-site" | "oam" | "mac-database" | "nsr" | "egress-protection" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), c( "control-word" /* Add control word to the Layer 2 encapsulation */, "no-control-word" /* Disables control word on the Layer 2 encapsulation */ ), "site-range" arg /* Maximum site identifier in this VPLS domain */, "bum-hashing" /* Enable BUM hashing feature in the instance */, "enable-mac-move-action" /* Enable VPLS loop prevention feature in the instance */, "mac-pinning" /* Enable MAC pinning */, "label-block-size" ( /* Label block size for this VPLS instance */ ("2" | "4" | "8" | "16") ), "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "vpws-service-id" ( /* Service-id for EVPN VPWS routing instance */ c( "local" arg /* Local EVPN VPWS service id */, "remote" arg /* Remote EVPN VPWS service id */ ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "remote-site-id" arg /* Site identifier associated with this interface */, "target-attachment-identifier" arg /* FEC 129 VPWS target attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to push Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this interface */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "description" arg /* Text description */ ) ), c( "tunnel-services" ( /* Use tunnel services for this VPLS instance */ c( "devices" ( /* Tunnel services devices to use for this VPLS instance */ interface_device /* Tunnel services devices to use for this VPLS instance */ ), "primary" ( /* Primary tunnel services device to use for VPLS instance */ interface_device /* Primary tunnel services device to use for VPLS instance */ ) ) ), "no-tunnel-services" /* Do not use tunnel services for this VPLS instance */ ), "site" arg ( /* Sites connected to this provider equipment */ c( c( "site-identifier" arg /* Layer 2 VPN or VPLS site identifier (unique in the VPN) */, "automatic-site-id" ( /* Enable automatic assignment of site identifier */ c( "startup-wait-time" arg /* Time to wait at startup before claming a site identifier (seconds) */, "new-site-wait-time" arg /* Time to wait before claiming a site identifier */, "collision-detect-time" arg /* Time to wait for detecting a collision */, "reclaim-wait-time" ( /* Time to wait for reclaiming a site identifier */ sc( "minimum" arg /* Minimum wait time */, "maximum" arg /* Maximum wait time */ ) ).as(:oneline) ) ) ), "source-attachment-identifier" arg /* FEC 129 VPWS source attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to push Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this site */, "multi-homing" ( /* Enable multi-homing functionality for this site */ c( "hold-time" arg /* Enable multi-homing non-designated forwarder hold time (seconds) */ ) ), "mac-pinning" /* Enable MAC pinning */, "site-preference" ( /* Layer 2 VPN or VPLS site preference */ ("primary" | "backup" | arg) ), "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, "mesh-group" arg /* Mesh-groups that are part of this site */, "active-interface" ( /* Configure interface to designate as active */ sc( c( "any" /* One configured interface is designated active at random */, "primary" ( /* Interface to designate as active if it is operational */ interface_name /* Interface to designate as active if it is operational */ ) ) ) ).as(:oneline), "best-site" /* Activates best-site functionality for this instance */, "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "vpws-service-id" ( /* Service-id for EVPN VPWS routing instance */ c( "local" arg /* Local EVPN VPWS service id */, "remote" arg /* Remote EVPN VPWS service id */ ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "remote-site-id" arg /* Site identifier associated with this interface */, "target-attachment-identifier" arg /* FEC 129 VPWS target attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to push Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this interface */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "description" arg /* Text description */ ) ) ) ), "community" arg /* Community associated with this VPLS instance */, "vpls-id" arg /* Identifier for this VPLS instance */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, "mac-flush" ( /* Enables mac-flush processing */ c( "any-interface" /* Send mac-flush when any AC interface goes down */, "any-spoke" /* Send mac-flush when any spoke pseudo wire goes down */, "propagate" /* Propagate mac-flush to the core */ ) ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "pseudowire-status-tlv" /* Send pseudowire status TLV */, "neighbor" arg ( /* Neighbor for this VPLS instance */ c( "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */ ) ), "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "community" arg /* Community associated with this neighbor */, "mac-pinning" /* Enable MAC pinning */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("ethernet-vlan" | "ethernet") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "pseudowire-status-tlv" ( /* Send pseudowire status TLV */ c( "hot-standby-vc-on" /* Activate pseudowire upon arrival of 'hot-standby' status TLV message */ ) ), "switchover-delay" arg /* Pseudowire switchover delay */, "revert-time" ( /* Enable pseudowire redundancy reversion (seconds) */ sc( arg, "maximum" arg /* Maximum reversion interval to add over revert-time delay */ ) ).as(:oneline), "connection-protection" /* End-2-end protection via OAM failure detection */, "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */ ) ), "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "standby" /* Keep backup pseudowire in continuous standby */, "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */ ) ), "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ) ) ), "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to pop Flow Label in receive direction to remote PE */, "flow-label-transmit-static" /* Push Flow Label on PW packets sent to remote PE */, "flow-label-receive-static" /* Pop Flow Label from PW packets received from remote PE */, "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), "mesh-group" arg ( /* Mesh-group under this VPLS instance */ c( "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), c( "peer-as" ( /* Autonomous system of the peer */ c( "all" /* Include peers from all autonomous systems */ ) ) ), "vpls-id" arg /* LDP VPLS Identifier for this mesh-group */, "vrf-import" ( /* Import policy for VPLS instance mesh-group */ policy_algebra /* Import policy for VPLS instance mesh-group */ ), "vrf-export" ( /* Export policy for VPLS instance mesh-group */ policy_algebra /* Export policy for VPLS instance mesh-group */ ), "vrf-target" ( /* VPLS mesh-group target community configuration */ c( arg /* Target community to use in import and export */, "import" arg /* Target community to use when filtering on import */, "export" arg /* Target community to use when marking routes on export */ ) ), "mac-flush" ( /* Enables mac-flush processing */ c( "any-interface" /* Send mac-flush when any AC interface goes down */, "any-spoke" /* Send mac-flush when any spoke pseudo wire goes down */, "propagate" /* Propagate mac-flush to the core */ ) ), "local-switching" /* Allow local-switching within interfaces in this mesh-group */, "neighbor" arg ( /* Neighbor belonging to this mesh-group */ c( "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */ ) ), "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "community" arg /* Community associated with this neighbor */, "mac-pinning" /* Enable MAC pinning */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("ethernet-vlan" | "ethernet") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "pseudowire-status-tlv" ( /* Send pseudowire status TLV */ c( "hot-standby-vc-on" /* Activate pseudowire upon arrival of 'hot-standby' status TLV message */ ) ), "switchover-delay" arg /* Pseudowire switchover delay */, "revert-time" ( /* Enable pseudowire redundancy reversion (seconds) */ sc( arg, "maximum" arg /* Maximum reversion interval to add over revert-time delay */ ) ).as(:oneline), "connection-protection" /* End-2-end protection via OAM failure detection */, "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */ ) ), "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "standby" /* Keep backup pseudowire in continuous standby */, "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */ ) ), "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "vpls-id-list" arg /* LDP VPLS Identifier list for this neighbor */ ) ), "interface" arg /* Interfaces belonging to this flood group */, "route-distinguisher" ( /* Route distinguisher for this mesh-group */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline) ) ), "connectivity-type" ( /* Specify type of interface sufficient to bring vpls connection up */ ("ce" | "irb" | "permanent") ), "import-labeled-routes" arg /* Import ingress label route to instance.mpls.0 from mpls.0 */.as(:oneline), "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ), "control-channel" ( /* Supported control channel type */ c( c( "pwe3-control-word" /* For BGP based PW send oam packets with control word, with 0001b as first nibble */, "router-alert-label" /* For BGP based PW send oam packets with router alert label */, "pw-label-ttl-1" /* For BGP based PW send oam packets with MPLS pw label TTL = 1 */ ) ) ) ) ), "multi-homing" ( /* Multi-homing configuration for FEC129 VPLS */ c( "peer-active" /* Keep CE interfaces in up state when all BGP peers go down */, "site" arg ( /* Sites connected to this provider equipment */ c( "identifier" arg /* Layer 2 VPN or VPLS multi-homing identifier */, "preference" ( /* Layer 2 VPN or VPLS multi-homing preference */ ("primary" | "backup" | arg) ), "active-interface" ( /* Configure interface to designate as active */ c( c( "any" /* One configured interface is designated active at random */, "primary" ( /* Interface to designate as active if it is operational */ interface_name /* Interface to designate as active if it is operational */ ) ) ) ), "interface" arg ( /* Interface that connects this site to the VPN */ c( "preference" arg /* Layer 2 VPN or VPLS multi-homing preference for the interface */ ) ), "peer-active" /* Keep CE interfaces in up state when all BGP peers go down */ ) ) ) ), "evi-options" ( /* EVI options */ juniper_protocols_evi_options /* EVI options */ ), "pbb-evpn-core" /* Configure PBB EVPN core */, "label-allocation" ( /* Label allocation policy */ ("per-instance") ), "service-type" ( /* Service interface type */ ("vlan-based" | "vlan-bundle") ), "designated-forwarder-election-hold-time" arg /* Time to wait before electing a DF(seconds) */, "evpn-etree" /* Evpn etree mode */, "igmp-id" arg /* EVPN IGMP Identifier value */, "encapsulation" ( /* Encapsulation type for EVPN */ ("vxlan") ), c( "extended-vlan-list" arg /* List of VLAN identifiers that are to be EVPN extended */, "extended-vni-list" arg /* List of VNI identifiers (1..16777214) or all, that are to be EVPN extended */, "extended-isid-list" arg /* Configure list of isids or all for extending to PBB EVPN */ ), "vni-options" ( /* VNI options */ c( "vni" arg ( /* Per-vni options */ c( "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community */ ) ) ) ) ) ), "ip-prefix-routes" ( /* Advertise IP prefixes through EVPN */ c( "advertise" ( /* Advertisement attributes for IP prefixes */ ("gateway-address" | "direct-nexthop") ), "gateway-interface" ( /* Gateway interface used when gateway address is advertised */ interface_unit /* Gateway interface used when gateway address is advertised */ ), "encapsulation" ( /* Encapsulation used for IP prefixes */ ("mpls" | "vxlan") ), "vni" arg /* VXLAN network identifier used for IP prefixes */, "import" ( /* Policy to control import of IP prefixes from EVPN */ policy_algebra /* Policy to control import of IP prefixes from EVPN */ ), "export" ( /* Policy to control export of IP prefixes through EVPN */ policy_algebra /* Policy to control export of IP prefixes through EVPN */ ) ) ), "multicast-mode" ( /* Multicast mode for EVPN */ ("ingress-replication") ), "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community to use in import and export */ ) ), "default-gateway" ( /* Default gateway mode */ ("advertise" | "no-gateway-community" | "do-not-advertise") ), "no-arp-suppression" /* Disable suppression of ARP/NDP for EVPN */ ) end rule(:juniper_protocols_evi_options) do c( "isid" arg ( /* Per-evi options */ c( "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community */ ) ) ) ) ) end rule(:juniper_protocols_pim_snooping) do c( "traceoptions" ( /* Trace options for PIM Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "hello" | "join" | "prune" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "no-dr-flood" /* Disable default flooding of multicast data on the PIM designated router port */, "vlan" arg ( /* Vlan options */ c( "no-dr-flood" /* Disable default flooding of multicast data on the PIM DR port */ ) ) ) end rule(:juniper_ri_protocols_igmp_snooping) do c( "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "learn-pim-router" /* Learn PIM router interfaces from PIM hellos */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "disable" ) ) ) end rule(:juniper_ri_protocols_mld_snooping) do c( "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ) ) ) ) end rule(:juniper_routing_instance_pbb_options) do c( "peer-instance" arg /* Set the peer-pbbn routing instance */, "vlan-id" arg ( /* Set B-VLAN to ISID mapping */ sc( "isid-list" arg /* Configure ISID(Valid Range:256..16777214) for the B-VLAN */ ) ).as(:oneline), "default-bvlan" arg /* Default B-VLAN for all un-mapped ISIDs */ ) end rule(:juniper_routing_instance_service_groups) do arg.as(:arg) ( c( "service-type" ( /* Service type as ethernet LAN or point-to-point */ ("eline" | "elan") ), "pbb-service-options" ( /* Provider backbone instance service options */ c( "isid" arg ( /* ISID to S-VLAN configuration */ sc( c( "vlan-id-list" arg /* List of S-VLANs */, "interface" ( /* Point to point interface name */ interface_name /* Point to point interface name */ ) ) ) ).as(:oneline), "default-isid" arg /* Default ISID for all un-mapped S-VLANs */, "mac-address" ( /* Unicast or multicast mac address */ mac_addr /* Unicast or multicast mac address */ ), "source-bmac" ( /* Unicast Source B Mac address */ mac_addr /* Unicast Source B Mac address */ ) ) ) ) ) end rule(:juniper_routing_instance_switch_options) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "service-id" arg /* Service ID required if multi-chassis AE is part of a bridge-domain */, "ovsdb-managed" /* All vxlan bridge domains in routing instance are remote managed */, "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "vpws-service-id" ( /* Service-id for EVPN VPWS routing instance */ c( "local" arg /* Local EVPN VPWS service id */, "remote" arg /* Remote EVPN VPWS service id */ ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "remote-site-id" arg /* Site identifier associated with this interface */, "target-attachment-identifier" arg /* FEC 129 VPWS target attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to push Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this interface */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "description" arg /* Text description */ ) ), "voip" ( /* Voice-over-IP configuration */ c( "interface" (arg | "access-ports") ( /* Enable voice over IP on this port */ c( "vlan" arg /* VLAN for voice over IP */, "forwarding-class" arg /* Forwarding class */ ) ) ) ), "unknown-unicast-forwarding" ( /* Set interface for forwarding of unknown unicast packets */ c( "vlan" arg ( /* VLAN for the unknown unicast packets */ c( "interface" ( /* Interface to send unknown unicast packets for the VLAN */ interface_name /* Interface to send unknown unicast packets for the VLAN */ ) ) ) ) ), "authentication-whitelist" arg ( /* MAC authentication-whitelist configuration needed to bypass Authentication */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "bridge-domain-assignment" arg /* Bridge-domain name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ), "traceoptions" ( /* Layer 2 trace options for this routing instance */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "routing-socket" | "interface-device" | "interface-logical" | "interface-family" | "bridging-domain" | "bridge-interface" | "learning-domain" | "ipc" | "mac-learning" | "initialization" | "flood-next-hop" | "irb" | "vpls-ping" | "vpls-loop-prev" | "storm-control" | "unknown-unicast-forwarding" | "vxlan" | "all")) /* Type of operation or event to include in trace */.as(:oneline) ) ) ) end rule(:juniper_routing_options) do c( "med-igp-update-interval" arg /* Delay (in minutes) in updating MED IGP for bgp groups with 'delay-med-update' */, "bmp" ( /* BGP Monitoring Protocol (BMP) configuration */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96") ), "authentication-key-chain" arg /* Key chain name */, "hold-down" ( sc( arg, "flaps" arg /* Number of flaps before damping */, "period" arg /* Time period for flaps */ ) ).as(:oneline), "initiation-message" arg /* User string sent with the initiation message */, "local-address" ( /* Address of local end of BMP session */ ipaddr /* Address of local end of BMP session */ ), "local-port" arg /* Local port for listening */, "connection-mode" ( /* Specify active or passive */ ("active" | "passive") ), "priority" ( /* Relative dispatch priority */ ("low" | "medium" | "high") ), "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route montoring messages */, "pre-policy" ( /* Send pre policy route montoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post policy route montoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline) ) ), "station-address" ( /* Address/name of monitoring station */ ipaddr /* Address/name of monitoring station */ ), "station-port" arg /* Port of monitoring station */, "statistics-timeout" arg /* Statistics message timer, 15-65535, or 0 for no messages */, "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "up" | "down" | "statistics" | "route-monitoring" | "event" | "error" | "write" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Trace flag information */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "station" arg ( /* Define a BMP station */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96") ), "authentication-key-chain" arg /* Key chain name */, "hold-down" ( sc( arg, "flaps" arg /* Number of flaps before damping */, "period" arg /* Time period for flaps */ ) ).as(:oneline), "initiation-message" arg /* User string sent with the initiation message */, "local-address" ( /* Address of local end of BMP session */ ipaddr /* Address of local end of BMP session */ ), "local-port" arg /* Local port for listening */, "connection-mode" ( /* Specify active or passive */ ("active" | "passive") ), "priority" ( /* Relative dispatch priority */ ("low" | "medium" | "high") ), "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route montoring messages */, "pre-policy" ( /* Send pre policy route montoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post policy route montoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline) ) ), "station-address" ( /* Address/name of monitoring station */ ipaddr /* Address/name of monitoring station */ ), "station-port" arg /* Port of monitoring station */, "statistics-timeout" arg /* Statistics message timer, 15-65535, or 0 for no messages */, "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("packets" | "up" | "down" | "statistics" | "route-monitoring" | "event" | "error" | "write" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Trace flag information */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ) ) ), "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "ppm" ( /* Set periodic packet management properties */ c( "delegate-processing" /* Enable distribution of PPM sessions */, "no-delegate-processing" /* Disable PPM sessions distribution */, "inline-processing-enable" /* Enable PPM session inline distribution */, "inline-ae-processing-enable" /* Enable PPM session inline distribution on AE */, "redistribution-timer" arg /* Time to wait after switchover before starting timers */ ) ), "no-bfd-triggered-local-repair" /* Disable bfd triggered local repair */, "source-routing" ( /* Source-routing options */ c( "ip" /* Enable IP Source Routing */, "ipv6" /* Enable Type 0 RouteHeader processing */ ) ), "l3vpn-composite-nexthop" /* Enable composite nexthop for l3vpn */, "srlg" arg ( /* SRLG configuration */ c( "srlg-value" arg /* Group id */, "srlg-cost" arg /* Cost value */ ) ), "admin-groups-extended-range" ( /* Extended administrative groups range */ c( "minimum" arg /* Minimum value of the range for extended administrative groups */, "maximum" arg /* Maximum value of the range for extended administrative groups */ ) ), "admin-groups-extended" arg ( /* Extended administrative groups */ c( "group-value" arg /* Group id */ ) ), "enable-sensors" /* Enable Sensor for MX/PTX/QFX */, "lsp-telemetry" /* Turn on Jvision LSP telemetry */, "traceoptions" ( /* Global routing protocol trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "regex-parse" | "config-internal" | "nsr-synchronization" | "condition-manager" | "graceful-restart" | "session" | "hfrr-fsm" | "hfrr-route" | "statistics-id-group" | "route-record" | "jvision-lsp" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "options" ( /* Miscellaneous options */ c( "no-send" /* Listen only; do not send protocol packets */, "no-resolve" /* Do not use DNS name resolution */, "syslog" ( /* Set system logging level */ c( "level" ( /* Logging level */ sc( "emergency" /* Emergency level */, "alert" /* Alert level */, "critical" /* Critical level */, "error" /* Error level */, "warning" /* Warning level */, "notice" /* Notice level */, "info" /* Informational level */, "debug" /* Debugging level */ ) ).as(:oneline), "upto" ( /* Log up to a particular logging level */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug") ) ) ), "mark" arg /* Periodically mark the trace file */ ) ), "graceful-restart" ( /* Graceful or hitless routing restart options */ c( ("disable"), "restart-duration" arg /* Maximum time for which router is in graceful restart */ ) ), "warm-standby" /* Enable warm-standby */, "nonstop-routing" /* Enable nonstop routing */, "nonstop-routing-options" ( /* Nonstop routing options */ c( "precision-timers-max-period" arg /* Set Max period for precision timer support from kernel after switchover */ ) ), "nsr-phantom-holdtime" arg /* Set NSR phantom route hold time */, "interface-routes" ( /* Define routing table groups for interface routes */ c( "rib-group" ( /* Routing table group */ rib_group_type /* Routing table group */ ), "family" enum(("inet" | "inet6")) ( /* Address family */ c( "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "export" ( /* Control exportability of local routes */ c( "point-to-point" /* Make point-to-point routes exportable */, "lan" /* Make LAN routes exportable */ ) ) ) ) ) ), "loopback-strict-disable" /* Completely disable lo0 host prefix when in admin-down state */, "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" ( /* BGP peers for filter */ ipaddr /* BGP peers for filter */ ), "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */ ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "flow" ( /* Locally defined flow routing information */ c( "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "route" ( /* Flow route */ flow_route_inet6 /* Flow route */ ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ) ) ) ) ), "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" ( /* BGP peers for filter */ ipaddr /* BGP peers for filter */ ), "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */ ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "flow" ( /* Locally defined flow routing information */ c( "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "route" ( /* Flow route */ flow_route_inet /* Flow route */ ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ), "firewall-install-disable" /* Disable installing flowspec firewall filters in dfwd */, "term-order" ( /* Term evaluation order for flow routes */ ("legacy" | "standard") ) ) ), "rib-groups" ( /* Group of routing tables */ rpd_rib_group_type /* Group of routing tables */ ), "route-record" /* Enable route recording */, "localized-fib" ( /* Localize vrf routing-instance routes to specific FPC hardware */ c( "fpc-slot" arg /* Local FPC list */ ) ), "router-id" ( /* Router identifier */ ipv4addr /* Router identifier */ ), "route-distinguisher-id" ( /* Identifier used in route distinguishers for routing instances */ ipv4addr /* Identifier used in route distinguishers for routing instances */ ), "autonomous-system" ( /* Autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "asdot-notation" /* Use AS-Dot notation to display true 4 byte AS numbers */, "independent-domain" ( /* Independent autonomous-system domain from master instance */ sc( "no-attrset" /* Do not tunnel ce bgp attributes across provider network */ ) ).as(:oneline) ) ).as(:oneline), "confederation" ( /* Confederation autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "members" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */ ) ).as(:oneline), "interface" arg ( /* Direct/Host route FRR protection */ c( "arp-prefix-limit" arg /* Max ARP/Host FRR routes allowed */, "supplementary-blackout-timer" arg /* ARP plimit blackout timer = kernel ARP timeout + supplementary-blackout-timer minutes. */, c( "link-protection" /* Protect interface from link faults only */ ) ) ), "host-fast-reroute" ( /* Host Fast Re-route global values. Applies to all host FRR profiles. */ c( "global-arp-prefix-limit" arg /* Max ARP/Host FRR routes allowed per protected IFL */, "global-supplementary-blackout-timer" arg /* ARP plimit global blackout timer = kernel ARP timeout + global-supplementary-blackout-timer minutes. */ ) ), "forwarding-table" ( forwarding_table_type ), "resolution" ( /* Route next-hop resolution options */ c( "tracefilter" ( /* Filter policy */ policy_algebra /* Filter policy */ ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("event" | "flash" | "kernel" | "indirect" | "task" | "igp-frr" | "igp-frr-extensive" | "tunnel" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rib" arg ( /* Routing table resolution options */ c( "resolution-family" arg /* Family of resultion tree */, "resolution-ribs" arg /* Routing tables to use for default routing table family resolution */, "inet-resolution-ribs" arg /* Routing tables to use for ipv4 family protocol-next-hop resolution */, "inet6-resolution-ribs" arg /* Routing tables to use for ipv6 family protocol-next-hop resolution */, "iso-resolution-ribs" arg /* Routing tables to use for iso family protocol-next-hop resolution */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "inet-import" ( /* Import policy for IPV4 family resolution tree */ policy_algebra /* Import policy for IPV4 family resolution tree */ ), "inet6-import" ( /* Import policy for IPV6 family resolution tree */ policy_algebra /* Import policy for IPV6 family resolution tree */ ), "iso-import" ( /* Import policy for ISO family resolution tree */ policy_algebra /* Import policy for ISO family resolution tree */ ) ) ) ) ), "multicast" ( /* Global multicast options */ c( "traceoptions" ( /* Global multicast trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rpf" arg, "scope" arg ( /* Multicast address scope */ c( "prefix" ( /* Administratively scoped address */ ipprefix /* Administratively scoped address */ ), "interface" ( /* Interface on which to configure scoping */ interface_name /* Interface on which to configure scoping */ ) ) ), "scope-policy" ( /* Scoping policy */ policy_algebra /* Scoping policy */ ), "flow-map" arg ( /* Multicast flow map configuration */ c( "policy" ( /* Policy for matched flows */ policy_algebra /* Policy for matched flows */ ), "bandwidth" ( /* Bandwidth properties for matched flows */ sc( arg /* Static or default bandwidth for the matched flows */, "adaptive" /* Auto-sense bandwidth for matched flows */ ) ).as(:oneline), "redundant-sources" ( /* Redundant source addresses */ ipaddr /* Redundant source addresses */ ), "forwarding-cache" ( /* Forwarding cache properties for matched flows */ c( "timeout" ( /* Timeout properties for matched flows */ sc( c( arg, "never" ( /* Forwarding cache entries never time out */ c( "non-discard-entry-only" /* Apply only to non-discard entries */ ) ) ) ) ).as(:oneline) ) ) ) ), "resolve-filter" ( /* Multicast resolve policy filter */ policy_algebra /* Multicast resolve policy filter */ ), "ssm-groups" ( /* Source-specific multicast group ranges */ ipprefix /* Source-specific multicast group ranges */ ), "asm-override-ssm" /* Allow ASM state for SSM group ranges */, "rpf-check-policy" ( /* Disable RPF check for a source group pair */ policy_algebra /* Disable RPF check for a source group pair */ ), "pim-to-igmp-proxy" ( /* PIM-to-IGMP proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "pim-to-mld-proxy" ( /* PIM-to-MLD proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "allow-maximum" /* Allow maximum of global and family level threshold values for suppress and reuse */, "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "threshold" ( /* Multicast forwarding cache suppress threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ) ) ), "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ), "timeout" arg /* Forwarding cache entry timeout in minutes */ ) ), "interface" ( /* Multicast interface options */ multicast_interface_options_type /* Multicast interface options */ ), "ssm-map" arg ( /* SSM map definitions */ c( "policy" ( /* Policy for matching group */ policy_algebra /* Policy for matching group */ ), "source" ( /* One or more source addresses */ ipaddr /* One or more source addresses */ ) ) ), "stream-protection" ( /* Multicast only Fast Re-Route */ c( "mofrr-primary-path-selection-by-routing" /* Multicast only Fast Re-Route primary path by Routing */, "mofrr-disjoint-upstream-only" /* Multicast only Fast Re-Route disjoint upstream only */, "mofrr-no-backup-join" /* Multicast only Fast Re-Route no backup join */, "mofrr-asm-starg" /* Multicast only Fast Re-Route asm (*,G) */, "policy" ( /* MoFRR Policy */ policy_algebra /* MoFRR Policy */ ) ) ), "backup-pe-group" arg ( /* Backup PE group definitions */ c( "backups" ( /* One or more IP addresses */ ipaddr /* One or more IP addresses */ ), "local-address" ( /* Address to be used as local-address for this group */ ipaddr /* Address to be used as local-address for this group */ ) ) ), "omit-wildcard-address" /* Omit wildcard source/group fields in SPMSI AD NLRI */, "local-address" ( /* Local address for PIM and MVPN sessions */ ipv4addr /* Local address for PIM and MVPN sessions */ ) ) ), "instance-import" ( /* Import policy for instance RIBs */ policy_algebra /* Import policy for instance RIBs */ ), "instance-export" ( /* Export policy for instance RIBs */ policy_algebra /* Export policy for instance RIBs */ ), "auto-export" ( /* Export routes between routing instances */ c( ("disable"), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("export" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "family" ( c( "inet" ( /* IPv4 parameters */ export_af_obj /* IPv4 parameters */ ), "inet6" ( /* IPv6 parameters */ export_af_obj /* IPv6 parameters */ ), "iso" ( /* ISO parameters */ export_af_obj /* ISO parameters */ ) ) ) ) ), "dynamic-tunnels" ( /* Dynamic tunnel definitions */ c( "tunnel-attributes" arg ( /* Dynamic tunnel attributes definition */ c( "dynamic-tunnel-source-prefix" ( /* Tunnel source address */ ipaddr /* Tunnel source address */ ), "dynamic-tunnel-type" ( ("V4oV6") ), "dynamic-tunnel-mtu" arg /* Dynamic Tunnel MTU value */, "dynamic-tunnel-anchor-pfe" arg /* Dynamic Tunnel anchor PFE name of format pfe-x/y/z */, "dynamic-tunnel-anti-spoof" ( ("on" | "off") ) ) ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("kernel" | "tunnel" | "task" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "gre" ( /* Enable dynamic gre tunnel mode */ ("next-hop-based-tunnel") ), dynamic_tunnel_type ) ), "logical-system-mux" ( /* Logical system control daemon information */ c( "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("debug" | "parse" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "programmable-rpd" ( /* RPD Server module management options */ programmable_rpd_type /* RPD Server module management options */ ), "topologies" ( /* Define routing topologies */ c( "family" enum(("inet" | "inet6")) ( /* Address family */ c( "topology" arg /* Topology information */ ) ) ) ), "backup-selection" ( /* Backup selection options */ c( "destination" arg ( /* IP/IPv6 prefix for which backup selection policy is configured */ c( "interface" arg ( /* Primary nexthop interface for which backup selection policy is configured */ c( "admin-group" ( /* Administrative group policies for backup-selection */ c( "exclude" arg /* Do not use interface if any admin group available */, "include-all" arg /* Use interface if admin groups available entirely */, "include-any" arg /* Use interface if any admin group is available */, "preference" arg /* Administrative groups in descending preference order */ ) ), "srlg" ( /* Evaluate Shared Risk Link Group(SRLG) characteristics for backup selection */ ("loose" | "strict") ), "protection-type" ( /* Type of protection to be considered */ ("link" | "node" | "node-link") ), "downstream-paths-only" /* Choose only the downstream nodes for backup */, "bandwidth-greater-equal-primary" /* Use backup nexthop only if bandwidth is >= bandwidth of primary nexthop */, "backup-neighbor" ( /* Backup Neighbor ID based policies for backup selection */ c( "exclude" ( /* List of backup neighbors to be excluded */ ipv4addr /* List of backup neighbors to be excluded */ ), "preference" ( /* List of backup neighbors in descending order preference */ ipv4addr /* List of backup neighbors in descending order preference */ ) ) ), "node" ( /* Node ID based policies for backup selection */ c( "exclude" ( /* List of nodes to be excluded */ ipv4addr /* List of nodes to be excluded */ ), "preference" ( /* List of nodes in the descending order of preference */ ipv4addr /* List of nodes in the descending order of preference */ ) ) ), "node-tag" ( /* Node tag policies */ c( "exclude" arg /* The set of node tags to be excluded */, "preference" arg /* The set of node tags in the descending order of preference */ ) ), "root-metric" ( /* Root metric */ ("lowest" | "highest") ), "dest-metric" ( /* Destination metric */ ("lowest" | "highest") ), "metric-order" ( /* Metric evaluation order */ ("root" | "dest") ), "evaluation-order" ( /* Interface policy criteria evaluation order */ ("admin-group" | "srlg" | "bandwidth" | "protection-type" | "backup-neighbor" | "node" | "node-tag" | "metric") ) ) ) ) ) ) ), "fate-sharing" ( /* Fate-sharing links or nodes database */ c( "group" arg ( /* Group of objects sharing common characteristics */ c( "cost" arg /* Cost value */, "from" ( fate_sharing_links ) ) ) ) ), "validation" ( /* Define Route validation */ c( "traceoptions" ( /* Trace options for route validation */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "packets" | "keepalive" | "update" | "nsr-synchronization" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "notification-rib" arg /* Define routing tables that get notified upon validation state change */, "group" arg ( /* Define a group of sessions */ c( "max-sessions" arg /* Maximum connected session in this group */, "session" arg ( /* Configure a session */ c( "traceoptions" ( /* Trace options for route validation */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("error" | "packets" | "keepalive" | "update" | "state" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "refresh-time" arg /* Interval between keepalive packet transmissions */, "hold-time" arg /* Time after which the session is declared down. */, "record-lifetime" arg /* Lifetime of route validation records */, "preference" arg /* Preference for session establishment */, "port" arg /* Portnumber to connect */, "local-address" ( ipaddr ) ) ) ) ), "static" ( /* Define static route validation record */ c( "record" arg ( /* Static route validation record */ c( "maximum-length" arg ( c( "origin-autonomous-system" arg ( c( "validation-state" ( /* Validation state for route validation record */ ("invalid" | "valid") ) ) ) ) ) ) ) ) ) ) ) ) end rule(:dynamic_tunnel_type) do arg.as(:arg) ( c( "source-address" ( /* Tunnel source address */ ipaddr /* Tunnel source address */ ), c( "rsvp-te" arg ( /* RSVP-TE point-to-point LSP */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ), "destination-networks" ( /* Create tunnels for routes in these destination networks */ network_type /* Create tunnels for routes in these destination networks */ ) ) ), "gre" /* Generic routing encapsulation type for IPv4 */, "udp" /* UDP encapsulation type for IPv4 */ ), "destination-networks" ( /* Create tunnels for routes in these destination networks */ network_type /* Create tunnels for routes in these destination networks */ ) ) ) end rule(:export_af_obj) do c( ("disable"), "unicast" ( /* Unicast routing information */ export_subaf_obj /* Unicast routing information */ ), "multicast" ( /* Multicast routing information */ export_subaf_obj /* Multicast routing information */ ), "flow" ( /* Flow routing information */ export_subaf_obj /* Flow routing information */ ) ) end rule(:export_subaf_obj) do c( ("disable"), "rib-group" arg /* Auxiliary rib-group of additional RIBs to consider */ ) end rule(:fate_sharing_links) do arg.as(:arg) ( c( "to" ( /* Point-to-point links */ ipv4addr /* Point-to-point links */ ) ) ).as(:oneline) end rule(:flow_route_inet) do arg.as(:arg) ( c( "no-install" /* Don't install firewall filter in forwarding */, "then" ( /* Actions to take for this flow */ flow_route_op /* Actions to take for this flow */ ), "match" ( /* Flow definition */ flow_route_qualifier_inet /* Flow definition */ ) ) ) end rule(:flow_route_qualifier_inet) do c( "protocol" ( /* IP protocol value */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "tcp-flags" ( /* TCP flags */ ("fin" | "syn" | "rst" | "push" | "ack" | "urgent" | arg) ), "packet-length" ( /* Packet length (0-65535) */ policy_algebra /* Packet length (0-65535) */ ), "dscp" ( /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ policy_algebra /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ ), "fragment" ( ("dont-fragment" | "not-a-fragment" | "is-fragment" | "first-fragment" | "last-fragment") ), "destination" ( /* Destination prefix for this traffic flow */ ipv4prefix /* Destination prefix for this traffic flow */ ), "source" ( /* Source prefix for this traffic flow */ ipv4prefix /* Source prefix for this traffic flow */ ), "icmp-code" ( /* ICMP message code */ ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-type" ( /* ICMP message type */ ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ) end rule(:juniper_sampling_options) do c( ("disable"), "traceoptions" ( /* Traffic sampling trace options */ sampling_traceoptions_type /* Traffic sampling trace options */ ), "sample-once" /* Sample the packet for active-monitoring only once */, "pre-rewrite-tos" /* Sample the packet retaining tos value before normalization */, "input" ( /* Traffic Sampling data acquisition */ sampling_input_type /* Traffic Sampling data acquisition */ ), "output" ( /* Traffic sampling data disposition */ sampling_output_type /* Traffic sampling data disposition */ ), "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_inet_global_output_type /* Traffic sampling data disposition */ ) ) ), "inet6" ( /* Sample IPv6 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_family_inet6_output_type /* Traffic sampling data disposition */ ) ) ), "mpls" ( /* Sample mpls packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_global_mpls_output_type /* Traffic sampling data disposition */ ) ) ) ) ), "instance" arg ( /* Instance of sampling parameters */ c( ("disable"), "input" ( /* Traffic Sampling data acquisition */ sampling_instance_input_type /* Traffic Sampling data acquisition */ ), "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_inet_output_type /* Traffic sampling data disposition */ ) ) ), "inet6" ( /* Sample IPv6 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_inet6_output_type /* Traffic sampling data disposition */ ) ) ), "mpls" ( /* Sample mpls packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_mpls_output_type /* Traffic sampling data disposition */ ) ) ), "vpls" ( /* Sample vpls packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_vpls_output_type /* Traffic sampling data disposition */ ) ) ) ) ) ) ), "jflow-service" ( /* Jflow service configuration */ c( "traceoptions" ( /* Jflow service trace options */ jflow_service_traceoptions /* Jflow service trace options */ ) ) ), "route-record" ( /* Sampling route record configuration */ c( "traceoptions" ( /* Sampling route record trace options */ route_record_traceoptions /* Sampling route record trace options */ ) ) ) ) end rule(:jflow_service_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("parse" | "rtsock" | "sm" | "all")) /* Area of jflow-service to enable debuging output */.as(:oneline) ) end rule(:juniper_services_captive_portal) do c( "authentication-profile-name" arg /* Access profile name to use for authentication */, "traceoptions" ( /* Trace options for CAPTIVE PORTAL */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("dot1x-debug" | "parse" | "esw-if" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "all" | "dot1x-ipc" | "dot1x-event")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface" ("all" | arg) ( /* Captive Portal interface specific options */ c( "supplicant" ( /* Set supplicant mode for this interface */ ("single" | "single-secure" | "multiple") ), "retries" arg /* Number of retries after which port is placed into wait state */, "quiet-period" arg /* Time to wait after an authentication failure */, "server-timeout" arg /* Authentication server timeout interval */, "session-expiry" arg /* Session Expiry Timeout */, "user-keepalive" arg /* Session keepalive after mac-flush */ ) ), "secure-authentication" ( /* Set secure authentication using encrypted HTTPS or insecure authentication using plain-text HTTP */ ("http" | "https") ), "custom-options" ( /* Captive Portal html user interface customization options */ c( "header-logo" arg /* Path to logo image file */, "header-bgcolor" arg /* Background color of the html header in hex html format */, "header-text-color" arg /* Text color of the html header in hex html format */, "header-message" arg /* Message to be displayed in the html header */, "banner-message" arg /* Terms and Conditions of usage message */, "form-header-message" arg /* Message to be displayed in the login form header */, "form-header-bgcolor" arg /* Background color of the login form header in hex html format */, "form-header-text-color" arg /* Text color of the login form header in hex html format */, "form-submit-label" arg /* Label to be displayed for the login form submit button */, "form-reset-label" arg /* Label to be displayed for the login form reset button */, "footer-message" arg /* Message to be displayed in the html footer */, "footer-bgcolor" arg /* Background color of the html footer in hex html format */, "footer-text-color" arg /* Text color of the footer in hex html format */, "post-authentication-url" arg /* Post authentication redirection URL */ ) ) ) end rule(:juniper_system) do c( "configuration-database" ( /* Configuration database parameters */ c( "ephemeral" ( /* Configure ephemeral database */ c( "instance" arg /* Configure ephemeral instances */, "ignore-ephemeral-default" /* Ignore ephemeral default database */, "allow-commit-synchronize-with-gres" /* Allow ephemeral commit synchronize with GRES */ ) ), "virtual-memory-mapping" ( /* Virtual memory mapping configuration */ c( "process" arg ( /* Per process configuration */ c( "fixed-size" arg /* Fixed memory mapped size in kilobytes */, "page-pooling-size" arg /* Page pooling memory mapped size in kilobytes */, "page-leak-debug" /* Page leak detection */ ) ), "process-set" ( /* Set of processes using page pool */ c( "subscriber-management" ( /* Subscriber management processes will use page pooling */ c( "fixed-size" arg /* Fixed memory mapped size */, "page-pooling-size" arg /* Page pooling memory mapped size */ ) ) ) ) ) ), "extend-size" /* Extend configuration database upto 1.5G */, "resize" ( /* Resize configuration database */ c( "database-size-on-disk" arg /* Minimum configuration database size on disk */, "database-size-diff" arg /* Difference between database size and actual usage */ ) ), "max-db-size" arg /* Max database size */ ) ), "autoinstallation", "host-name" arg /* Hostname for this router */, "auto-snapshot" /* Enable auto-snapshot when boots from alternate slice */, "unattended-boot" /* Enable Unattended Boot mode */, "dgasp-int" /* Enable Dying Gasp Interrupt */, "dgasp-usb" /* Enable USB reset in Dying Gasp Interrupt */, "domain-name" arg /* Domain name for this router */, "domain-search" arg /* List of domain names to search */, "no-hidden-commands" /* Deny hidden commands for all users except root */, "backup-router" ( /* IPv4 router to use while booting */ sc( ipv4addr /* Address of router to use while booting */, "destination" ( /* Destination network reachable through the router */ ipv4prefix /* Destination network reachable through the router */ ) ) ).as(:oneline), "inet6-backup-router" ( /* IPv6 router to use while booting */ sc( ipv6addr /* Address of router to use while booting */, "destination" ( /* Destination network reachable through the router */ ipv6prefix /* Destination network reachable through the router */ ) ) ).as(:oneline), "time-zone" arg /* Time zone name or POSIX-compliant time zone string */, "use-imported-time-zones" /* Use locally generated time-zone database */, "regex-additive-logic" /* Set regex-additive-logic */, "switchover-on-routing-crash" /* On failure, switch mastership to other Routing Engine */, "network-stack-in-jlock-shared-mode" /* Enables JUNOS network stack parallelism */, "default-address-selection" /* Use system address for locally originated traffic */, "nd-maxmcast-solicit" arg /* Set Maximum multicast solicit */, "nd-maxucast-retry" arg /* Set Maximum unicast retry count */, "nd-retransmit-timer" arg /* Set retransmit timer */, "nd-system-cache-limit" arg /* Set max system cache size for IPv6 nexthops */, "arp-system-cache-limit" arg /* Set max system cache size for ARP nexthops */, "no-neighbor-learn" /* Disable neighbor address learning */, "no-multicast-echo" /* Disable ICMP echo on multicast addresses */, "no-redirects" /* Disable ICMP redirects */, "no-redirects-ipv6" /* Disable IPV6 ICMP redirects */, "nd-override-preferred-src" /* Do not use preferred source address for unnumbered interface as the source of NA/NS */, "no-ping-record-route" /* Do not insert IP address in ping replies */, "no-ping-time-stamp" /* Do not insert time stamp in ping replies */, "dump-device" ( /* Device to record memory snapshots on operating system failure */ (arg | "boot-device" | "usb" | "compact-flash" | "removable-compact-flash") ), "arp" ( /* ARP settings */ c( "aging-timer" arg /* Change the ARP aging time value */, "interfaces" ( /* Logical interface on which to specify ARP aging timer */ c( arp_interface_type ) ), "passive-learning" /* ARP passive learning */, "purging" /* ARP purging when link goes down */, "gratuitous-arp-on-ifup" /* Gratuitous ARP announcement on interface up */, "gratuitous-arp-delay" arg /* Delay gratuitous ARP request */, "non-subscriber-no-reply" /* Do not reply to ARP requests from non-subscribers */ ) ), "personality-file-list-of-directories" arg /* List of Optional directories for personality-tarball of device */, "saved-core-files" arg /* Number of saved core files per executable */, "saved-core-context" /* Save context information for core files */, "no-saved-core-context" /* Don't save context information for core files */, "kernel-replication" ( /* Kernel replication */ c( "system-reboot" ( /* Reboot standby routing engine */ ("recovery-failure") ), "no-multithreading" /* Disable kernel-replication multithreading */ ) ), "mirror-flash-on-disk" /* Mirror contents of the flash drive onto hard drive */, "icmp-rate-limit" ( /* Rate-limiting parameters for ICMP messages */ sc( "packet-rate" arg /* ICMP rate-limiting packets earned per second */, "bucket-size" arg /* ICMP rate-limiting maximum bucket size */ ) ).as(:oneline), "tcp-ack-rst-syn" /* Send ACKs for in-window RSTs and SYN packets on TCP connections */, "management-instance" /* Enable Management VRF Instance */, "internet-options" ( /* Tunable options for Internet operation */ c( "icmpv4-rate-limit" ( /* Rate-limiting parameters for ICMPv4 messages */ sc( "packet-rate" arg /* ICMP rate-limiting packets earned per second */, "bucket-size" arg /* ICMP rate-limiting maximum bucket size */ ) ).as(:oneline), "icmpv6-rate-limit" ( /* Rate-limiting parameters for ICMPv6 messages */ sc( "packet-rate" arg /* ICMPv6 rate-limiting packets earned per second */, "bucket-size" arg /* ICMPv6 rate-limiting maximum bucket size */ ) ).as(:oneline), "path-mtu-discovery" /* Enable Path MTU discovery on TCP connections */, "no-path-mtu-discovery" /* Don't enable Path MTU discovery on TCP connections */, "gre-path-mtu-discovery" /* Enable path MTU discovery for GRE tunnels */, "no-gre-path-mtu-discovery" /* Don't enable path MTU discovery for GRE tunnels */, "ipip-path-mtu-discovery" /* Enable path MTU discovery for IP-IP tunnels */, "no-ipip-path-mtu-discovery" /* Don't enable path MTU discovery for IP-IP tunnels */, "source-port" ( /* Source port selection parameters */ c( "upper-limit" arg /* Specify upper limit of source port selection range */ ) ), "source-quench" /* React to incoming ICMP Source Quench messages */, "no-source-quench" /* Don't react to incoming ICMP Source Quench messages */, "tcp-mss" arg /* Maximum value of TCP MSS for IPV4 traffic */, "tcp-drop-synfin-set" /* Drop TCP packets that have both SYN and FIN flags */, "no-tcp-rfc1323" /* Disable RFC 1323 TCP extensions */, "no-tcp-rfc1323-paws" /* Disable RFC 1323 Protection Against Wrapped Sequence Number extension */, "ipv6-reject-zero-hop-limit" /* Enable dropping IPv6 packets with zero hop-limit */, "no-ipv6-reject-zero-hop-limit" /* Don't enable dropping IPv6 packets with zero hop-limit */, "ipv6-duplicate-addr-detection-transmits" arg /* IPv6 Duplicate address detection transmits */, "ipv6-path-mtu-discovery" /* Enable IPv6 Path MTU discovery */, "no-ipv6-path-mtu-discovery" /* Don't enable IPv6 Path MTU discovery */, "ipv6-path-mtu-discovery-timeout" arg /* IPv6 Path MTU Discovery timeout */, "no-tcp-reset" ( /* Do not send RST TCP packet for packets sent to non-listening ports */ ("drop-tcp-with-syn-only" | "drop-all-tcp") ) ) ), "authentication-order" ( ("radius" | "tacplus" | "password") ), "location" ( /* Location of the system, in various forms */ location_type /* Location of the system, in various forms */ ), "ports" ( /* Craft interface RS-232 ports */ c( "console" ( /* Console port */ tty_port_object /* Console port */ ), "auxiliary" ( /* Auxiliary port */ tty_port_object /* Auxiliary port */ ) ) ), "diag-port-authentication" ( /* Authentication for the diagnostic port */ c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */ ) ), "pic-console-authentication" ( /* Authentication for the console port on PICs */ c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */ ) ), "root-authentication" ( /* Authentication information for the root login */ authentication_object /* Authentication information for the root login */ ), "boot-loader-authentication" ( /* Authentication for the boot loader */ c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */ ) ), "name-server" ( /* DNS name servers */ nameserver_object /* DNS name servers */ ), "radius-server" ( /* RADIUS server configuration */ radius_server_object /* RADIUS server configuration */ ), "dynamic-profile-options" ( /* Dynamic profile options */ dynamic_profile_option_object /* Dynamic profile options */ ), "tacplus-server" ( /* TACACS+ server configuration */ tacplus_server_object /* TACACS+ server configuration */ ), "radius-options" ( /* RADIUS options */ c( "password-protocol" ( /* Specify password protocol used in RADIUS packets */ ("mschap-v2") ), "enhanced-accounting" /* Include authentication method, remote port and user-privileges in 'login' accounting */, "attributes" ( /* Configure RADIUS attributes */ c( "nas-ip-address" ( /* Value of NAS-IP-Address in outgoing RADIUS packets */ ipaddr /* Value of NAS-IP-Address in outgoing RADIUS packets */ ) ) ) ) ), "tacplus-options" ( /* TACACS+ options */ c( "service-name" arg /* TACACS+ service name */, "strict-authorization" /* Deny login if authorization request fails */, "no-strict-authorization" /* Don't deny login if authorization request fails */, c( "no-cmd-attribute-value" /* In start/stop requests, set 'cmd' attribute value to empty string */, "exclude-cmd-attribute" /* In start/stop requests, do not include 'cmd' attribute */ ), "enhanced-accounting" /* Include authentication method, remote port and user-privileges in 'login' accounting */, "timestamp-and-timezone" /* In start/stop accounting packets, include 'start-time', 'stop-time' and 'timezone' attributes */ ) ), "accounting" ( /* System accounting configuration */ c( "events" ( /* Events to be logged */ ("login" | "change-log" | "interactive-commands") ), "enhanced-avs-max" arg /* No. of AV pairs each of which can store a max of 250 Bytes */, "traceoptions" ( /* Trace options for system accounting */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("all" | "events" | "config" | "radius" | "tacplus")) /* Tracing parameters */.as(:oneline) ) ), "destination" ( /* Destination for system accounting records */ c( "radius" ( /* Configure RADIUS accounting */ c( "server" ( /* RADIUS accounting server configuration */ radius_server_object /* RADIUS accounting server configuration */ ) ) ), "tacplus" ( /* Send TACACS+ accounting records */ c( "server" ( /* TACACS+ server configuration */ tacplus_server_object /* TACACS+ server configuration */ ) ) ) ) ) ) ), "allow-v4mapped-packets" /* Allow processing for packets with V4 mapped address */, "allow-6pe-traceroute" /* Allow IPv4-mapped v6 address in tag icmp6 TTL expired packet */, "donot-disable-ip6op-ondad" /* Do not disable IP operation on interface, if DAD fails on EUI-64 link local address */, "scripts" ( /* Scripting mechanisms */ scripts_type /* Scripting mechanisms */ ), "login" ( /* Names, login classes, and passwords for users */ c( "announcement" arg /* System announcement message (displayed after login) */, "message" arg /* System login message */, "retry-options" ( /* Configure password retry options */ c( "tries-before-disconnect" arg /* Number of times user is allowed to try password */, "backoff-threshold" arg /* Number of password failures before delay is introduced */, "backoff-factor" arg /* Delay factor after 'backoff-threshold' password failures */, "minimum-time" arg /* Minimum total connection time if all attempts fail */, "maximum-time" arg /* Maximum time the connection will remain for user to enter username and password */, "lockout-period" arg /* Amount of time user account is locked after 'tries-before-disconnect' failures */ ) ), "idle-timeout" arg /* Maximum idle time before logout */, "class" ( /* Login class */ login_class_object /* Login class */ ), "user" ( /* Username */ login_user_object /* Username */ ), "password" ( /* Password configuration */ c( "minimum-length" arg /* Minimum password length for all users */, "maximum-length" arg /* Maximum password length for all users */, "change-type" ( /* Password change type */ ("character-sets" | "set-transitions") ), "minimum-changes" arg /* Minimum number of changes in password */, "minimum-numerics" arg /* Minimum number of numeric class characters in password */, "minimum-upper-cases" arg /* Minimum number of upper-case class characters in password */, "minimum-lower-cases" arg /* Minimum number of lower-case class characters in password */, "minimum-punctuations" arg /* Minimum number of punctuation class characters in password */, "format" ( /* Encryption method to use for password */ ("sha1" | "sha256" | "sha512" | "md5" | "des") ) ) ), "deny-sources" ( /* Sources from which logins are denied */ c( "address" ( /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ipprefix_optional /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ) ) ) ) ), "static-host-mapping" arg ( /* Static hostname database mapping */ c( "inet" ( /* IP address */ ipv4addr /* IP address */ ), "inet6" ( /* IPv6 address */ ipv6addr /* IPv6 address */ ), "sysid" ( /* ISO/IS-IS system identifier */ sysid /* ISO/IS-IS system identifier */ ), "alias" arg /* Hostname alias */ ) ), "services" ( /* System services */ c( "finger" ( /* Allow finger requests from remote systems */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "ftp" ( /* Allow FTP file transfers */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */, "authentication-order" ( ("radius" | "tacplus" | "password") ) ) ), "ssh" ( /* Allow ssh access */ c( "authentication-order" ( ("radius" | "tacplus" | "password") ), "root-login" ( /* Configure root access via ssh */ ("allow" | "deny" | "deny-password") ), "no-passwords" /* Disables ssh password based authentication */, "no-public-keys" /* Disables ssh public key based authentication */, c( "tcp-forwarding" /* Allow forwarding TCP connections via SSH */, "no-tcp-forwarding" /* Do not allow forwarding TCP connections via SSH */ ), "protocol-version" ( /* Specify ssh protocol versions supported */ ("v1" | "v2") ), "max-sessions-per-connection" arg /* Maximum number of sessions per single SSH connection */, "max-pre-authentication-packets" arg /* Maximum number of pre-authentication SSH packets per single SSH connection */, "ciphers" ( /* Specify the ciphers allowed for protocol version 2 */ ("3des-cbc" | "aes128-cbc" | "aes192-cbc" | "aes256-cbc" | "aes128-ctr" | "aes192-ctr" | "aes256-ctr" | "aes128-gcm@openssh.com" | "aes256-gcm@openssh.com" | "chacha20-poly1305@openssh.com" | "arcfour128" | "arcfour256" | "arcfour" | "blowfish-cbc" | "cast128-cbc") ), "macs" ( /* Message Authentication Code algorithms allowed (SSHv2) */ ("hmac-md5" | "hmac-md5-etm@openssh.com" | "hmac-sha1" | "hmac-sha1-etm@openssh.com" | "umac-64@openssh.com" | "umac-128@openssh.com" | "umac-64-etm@openssh.com" | "umac-128-etm@openssh.com" | "hmac-sha2-256" | "hmac-sha2-256-etm@openssh.com" | "hmac-sha2-256-96" | "hmac-sha2-512" | "hmac-sha2-512-etm@openssh.com" | "hmac-sha2-512-96" | "hmac-ripemd160" | "hmac-ripemd160-etm@openssh.com" | "hmac-sha1-96" | "hmac-sha1-96-etm@openssh.com" | "hmac-md5-96" | "hmac-md5-96-etm@openssh.com") ), "key-exchange" ( /* Specify ssh key-exchange for Diffie-Hellman keys */ ("curve25519-sha256" | "ecdh-sha2-nistp256" | "ecdh-sha2-nistp384" | "ecdh-sha2-nistp521" | "group-exchange-sha2" | "group-exchange-sha1" | "dh-group14-sha1" | "dh-group1-sha1") ), "client-alive-count-max" arg /* Threshold of missing client-alive responses that triggers a disconnect */, "client-alive-interval" arg /* Frequency of client-alive requests */, "hostkey-algorithm" ( /* Specify permissible SSH host-key algorithms */ c( c( "no-ssh-dss" /* Disallow generation of 1024-bit DSA host-key */, "ssh-dss" ( /* Allow generation of 1024-bit DSA host-key */ c( c( "allow" /* Allow generation of 1024-bit DSA host-key */, "deny" /* Disallow generation of 1024-bit DSA host-key */ ) ) ) ), c( "no-ssh-rsa" /* Disallow generation of RSA host-key */, "ssh-rsa" ( /* Allow generation of RSA host-key */ c( c( "allow" /* Allow generation of RSA host-key */, "deny" /* Disallow generation of RSA host-key */ ) ) ) ), c( "no-ssh-ecdsa" /* Disallow generation of ECDSA host-key */, "ssh-ecdsa" ( /* Allow generation of ECDSA host-key */ c( c( "allow" /* Allow generation of ECDSA host-key */, "deny" /* Disallow generation of ECDSA host-key */ ) ) ) ), c( "no-ssh-ed25519" /* Disallow generation of ED25519 host-key */, "ssh-ed25519" /* Allow generation of ED25519 host-key */ ) ) ), "fingerprint-hash" ( /* Configure hash algorithm used when displaying key fingerprints */ ("sha2-256" | "md5") ), "authorized-keys-command" arg /* Specifies a command string to be used to look up the user's public keys */, "authorized-keys-command-user" arg /* Specifies the user under whose account the authorized-keys-command is run */, "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "telnet" ( /* Allow telnet login */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */, "authentication-order" ( ("radius" | "tacplus" | "password") ) ) ), "xnm-clear-text" ( /* Allow clear text-based JUNOScript connections */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "xnm-ssl" ( /* Allow SSL-based JUNOScript connections */ c( "local-certificate" arg /* Name of local X.509 certificate to use */, "ssl-renegotiation" /* Allow SSL renegotiation */, "no-ssl-renegotiation" /* Don't allow SSL renegotiation */, "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "extension-service" ( /* Enable JUNOS extension services */ c( "request-response" ( /* Allow request-response API execution */ c( "grpc" ( /* Grpc server configuration */ c( c( "ssl" ( /* SSL based API connection settings */ c( "address" ( /* Address to listen for incoming connections */ ipaddr /* Address to listen for incoming connections */ ), "port" arg /* Port number to accept incoming connections */, "local-certificate" arg /* Name of local X.509 certificate to use */ ) ) ), "max-connections" arg /* Maximum number of connections */, "scripts" ( /* JSD service main script name */ c( "file" ( /* Configuration for each JSD service main script */ jet_scripts_file_type /* Configuration for each JSD service main script */ ) ) ), "clear-text" ( c( "address" ipaddr, "port" arg ) ), "skip-authentication" ) ) ) ), "notification" ( /* Enable Notification Services */ c( "port" arg /* Port number to accept incoming connections */, "max-connections" arg /* Maximum number of connections */, "broker-socket-send-buffer-size" arg /* Socket send buffer size for the broker to publish the messages */, "allow-clients" ( /* Client IPs from which notifications are allowed */ c( "address" ( /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ipprefix_optional /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ) ) ) ) ), "traceoptions" ( /* Trace options for JSD */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("timer" | "timeouts" | "routing-socket" | "general" | "config" | "grpc" | "notification" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "netconf" ( /* Allow NETCONF connections */ c( "ssh" ( /* Allow NETCONF over SSH */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */, "port" arg /* Service port number */ ) ), "rfc-compliant" /* Make the NETCONF sessions compliant to RFC 4741 */, "yang-compliant" /* Make the NETCONF sessions compliant to yang schemas */, "traceoptions" ( /* NETCONF trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "incoming" | "outgoing" | "debug")) /* Tracing parameters */.as(:oneline), "on-demand" /* Enable on-demand tracing */ ) ) ) ), "tftp-server" ( /* Enable TFTP file transfers */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "flow-tap-dtcp" ( /* Configure DTCP-based Flow-tap service */ c( "ssh" ( /* Allow flow-tap-dtcp service over SSH */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ) ) ), "reverse" ( /* Allow connections to device connected to the AUX port */ c( "telnet" ( /* Allow reverse telnet connections (over AUX port) */ c( "port" arg /* Port number to accept reverse telnet connections */ ) ), "ssh" ( /* Allow reverse SSH connections (over AUX port) */ c( "port" arg /* Port number to accept reverse SSH connections */ ) ) ) ), "dns" ( /* Enable Name server */ c( "max-cache-ttl" arg /* Max TTL for cached responses */, "max-ncache-ttl" arg /* Max TTL for cached negative responses */, "traceoptions" ( /* DNS server trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "debug-level" arg /* Debug level */, "category" ("default" | "general" | "database" | "security" | "config" | "resolver" | "xfer-in" | "xfer-out" | "notify" | "client" | "unmatched" | "network" | "update" | "update-security" | "queries" | "dispatch" | "dnssec" | "lame-servers" | "delegation-only" | "edns-disabled") /* Logging category */.as(:oneline) ) ), "forwarders" arg /* Server IPs to DNS query will be forwarded */, "dnssec" ( /* Configure DNSSEC */ c( "disable" /* Disable DNSSEC */, "trusted-keys" ( /* Trusted keys */ c( "key" arg /* Trusted key */ ) ), "dlv" ( /* Configure DLV (DNS Lookaside Validation) */ s( "domain" arg /* Name of the domain */, "trusted-anchor" arg /* Trusted DLV anchor */ ) ).as(:oneline), "secure-domains" arg /* Domains for which only signed responses are accepted */ ) ) ) ), "service-deployment" ( /* Configuration for Service Deployment (SDXD) management application */ c( "local-certificate" arg /* Name of local X.509 certificate to use */, "source-address" ( /* Local IPv4 address to be used as source address for traffic to SDX */ ipv4addr /* Local IPv4 address to be used as source address for traffic to SDX */ ), "servers" arg ( /* Service deployment system configuration */ c( "port" arg /* TCP port of SDX server */, "user" arg /* Username used by SDX when logging into the router */, "security-options" ( /* Specify mechanism to secure the connection */ c( c( "tls" /* Use TLS for transport layer security */, "ssl3" /* Use SSLv3 for transport layer security */ ) ) ) ) ), "traceoptions" ( /* Service deployment daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("beep" | "profile" | "application" | "io" | "all")) /* Tracing options */.as(:oneline) ) ) ) ), "outbound-ssh" ( /* Initiate outbound SSH connection */ c( "traceoptions" ( /* Outbound SSH trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "connectivity" | "all")) /* Tracing parameters */.as(:oneline) ) ), "client" arg ( /* Define a device initiated SSH connection */ c( "disable-ssh-security-settings" /* Disable ssh security parameter defined under [system services ssh] */, "device-id" arg /* Unique ID used by client to identify this device */, "secret" ( /* Shared secret between client and this device */ unreadable /* Shared secret between client and this device */ ), "keep-alive" ( c( "retry" arg /* Maximum number of connection attempts */, "timeout" arg /* Timeout value for conection attempts */ ) ), "reconnect-strategy" ( /* Strategy used to reconnect to a server */ ("sticky" | "in-order") ), "services" ( /* The subsystem(s) that can be invoked */ ("netconf") ), c( "port" arg /* Client port to connect to */, "retry" arg /* Maximum number of connection attempts */, "timeout" arg /* Timeout value for conection attempts */ ) ) ) ) ), "rest" ( /* Allow RPC execution over HTTP(S) connection */ c( "http" ( /* Unencrypted HTTP connection settings */ c( "port" arg /* Port number to accept HTTP connections */, "addresses" ( /* List of addresses to listen for incoming connections */ ipv4addr /* List of addresses to listen for incoming connections */ ) ) ), "https" ( /* Encrypted HTTPS connections */ c( "port" arg /* Port number to accept HTTPS connections */, "addresses" ( /* List of addresses to listen for incoming connections */ ipv4addr /* List of addresses to listen for incoming connections */ ), "server-certificate" arg /* Local certificate identifier */, "cipher-list" ( /* List of allowed cipher suites in order of preference */ ("rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "dhe-rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "dhe-rsa-with-aes-256-cbc-sha" | "ecdhe-rsa-with-rc4-128-sha" | "ecdhe-rsa-with-3des-ede-cbc-sha" | "ecdhe-rsa-with-aes-128-cbc-sha" | "ecdhe-rsa-with-aes-256-cbc-sha" | "rsa-with-aes-128-cbc-sha256" | "rsa-with-aes-256-cbc-sha256" | "dhe-rsa-with-aes-128-cbc-sha256" | "dhe-rsa-with-aes-256-cbc-sha256" | "rsa-with-aes-128-gcm-sha256" | "rsa-with-aes-256-gcm-sha384" | "dhe-rsa-with-aes-128-gcm-sha256" | "dhe-rsa-with-aes-256-gcm-sha384" | "ecdhe-rsa-with-aes-128-cbc-sha256" | "ecdhe-rsa-with-aes-256-cbc-sha384" | "ecdhe-rsa-with-aes-128-gcm-sha256" | "ecdhe-rsa-with-aes-256-gcm-sha384") ), "mutual-authentication" ( /* Enable TLS mutual authentication */ c( "certificate-authority" arg /* Certificate authority profile */ ) ) ) ), "control" ( /* Control of the rest-api process */ c( "allowed-sources" ( /* List of allowed source IP addresses */ ipv4addr /* List of allowed source IP addresses */ ), "connection-limit" arg /* Maximum number of simultaneous connections */ ) ), "traceoptions" ( /* Trace options for rest-api service */ c( "flag" ( /* Area to enable tracing */ ("lighttpd" | "juise" | "all") ) ) ), "enable-explorer" /* Enable REST API explorer tool */ ) ), "subscriber-management-helper" ( /* Subscriber management helper configuration */ smihelperd_type /* Subscriber management helper configuration */ ), "dhcp-local-server" ( /* Dynamic Host Configuration Protocol server configuration */ jdhcp_local_server_type /* Dynamic Host Configuration Protocol server configuration */ ), "dhcp-proxy-client" ( /* Dynamic Host Configuration Protocol Proxy client configuration */ jdhcp_proxy_client_type /* Dynamic Host Configuration Protocol Proxy client configuration */ ), "database-replication" ( /* Database replication configuration */ bdbrepd_type /* Database replication configuration */ ), "web-management" ( /* Web management configuration */ c( "traceoptions" ( /* Web management trace options */ httpd_traceoptions_type /* Web management trace options */ ), "management-url" arg /* URL path for web management access */, "http" ( /* Unencrypted HTTP connection settings */ c( "port" arg /* TCP port for incoming HTTP connections */, "interface" ( /* Interfaces that accept HTTP access */ interface_name /* Interfaces that accept HTTP access */ ) ) ), "https" ( /* Encrypted HTTPS connections */ c( "port" arg /* TCP port for incoming HTTPS connections */, c( "local-certificate" arg /* X.509 certificate to use (from configuration) */, "pki-local-certificate" arg /* X.509 certificate to use (from PKI local store) */, "system-generated-certificate" /* X.509 certificate generated automatically by system */ ), "interface" ( /* Interfaces that accept HTTPS access */ interface_name /* Interfaces that accept HTTPS access */ ) ) ), "control" ( /* Control of the web management process */ c( "max-threads" arg /* Maximum simultaneous threads to handle requests */ ) ), "session" ( /* Session parameters */ c( "idle-timeout" arg /* Default timeout of web-management sessions */, "session-limit" arg /* Maximum number of web-management sessions to allow */ ) ) ) ), "packet-triggered-subscribers" ( /* Packet Triggered Subscribers configuration */ c( "subscriber-idle-timeout" arg /* Subscriber idle timeout */, "subscriber-packet-idle-timeout" arg /* Subscriber packet idle timeout */, "traceoptions" ( /* Packet Triggered Subscribers trace options */ jptspd_traceoptions_type /* Packet Triggered Subscribers trace options */ ), "partition" arg ( /* Packet Triggered Subscriber partition definition */ c( "diameter-instance" arg /* Packet Triggered Subscriber diameter instance */, "destination-realm" arg /* Packet Triggered Subscriber destination realm */, "destination-host" arg /* Packet Triggered Subscriber destination host */ ) ), "partition-diameter-jgx" arg ( /* Packet Triggered Subscriber partition definition */ c( "diameter-instance" arg /* Packet Triggered Subscriber diameter instance */, "destination-realm" arg /* Packet Triggered Subscriber destination realm */, "destination-host" arg /* Packet Triggered Subscriber destination host */ ) ), "partition-radius" arg ( /* Packet Triggered Subscriber partition definition */ c( "accounting-port" arg /* Radius listening port number */, "accounting-shared-secret" ( /* Radius shared secret */ unreadable /* Radius shared secret */ ), "accounting-mode" ( /* Mode */ ("reply" | "no-reply") ), "routing-instance" arg /* Routing instance name */, "accounting-ip-address" ( /* Radius Accounting IP address */ ipaddr /* Radius Accounting IP address */ ), "pre-announcement" arg /* Pre-announcement timeout value in minute */, "accounting-attribute-type" arg /* List of standard radius attributes tracked by the radius-partition */, "accounting-vendor-id" arg /* List of vendor-id tracked by the radius-partition */, "subscriber-service-profile" arg /* Radius attribute carrying subscriber service profile */, "subscriber-identification" arg /* Customize subscriber identification */ ) ), "subscriber-profile" arg ( /* Packet Triggered Subscriber profile */ c( "enable" arg ( /* Enable services */ c( "concurrent-data-sessions" arg /* Number of concurrent data session */ ) ), "disable" arg /* Disable services */, "max-data-sessions-per-subscriber" ( /* Maximum number of concurrent data sessions per subscriber */ c( "limit" arg /* Number of sessions */, "exceed-action" ( /* Action(s) when specified number of concurrent data session reached */ ("drop" | "syslog") ) ) ) ) ) ) ), "static-subscribers" ( /* Static Subscriber Client configuration */ jsscd_static_subscribers_type /* Static Subscriber Client configuration */ ), "subscriber-management" ( /* Subscriber management configuration */ smid_type /* Subscriber management configuration */ ), "resource-monitor" ( /* Resource monitor configuration */ resource_monitor_type /* Resource monitor configuration */ ), "extensible-subscriber-services" ( /* Extensible Subscriber Services Configuration */ c( "maximum-subscribers" ( /* Maximum number of subscribers */ c( arg ) ), "commit-interval" ( /* Script configuration commit interval */ c( arg ) ), "flat-file-accounting-interval" ( /* Flat file accounting collection interval */ c( arg ) ), "flat-file-rollover-interval" ( /* Flat file accounting rollover interval */ c( arg ) ), "logical-interface-unit-range" ( /* Logical interface unit range */ c( "low" arg /* Lower limit of logical interface unit range */, "high" arg /* Upper limit of logical interface unit range */ ) ), "dictionary" ( /* Dictionary Information */ c( filename /* Complete path with dictionary name */ ) ), "flat-file-accounting-format" ( /* Flat file accounting format */ c( c( "ipdr" /* IPDR format */, "csv" /* CSV format */ ) ) ), "access-profile" ( /* Access profile reference */ c( arg ) ), "flat-file-profile" arg /* Flat file profile name */ ) ), "dhcp" ( /* Configure DHCP server */ c( "maximum-lease-time" ( /* Maximum lease time advertised to clients */ ("infinite" | arg) ), "default-lease-time" ( /* Default lease time advertised to clients */ ("infinite" | arg) ), "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "domain-search" arg /* Domain search list used to resolve hostnames */, "wins-server" arg /* NetBIOS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* DHCP server identifier advertised to clients */ ipv4addr /* DHCP server identifier advertised to clients */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ) ) ) ), "byte-stream" arg /* Stream of unsigned 8-bit values within quotes */ ) ) ).as(:oneline), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* Names of SIP servers */, "address" arg /* IP addresses of SIP servers */ ) ), "traceoptions" ( /* DHCP server trace options */ dhcp_traceoptions_type /* DHCP server trace options */ ), "pool" arg ( /* DHCP address pool */ c( "address-range" ( /* Range of addresses to choose from */ sc( "low" ( /* Lowest address in the range */ ipv4addr /* Lowest address in the range */ ), "high" ( /* Highest address in the range */ ipv4addr /* Highest address in the range */ ) ) ).as(:oneline), "exclude-address" arg /* Address to exclude from pool */, "maximum-lease-time" ( /* Maximum lease time advertised to clients */ ("infinite" | arg) ), "default-lease-time" ( /* Default lease time advertised to clients */ ("infinite" | arg) ), "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "domain-search" arg /* Domain search list used to resolve hostnames */, "wins-server" arg /* NetBIOS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* DHCP server identifier advertised to clients */ ipv4addr /* DHCP server identifier advertised to clients */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ) ) ) ), "byte-stream" arg /* Stream of unsigned 8-bit values within quotes */ ) ) ).as(:oneline), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* Names of SIP servers */, "address" arg /* IP addresses of SIP servers */ ) ) ) ), "static-binding" arg ( /* DHCP client's hardware address */ c( "fixed-address" arg /* Possible IP addresses to assign to host */, "host-name" arg /* Hostname for this client */, "client-identifier" ( /* Client identifier option */ sc( c( "ascii" arg /* Client identifier as an ASCII string */, "hexadecimal" arg /* Client identifier as a hexadecimal string */ ) ) ).as(:oneline), "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "domain-search" arg /* Domain search list used to resolve hostnames */, "wins-server" arg /* NetBIOS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* DHCP server identifier advertised to clients */ ipv4addr /* DHCP server identifier advertised to clients */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ) ) ) ), "byte-stream" arg /* Stream of unsigned 8-bit values within quotes */ ) ) ).as(:oneline), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* Names of SIP servers */, "address" arg /* IP addresses of SIP servers */ ) ) ) ) ) ), "transport" /* Transport configuration */ ) ), "syslog" ( /* System logging facility */ c( "archive" ( /* Archive file information */ archive_object /* Archive file information */ ), "user" arg ( /* Notify a user of the event */ c( syslog_object.as(:oneline), "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "allow-duplicates" /* Do not suppress the repeated message */, "match-strings" arg /* Matching string(s) for lines to be logged */ ) ), "host" ("other-routing-engine" | "scc-master" | "sfc0-master" | arg) ( /* Host to be notified */ c( syslog_object.as(:oneline), "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "allow-duplicates" /* Do not suppress the repeated message */, "port" arg /* Port number */, "facility-override" ( /* Alternate facility for logging to remote host */ ("authorization" | "daemon" | "ftp" | "kernel" | "user" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7") ), "log-prefix" arg /* Prefix for all logging to this host */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "explicit-priority" /* Include priority and facility in messages */, "exclude-hostname" /* Exclude hostname field in messages */, "match-strings" arg /* Matching string(s) for lines to be logged */, "structured-data" ( /* Log system message in structured format */ c( c( "brief" /* Omit English-language text from end of logged message */ ) ) ) ) ), "allow-duplicates" /* Do not suppress the repeated message for all targets */, "file" arg ( /* File in which to log data */ c( syslog_object.as(:oneline), "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "allow-duplicates" /* Do not suppress the repeated message */, "archive" ( /* Archive file information */ archive_object /* Archive file information */ ), "explicit-priority" /* Include priority and facility in messages */, "match-strings" arg /* Matching string(s) for lines to be logged */, "structured-data" ( /* Log system message in structured format */ c( c( "brief" /* Omit English-language text from end of logged message */ ) ) ) ) ), "console" enum(("any" | "authorization" | "daemon" | "ftp" | "ntp" | "security" | "kernel" | "user" | "dfc" | "external" | "firewall" | "pfe" | "conflict-log" | "change-log" | "interactive-commands")) ( /* Console logging */ sc( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ) ) ).as(:oneline), "time-format" ( /* Additional information to include in system log timestamp */ sc( "year" /* Include year in timestamp */, "millisecond" /* Include milliseconds in timestamp */ ) ).as(:oneline), "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "log-rotate-frequency" arg /* Rotate log frequency */, "server" ( /* Enable syslog server */ c( "routing-instances" ("all" | "default" | arg) ( /* Enable/disable syslog server in routing-instances */ c( "disable" /* Disable syslog server in this routing instance */ ) ) ) ) ) ), "tracing" ( /* System wide option for remote tracing */ sc( "destination-override" ( /* Override tracing destination */ sc( "syslog" ( /* Send trace messages to remote syslog server */ sc( "host" ( /* IPv4 address of remote syslog server */ ipv4addr /* IPv4 address of remote syslog server */ ) ) ).as(:oneline) ) ).as(:oneline) ) ).as(:oneline), "encrypt-configuration-files" /* Encrypt the router configuration files */, "compress-configuration-files" /* Compress the router configuration files */, "no-compress-configuration-files" /* Don't compress the router configuration files */, "max-configurations-on-flash" arg /* Number of configuration files stored on flash */, "max-configuration-rollbacks" arg /* Number of rollback configuration files */, "archival" ( /* System archival management */ c( "configuration" ( /* Automatic configuration uploads to host(s) */ c( c( "transfer-interval" arg /* Frequency at which file transfer happens */, "transfer-on-commit" /* Transfer after each commit */ ), "archive-sites" arg ( /* List of archive destinations */ sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ) ) ).as(:oneline) ) ) ) ), "extensions" ( /* Configuration for extensions to JUNOS */ c( "providers" arg ( c( "license-type" arg ( sc( "deployment-scope" arg ) ).as(:oneline) ) ), "extension-service" ( /* Enable JUNOS extension service */ c( "application" ( /* JUNOS extension service application */ c( "file" ( /* Configuration for each extension-service application */ jet_scripts_file_type /* Configuration for each extension-service application */ ), "traceoptions" ( /* Trace options for extension-service applications */ script_traceoptions /* Trace options for extension-service applications */ ), "max-datasize" arg /* Maximum data segment size for apps execution */ ) ) ) ), "resource-limits" ( /* Process resource limits */ c( "process" arg ( c( "resources" ( /* Resource limits */ resources_type /* Resource limits */ ) ) ), "package" arg ( c( "resources" ( /* Resource limits */ resources_type /* Resource limits */ ) ) ) ) ) ) ), "license" ( /* License information for the router */ license_object /* License information for the router */ ), "proxy" ( /* Proxy information for the router */ proxy_object /* Proxy information for the router */ ), "commit" ( /* Configuration commit management */ c( "notification" /* Notify applications upon commit complete */, "fast-synchronize" /* Parallelized commit synchronizing multiple routing-engines */, "synchronize" /* Synchronize commit on both Routing Engines by default */, "peers-synchronize" /* Synchronize commit on remote peers by default */, "delta-export" /* Export only delta configuration during commit */, "peers" ( /* Commit peers-synchronize details */ peers_type /* Commit peers-synchronize details */ ), "commit-synchronize-server" ( /* Commit synchronize server configuration */ c( "traceoptions" ( /* Traceoptions for commit synchronize server */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "flag" enum(("ephemeral-commit" | "operational-command" | "debug" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "server" ( /* Commit server (batch commit) */ c( "maximum-aggregate-pool" arg /* Maximum number of transactions to aggregate */, "maximum-entries" arg /* Maximum number of transactions allowed in queue */, "commit-interval" arg /* Number of seconds between commits */, "retry-attempts" arg /* Retry attempts for commit failure due to db lock error */, "retry-interval" arg /* Retry interval in seconds for commit failure */, "days-to-keep-error-logs" arg /* Number of day to keep error log entries */, "redirect-completion-status" arg /* Redirect Async commit status to server configured here */, "commit-schedule-profile" arg ( /* Scheduling profile for asynchronous low priority commits */ c( "start-time" arg /* Time when the schedule starts processing low priority jobs (hh:mm) */, "end-time" arg /* Time when the schedule stops processing low priority jobs (hh:mm) */, "interruptible" /* Allow the low priority jobs to be interrupted during the schedule */, "load-average" ( /* Max load average of system at which schedule starts (last 1 min) */ unsigned_float /* Max load average of system at which schedule starts (last 1 min) */ ) ) ), "traceoptions" ( /* Trace options for commit server */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "flag" enum(("all" | "commit-server" | "batch" | "configuration")) /* Tracing parameters */.as(:oneline) ) ) ) ), "persist-groups-inheritance" /* Build configuration groups inheritance path */ ) ), "fips" ( /* FIPS configuration */ c( "level" arg /* FIPS 140 level */, "self-test" ( /* Configure FIPS self-test execution */ c( "after-key-generation" ( /* FIPS self-test after cryptographic key generation */ ("enable" | "disable") ), "periodic" ( /* Configure periodic FIPS self-test */ c( "start-time" arg /* Time when the periodic FIPS self-tests are to be executed (hh:mm) */, "day-of-month" arg /* Day of the month when FIPS self-tests are to be executed */, "month" arg /* The month when FIPS self-tests are to be executed */, "day-of-week" arg /* Day of the week when the FIPS self-tests are to be executed (where 1 - Monday, 7 - Sunday) */ ) ) ) ) ) ), "export-format" ( /* Setting the properties related to exporting the data */ c( "json" ( /* Set the type of JSON format */ c( c( "verbose" /* All the objects will be emitted as JSON arrays */, "ietf" /* JSON format will be emitted as per ietf draft */ ) ) ) ) ), "health-monitor" ( /* Kernel health monitoring system */ c( "ifstate-clients" ( /* Configure health monitor for ifstate clients on ifstate consumption */ c( "peer-stuck" ( /* PFE/RE/Smart PIC peers ifstate consumption */ c( "threshold-level" ( /* Threshold level to categorize peers as stuck */ ("low" | "medium" | "high") ), "action" ( /* Set an action on stuck peers */ ("alarm" | "alarm-with-cores" | "restart") ) ) ), "non-peer-stuck" ( /* Non-peer clients(daemons) on ifstate consumption */ c( "threshold-level" ( /* Threshold level to categorize non-peer ifstate clients as stuck */ ("low" | "medium" | "high") ), "action" ( /* Set an action on stuck non-peer ifstate clients */ ("alarm" | "alarm-with-cores" | "restart") ) ) ), "all-clients-stuck" ( /* All ifstate clients on ifstate consumption */ c( "threshold-level" ( /* Threshold level to categorize all ifsate clients as stuck */ ("low" | "medium" | "high") ), "action" ( /* Set an action on all stuck ifstate clients */ ("alarm" | "alarm-with-cores" | "restart") ) ) ) ) ) ) ), "auto-configuration" ( c( "traceoptions" ( /* Autoconfiguration trace options */ autoconf_traceoptions_type /* Autoconfiguration trace options */ ) ) ), "processes" ( /* Process control */ c( "routing" ( /* Routing process */ sc( ("disable"), "failover" ( /* How to handle failure of routing process */ ("other-routing-engine" | "alternate-media") ), c( "force-32-bit" /* Always use 32-bit mode */, "force-64-bit" /* Always use 64-bit mode */, "auto-64-bit" /* Use 64-bit mode if RE memory is sufficient */ ) ) ).as(:oneline), "software-forwarding" ( /* Software forwarding process */ sc( ("disable") ) ).as(:oneline), "packet-forwarding-engine" ( /* Packet forwarding engine process */ sc( ("disable") ) ).as(:oneline), "chassis-control" ( /* Chassis control process */ sc( ("disable"), "failover" ( /* How to handle failure of chassis control process */ ("alternate-media") ) ) ).as(:oneline), "service-pics" ( /* Service PICs process */ sc( ("disable"), "failover" ( /* How to handle failure of service PICs process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "ntp" ( /* Network time process */ sc( ("disable"), "failover" ( /* How to handle failure of network time process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "watchdog" ( /* Watchdog timer */ sc( ("enable" | "disable"), "timeout" arg /* Watchdog timer value */ ) ).as(:oneline), "process-monitor" ( /* Process health monitor process */ c( ("disable"), "traceoptions" ( /* Process health monitor trace options */ pmond_traceoptions_type /* Process health monitor trace options */ ) ) ), "resource-cleanup" ( /* Resource cleanup process */ c( ("disable"), "traceoptions" ( /* Resource cleanup process trace options */ res_cleanupd_traceoptions_type /* Resource cleanup process trace options */ ) ) ), "routing-socket-proxy" ( /* Routing socket proxy process */ sc( ("disable"), "failover" ( /* How to handle failure of routing socket proxy process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "web-management" ( /* Web management process */ sc( ("disable"), "failover" ( /* How to handle failure of web management process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "named-service" ( /* DNS server process */ c( ("disable"), "failover" ( /* How to handle failure of dns server process */ ("other-routing-engine" | "alternate-media") ) ) ), "cfm" ( /* Ethernet OAM connectivity fault management process */ sc( ("disable") ) ).as(:oneline), "general-authentication-service" ( /* General authentication service process */ c( ("disable"), "traceoptions" ( /* General authentication service trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "filter" ( /* Filter to control trace messages */ c( "user" ( /* Filter by user name */ c( arg ) ) ) ), "flag" enum(("configuration" | "framework" | "radius" | "local-authentication" | "ldap" | "address-assignment" | "jsrc" | "gx-plus" | "session-db" | "profile-db" | "lib-stats" | "user-access" | "nasreq" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "smg-service" ( /* Enhanced session management process */ c( ("disable"), "failover" ( /* How to handle failure of Enhanced Session Manager process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* Enhanced session management process trace options */ bbe_smgd_traceoptions_type /* Enhanced session management process trace options */ ) ) ), "bbe-mib-daemon" ( /* Enhanced Session Management MIB Daemon process */ c( ("disable"), "failover" ( /* How to handle failure of Enhanced Session Manager process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* Bbe mib daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("framework" | "all")) /* Tracing Parameters */.as(:oneline) ) ) ) ), "dhcp-service" ( /* Dynamic Host Configuration Protocol general configuration */ c( ("disable"), "failover" ( /* How to handle failure of dhcp service process */ ("other-routing-engine" | "alternate-media") ), "persistent-storage" ( /* DHCP persistent storage configuration parameters */ c( arg, "backup-interval" arg /* Number of hours after which backup file will be created */ ) ), "traceoptions" ( /* Trace options for DHCP */ jdhcp_traceoptions_level_type /* Trace options for DHCP */ ), "interface-traceoptions" ( /* Interface trace options for DHCP */ jdhcp_interface_traceoptions_level_type /* Interface trace options for DHCP */ ), "dhcp-snooping-file" ( /* DHCP snooping persistence file, write-interval and timeout */ c( filename /* Location of DHCP snooping entries file */, "write-interval" arg /* Time interval for writing DHCP snooping entries */ ) ), "dhcpv6-snooping-file" ( /* DHCPv6 snooping persistence file and write-interval timeout */ c( filename /* Location of DHCPv6 snooping entries file */, "write-interval" arg /* Time interval in seconds for writing DHCPv6 snooping entries */ ) ), "ltv-syslog-interval" ( /* Lease time violation syslog interval */ c( arg ) ), "accept-max-tcp-connections" arg /* Max TCP connections served globally at a time */, "request-max-tcp-connections" arg /* Max TCP connections requested globally at a time */ ) ), "diameter-service" ( /* Diameter process */ c( ("disable"), "traceoptions" ( /* Diameter service trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("framework" | "configuration" | "memory-management" | "daemon" | "application" | "node" | "diameter-instance" | "dne" | "peer" | "messages" | "all")) /* Aread to enabe debugging output */.as(:oneline) ) ) ) ), "mac-validation" ( /* Process mac validation process */ c( ("disable"), "traceoptions" ( /* Process mac validation trace options */ jsavald_traceoptions_type /* Process mac validation trace options */ ) ) ), "sbc-configuration-process" ( /* SBC configuration process */ c( ("disable"), "failover" ( /* How to handle failure of SBC configuration process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* SBC configuration process trace options */ sbc_traceoptions /* SBC configuration process trace options */ ) ) ), "sdk-service" ( /* SDK Service Daemon */ c( ("disable"), "traceoptions" ( /* SDK Service Daemon trace options */ ssd_traceoptions_type /* SDK Service Daemon trace options */ ) ) ), "app-engine-virtual-machine-management-service" ( /* App-engine Virtual Machine Management */ c( ("disable"), "traceoptions" ( /* App-engine virtual machine management trace options */ sdk_vmmd_traceoptions_type /* App-engine virtual machine management trace options */ ) ) ), "app-engine-management-service" ( /* App-engine Management Daemon */ c( ("disable"), "traceoptions" ( /* App-engine management daemon trace options */ sdk_mgmtd_traceoptions_type /* App-engine management daemon trace options */ ) ) ), "datapath-trace-service" ( /* Datapath Trace process */ c( ("disable"), "traceoptions" ( /* DATAPATH Trace process trace options */ datapath_traced_traceoptions_type /* DATAPATH Trace process trace options */ ) ) ), "send" ( /* Secure Neighbor Discovery Protocol process */ sc( ("disable") ) ).as(:oneline), "static-subscribers" ( /* Static subscribers process */ c( ("disable"), "traceoptions" ( /* Trace options for Static Subscriber Client */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "database" | "general" | "message" | "rtsock" | "statistics" | "subscriber" | "gres" | "issu" | "authentication" | "profile" | "all")) /* Operations to include in debugging trace */.as(:oneline) ) ) ) ), "extensible-subscriber-services" ( /* Extensible Subscriber Services Manager Daemon */ c( ("disable"), "traceoptions" ( /* Trace options for Extensible Subscriber Services Daemon */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("authentication" | "configuration" | "database" | "dictionary" | "dynamic" | "fsm" | "general" | "kernel" | "op-script" | "statistics" | "all")) /* Operations to include in debugging trace */.as(:oneline) ) ) ) ), "kernel-offload-service" ( /* Kernel offload Service */ c( ("disable"), "traceoptions" ( /* Kernel offload service trace options */ kod_trace_type /* Kernel offload service trace options */ ) ) ), daemon_process, "video-monitoring" ( /* Video Monitoring Process */ sc( ("disable"), "traceoptions" ( /* Trace options for VMOND */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ) ) ).as(:oneline) ) ), "ddos-protection" ( /* Configure DDOS process */ c( "traceoptions" ( /* DDOS trace options */ ddos_traceoptions_type /* DDOS trace options */ ), "global" ( /* DDOS global configurations */ c( "disable-routing-engine" /* Disable Routing Engine policing for all protocols */, "disable-fpc" /* Disable FPC policing for all protocols */, "disable-logging" /* Disable event logging for all protocols */, "flow-detection" /* Enable flow detection for all protocols */, "violation-report-rate" arg /* Set the rate of reporting protocol violations for all FPC's */, "flow-report-rate" arg /* Set the rate of reporting flows for all FPC's */, "flow-detection-mode" ( /* Default flow detection mode for all packet types */ ("automatic" | "on" | "off") ), "flow-level-control" ( /* Default control action for all flow aggregation levels */ ("drop" | "keep" | "police") ) ) ), "protocols" ( /* DDOS protocol parameters */ c( "ipv4-unclassified" ( /* Configure unclassified host-bound IPv4 traffic */ c( "aggregate" ( /* Configure aggregate for all unclassified host-bound IPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ipv6-unclassified" ( /* Configure unclassified host-bound IPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all unclassified host-bound IPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "resolve" ( /* Configure resolve traffic */ c( "aggregate" ( /* Configure aggregate for all resolve traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "other" ( /* Configure all other unclassified resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ucast-v4" ( /* Configure ipv4 unicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mcast-v4" ( /* Configure ipv4 multicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ucast-v6" ( /* Configure ipv6 unicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mcast-v6" ( /* Configure ipv6 multicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "filter-action" ( /* Configure filter action traffic (none-dhcp) */ c( "aggregate" ( /* Configure aggregate for all filter action traffic (none-dhcp) */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "other" ( /* Configure non v4/v6 firewall action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "filter-v4" ( /* Configure v4 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "filter-v6" ( /* Configure v6 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dynamic-vlan" ( /* Configure dynamic vlan exceptions */ c( "aggregate" ( /* Configure aggregate for all dynamic vlan exceptions */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ppp" ( /* Configure PPP control traffic */ c( "aggregate" ( /* Configure aggregate for all PPP control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified PPP control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "lcp" ( /* Configure Link Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "authentication" ( /* Configure Authentication Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ipcp" ( /* Configure IP Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ipv6cp" ( /* Configure IPv6 Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mplscp" ( /* Configure MPLS Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "isis" ( /* Configure ISIS Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "echo-req" ( /* Configure LCP Echo Request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "echo-rep" ( /* Configure LCP Echo Reply */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mlppp-lcp" ( /* Configure MLPPP LCP */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pppoe" ( /* Configure PPPoE control traffic */ c( "aggregate" ( /* Configure aggregate for all PPPoE control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "padi" ( /* Configure PPPoE PADI */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pado" ( /* Configure PPPoE PADO */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padr" ( /* Configure PPPoE PADR */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pads" ( /* Configure PPPoE PADS */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padt" ( /* Configure PPPoE PADT */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padm" ( /* Configure PPPoE PADM */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padn" ( /* Configure PPPoE PADN */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dhcpv4" ( /* Configure DHCPv4 traffic */ c( "aggregate" ( /* Configure aggregate for all DHCPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified DHCPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "discover" ( /* Configure DHCPv4 DHCPDISCOVER */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "offer" ( /* Configure DHCPv4 DHCPOFFER */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "request" ( /* Configure DHCPv4 DHCPREQUEST */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "decline" ( /* Configure DHCPv4 DHCPDECLINE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "ack" ( /* Configure DHCPv4 DHCPACK */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "nak" ( /* Configure DHCPv4 DHCPNAK */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "release" ( /* Configure DHCPv4 DHCPRELEASE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "inform" ( /* Configure DHCPv4 DHCPINFORM */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "renew" ( /* Configure DHCPv4 DHCPRENEW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "force-renew" ( /* Configure DHCPv4 DHCPFORCERENEW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-query" ( /* Configure DHCPv4 DHCPLEASEQUERY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-unassigned" ( /* Configure DHCPv4 DHCPLEASEUNASSIGNED */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-unknown" ( /* Configure DHCPv4 DHCPLEASEUNKOWN */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-active" ( /* Configure DHCPv4 DHCPLEASEACTIVE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "bootp" ( /* Configure DHCPv4 DHCPBOOTP */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "no-message-type" ( /* Configure DHCPv4 traffic with missing message type */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "bad-packets" ( /* Configure DHCPv4 traffic with bad format */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "dhcpv6" ( /* Configure DHCPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all DHCPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified DHCPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "solicit" ( /* Configure DHCPv6 SOLICIT */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "advertise" ( /* Configure DHCPv6 ADVERTISE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "request" ( /* Configure DHCPv6 REQUEST */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "confirm" ( /* Configure DHCPv6 CONFIRM */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "renew" ( /* Configure DHCPv6 RENEW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "rebind" ( /* Configure DHCPv6 REBIND */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "reply" ( /* Configure DHCPv6 REPLY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "release" ( /* Configure DHCPv6 RELEASE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "decline" ( /* Configure DHCPv6 DECLINE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "reconfigure" ( /* Configure DHCPv6 RECONFIGURE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "information-request" ( /* Configure DHCPv6 INFORMATION-REQUEST */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "relay-forward" ( /* Configure DHCPv6 RELAY-FORW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "relay-reply" ( /* Configure DHCPv6 RELAY-REPL */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "leasequery" ( /* Configure DHCPv6 LEASEQUERY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "leasequery-reply" ( /* Configure DHCPv6 LEASEQUERY-REPLY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "leasequery-done" ( /* Configure DHCPv6 LEASEQUERY-DONE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "leasequery-data" ( /* Configure DHCPv6 LEASEQUERY-DATA */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "virtual-chassis" ( /* Configure virtual chassis traffic */ c( "aggregate" ( /* Configure aggregate for all virtual chassis traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified virtual chassis traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "control-high" ( /* Configure high priority control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "control-low" ( /* Configure low priority control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "vc-packets" ( /* Configure all exception packets on vc link */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "vc-ttl-errors" ( /* Configure ttl errors */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "icmp" ( /* Configure ICMP traffic */ c( "aggregate" ( /* Configure aggregate for all ICMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "igmp" ( /* Configure IGMP traffic */ c( "aggregate" ( /* Configure aggregate for all IGMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ospf" ( /* Configure OSPF traffic */ c( "aggregate" ( /* Configure aggregate for all OSPF traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "rsvp" ( /* Configure RSVP traffic */ c( "aggregate" ( /* Configure aggregate for all RSVP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pim" ( /* Configure PIM traffic */ c( "aggregate" ( /* Configure aggregate for all PIM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "rip" ( /* Configure RIP traffic */ c( "aggregate" ( /* Configure aggregate for all RIP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ptp" ( /* Configure PTP traffic */ c( "aggregate" ( /* Configure aggregate for all PTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bfd" ( /* Configure BFD traffic */ c( "aggregate" ( /* Configure aggregate for all BFD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified BFD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "multihop-bfd" ( /* Configure Multihop BFD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "lmp" ( /* Configure LMP traffic */ c( "aggregate" ( /* Configure aggregate for all LMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ldp" ( /* Configure LDP traffic */ c( "aggregate" ( /* Configure aggregate for all LDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified LDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ldp-hello" ( /* Configure LDP Hello traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "msdp" ( /* Configure MSDP traffic */ c( "aggregate" ( /* Configure aggregate for all MSDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bgp" ( /* Configure BGP traffic */ c( "aggregate" ( /* Configure aggregate for all BGP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vrrp" ( /* Configure VRRP traffic */ c( "aggregate" ( /* Configure aggregate for all VRRP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "telnet" ( /* Configure telnet traffic */ c( "aggregate" ( /* Configure aggregate for all telnet traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ftp" ( /* Configure FTP traffic */ c( "aggregate" ( /* Configure aggregate for all FTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ssh" ( /* Configure SSH traffic */ c( "aggregate" ( /* Configure aggregate for all SSH traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "snmp" ( /* Configure SNMP traffic */ c( "aggregate" ( /* Configure aggregate for all SNMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ancp" ( /* Configure ANCP traffic */ c( "aggregate" ( /* Configure aggregate for all ANCP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "igmpv6" ( /* Configure IGMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all IGMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified IGMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mld" ( /* Configure MLD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "egpv6" ( /* Configure EGPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all EGPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "rsvpv6" ( /* Configure RSVPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all RSVPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "igmpv4v6" ( /* Configure IGMPv4-v6 traffic */ c( "aggregate" ( /* Configure aggregate for all IGMPv4-v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ripv6" ( /* Configure RIPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all RIPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bfdv6" ( /* Configure BFDv6 traffic */ c( "aggregate" ( /* Configure aggregate for all BFDv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "lmpv6" ( /* Configure LMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all LMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ldpv6" ( /* Configure LDPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all LDPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "msdpv6" ( /* Configure MSDPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all MSDPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bgpv6" ( /* Configure BGPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all BGPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vrrpv6" ( /* Configure VRRPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all VRRPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "telnetv6" ( /* Configure telnet-v6 traffic */ c( "aggregate" ( /* Configure aggregate for all telnet-v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ftpv6" ( /* Configure FTPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all FTPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sshv6" ( /* Configure SSHv6 traffic */ c( "aggregate" ( /* Configure aggregate for all SSHv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "snmpv6" ( /* Configure SNMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all SNMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ancpv6" ( /* Configure ANCPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all ANCPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ospfv3v6" ( /* Configure OSPFv3v6 traffic */ c( "aggregate" ( /* Configure aggregate for all OSPFv3v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "lacp" ( /* Configure LACP traffic */ c( "aggregate" ( /* Configure aggregate for all LACP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "stp" ( /* Configure STP traffic */ c( "aggregate" ( /* Configure aggregate for all STP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "esmc" ( /* Configure ESMC traffic */ c( "aggregate" ( /* Configure aggregate for all ESMC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "oam-lfm" ( /* Configure OAM-LFM traffic */ c( "aggregate" ( /* Configure aggregate for all OAM-LFM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "eoam" ( /* Configure EOAM traffic */ c( "aggregate" ( /* Configure aggregate for all EOAM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified EOAM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "oam-cfm" ( /* Configure OAM-CFM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "lldp" ( /* Configure LLDP traffic */ c( "aggregate" ( /* Configure aggregate for all LLDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mvrp" ( /* Configure MVRP traffic */ c( "aggregate" ( /* Configure aggregate for all MVRP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pmvrp" ( /* Configure PMVRP traffic */ c( "aggregate" ( /* Configure aggregate for all PMVRP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "arp" ( /* Configure ARP traffic */ c( "aggregate" ( /* Configure aggregate for all ARP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassifiedi ARP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "arp-snoop" ( /* Configure ARP snoop traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "pvstp" ( /* Configure PVSTP traffic */ c( "aggregate" ( /* Configure aggregate for all PVSTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "isis" ( /* Configure ISIS traffic */ c( "aggregate" ( /* Configure aggregate for all ISIS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pos" ( /* Configure POS traffic */ c( "aggregate" ( /* Configure aggregate for all POS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mlp" ( /* Configure MLP traffic */ c( "aggregate" ( /* Configure aggregate for all MLP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified MLP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "lookup" ( /* Configure MLP lookup request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "add" ( /* Configure MLP add request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "delete" ( /* Configure MLP delete request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "macpin-exception" ( /* Configure MAC-pinning exceptions */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "jfm" ( /* Configure JFM traffic */ c( "aggregate" ( /* Configure aggregate for all JFM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "atm" ( /* Configure ATM traffic */ c( "aggregate" ( /* Configure aggregate for all ATM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pfe-alive" ( /* Configure pfe alive traffic */ c( "aggregate" ( /* Configure aggregate for all pfe alive traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ttl" ( /* Configure ttl traffic */ c( "aggregate" ( /* Configure aggregate for all ttl traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ip-options" ( /* Configure ip options traffic */ c( "aggregate" ( /* Configure aggregate for all ip options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure Unclassified options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "router-alert" ( /* Configure Router alert options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "non-v4v6" ( /* Configure Non IPv4/v6 options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "redirect" ( /* Configure packets to trigger ICMP redirect */ c( "aggregate" ( /* Configure aggregate for all packets to trigger ICMP redirect */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "multicast-copy" ( /* Configure host copy due to multicast routing */ c( "aggregate" ( /* Configure aggregate for all host copy due to multicast routing */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "exceptions" ( /* Configure exception traffic sent to host */ c( "aggregate" ( /* Configure aggregate for all exception traffic sent to host */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure all unclassified discards */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mtu-exceeded" ( /* Configure packets exceeded MTU */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mcast-rpf-err" ( /* Configure packets failed the multicast RPF check */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mac-host" ( /* Configure L2-MAC configured 'send-to-host' */ c( "aggregate" ( /* Configure aggregate for all L2-MAC configured 'send-to-host' */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tunnel-fragment" ( /* Configure tunnel fragment */ c( "aggregate" ( /* Configure aggregate for all tunnel fragment */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mcast-snoop" ( /* Configure snooped multicast control traffic */ c( "aggregate" ( /* Configure aggregate for all snooped multicast control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "igmp" ( /* Configure snooped igmp traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pim" ( /* Configure snooped pim traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mld" ( /* Configure snooped mld traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "services" ( /* Configure services */ c( "aggregate" ( /* Configure aggregate for all services */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "packet" ( /* Configure Service packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "bsdt" ( /* Configure Test packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "demux-autosense" ( /* Configure demux autosense traffic */ c( "aggregate" ( /* Configure aggregate for all demux autosense traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "reject" ( /* Configure packets via 'reject' action */ c( "aggregate" ( /* Configure aggregate for all packets via 'reject' action */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "firewall-host" ( /* Configure packets via firewall 'send-to-host' action */ c( "aggregate" ( /* Configure aggregate for all packets via firewall 'send-to-host' action */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tcp-flags" ( /* Configure packets with tcp flags */ c( "aggregate" ( /* Configure aggregate for all packets with tcp flags */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure TCP packets with other tcp flags */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "initial" ( /* Configure First packets of TCP sessions (SYN & !ACK) */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "established" ( /* Configure Non-first packets of TCP sessions (ACK | RST) */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dtcp" ( /* Configure dtcp traffic */ c( "aggregate" ( /* Configure aggregate for all dtcp traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "radius" ( /* Configure Radius traffic */ c( "aggregate" ( /* Configure aggregate for all Radius traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "server" ( /* Configure Radius server traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "accounting" ( /* Configure Radius accounting traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "authorization" ( /* Configure Radius authorization traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ntp" ( /* Configure NTP traffic */ c( "aggregate" ( /* Configure aggregate for all NTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tacacs" ( /* Configure TACACS traffic */ c( "aggregate" ( /* Configure aggregate for all TACACS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dns" ( /* Configure DNS traffic */ c( "aggregate" ( /* Configure aggregate for all DNS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "diameter" ( /* Configure Diameter/Gx+ traffic */ c( "aggregate" ( /* Configure aggregate for all Diameter/Gx+ traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ip-fragments" ( /* Configure IP-Fragments */ c( "aggregate" ( /* Configure aggregate for all IP-Fragments */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "first-fragment" ( /* Configure First IP fragment */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "trail-fragment" ( /* Configure Trailing IP fragment */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l2tp" ( /* Configure l2tp traffic */ c( "aggregate" ( /* Configure aggregate for all l2tp traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "gre" ( /* Configure GRE traffic */ c( "aggregate" ( /* Configure aggregate for all GRE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "hbc" ( /* Configure Host GRE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "punt" ( /* Configure PFE GRE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pimv6" ( /* Configure PIMv6 traffic */ c( "aggregate" ( /* Configure aggregate for all PIMv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "icmpv6" ( /* Configure ICMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all ICMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ndpv6" ( /* Configure NDPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all NDPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "router-solicitation" ( /* Configure NDPv6 router-solicitation */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "router-advertisement" ( /* Configure NDPv6 router-advertisement */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "neighbor-solicitation" ( /* Configure NDPv6 neighbor-solicitation */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "neighbor-advertisement" ( /* Configure NDPv6 neighbor-advertisement */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "redirect" ( /* Configure NDPv6 redirect */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "invalid-hop-limit" ( /* Configure NDPv6 with invalid hop limit */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sample" ( /* Configure sampled traffic */ c( "aggregate" ( /* Configure aggregate for all sampled traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "syslog" ( /* Configure Syslog sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "host" ( /* Configure Host sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pfe" ( /* Configure PFE sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "tap" ( /* Configure Tap sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "sflow" ( /* Configure Sflow sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "re-services" ( /* Configure RE Services IPv4 traffic */ c( "aggregate" ( /* Configure aggregate for all RE Services IPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "captive-portal" ( /* Configure Captive Portal IPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "re-services-v6" ( /* Configure RE Services IPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all RE Services IPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "captive-portal" ( /* Configure Captive Portal IPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "fab-probe" ( /* Configure fab out probe packets */ c( "aggregate" ( /* Configure aggregate for all fab out probe packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "unclassified" ( /* Configure unclassified host-bound traffic */ c( "aggregate" ( /* Configure aggregate for all unclassified host-bound traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "other" ( /* Configure all other unclassified packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "resolve-v4" ( /* Configure unclassified v4 resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "resolve-v6" ( /* Configure unclassified v6 resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "control-v4" ( /* Configure unclassified v4 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "control-v6" ( /* Configure unclassified v6 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "host-route-v4" ( /* Configure unclassified v4 hostbound packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "host-route-v6" ( /* Configure unclassified v6 hostbound packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "filter-v4" ( /* Configure unclassified v4 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "filter-v6" ( /* Configure unclassified v6 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "control-layer2" ( /* Configure unclassified layer2 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "fw-host" ( /* Configure Unclassified send to host fw traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "mcast-copy" ( /* Configure Unclassified host copy due to multicast routing */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "rejectv6" ( /* Configure packets via 'rejectv6' action */ c( "aggregate" ( /* Configure aggregate for all packets via 'rejectv6' action */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l2pt" ( /* Configure Layer 2 protocol tunneling */ c( "aggregate" ( /* Configure aggregate for all Layer 2 protocol tunneling */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tunnel-ka" ( /* Configure tunnel keepalive packets */ c( "aggregate" ( /* Configure aggregate for all tunnel keepalive packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "inline-ka" ( /* Configure inline keepalive packets */ c( "aggregate" ( /* Configure aggregate for all inline keepalive packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "inline-svcs" ( /* Configure inline services */ c( "aggregate" ( /* Configure aggregate for all inline services */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "frame-relay" ( /* Configure frame relay control packets */ c( "aggregate" ( /* Configure aggregate for all frame relay control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "frf15" ( /* Configure Multilink frame relay FRF.15 ctrl packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "frf16" ( /* Configure Multilink frame relay FRF.16 ctrl packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "amtv4" ( /* Configure AMT v4 control packets */ c( "aggregate" ( /* Configure aggregate for all AMT v4 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "amtv6" ( /* Configure AMT v6 control packets */ c( "aggregate" ( /* Configure aggregate for all AMT v6 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "syslog" ( /* Configure syslog traffic */ c( "aggregate" ( /* Configure aggregate for all syslog traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pim-ctrl" ( /* Configure PIM control packets */ c( "aggregate" ( /* Configure aggregate for all PIM control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ospf-hello" ( /* Configure OSPF hello packets */ c( "aggregate" ( /* Configure aggregate for all OSPF hello packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pim-data" ( /* Configure PIM data */ c( "aggregate" ( /* Configure aggregate for all PIM data */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "fip-snooping" ( /* Configure FIP snooping */ c( "aggregate" ( /* Configure aggregate for all FIP snooping */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "unknown-l2mc" ( /* Configure Unknown layer 2 multicast */ c( "aggregate" ( /* Configure aggregate for all Unknown layer 2 multicast */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "nonucast-switch" ( /* Configure Non unicast switched */ c( "aggregate" ( /* Configure aggregate for all Non unicast switched */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ipmcast-miss" ( /* Configure IP multicast miss */ c( "aggregate" ( /* Configure aggregate for all IP multicast miss */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "urpf-fail" ( /* Configure Unicast reverse path forwarding failure */ c( "aggregate" ( /* Configure aggregate for all Unicast reverse path forwarding failure */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3nhop" ( /* Configure Layer 3 next hop to CPU */ c( "aggregate" ( /* Configure aggregate for all Layer 3 next hop to CPU */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "martian-address" ( /* Configure Martian address */ c( "aggregate" ( /* Configure aggregate for all Martian address */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3mc-sgv-hit-icl" ( /* Configure Layer 3 multicast (*,G) hit ICL */ c( "aggregate" ( /* Configure aggregate for all Layer 3 multicast (*,G) hit ICL */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3dest-miss" ( /* Configure Layer 3 destination miss */ c( "aggregate" ( /* Configure aggregate for all Layer 3 destination miss */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ipmc-reserved" ( /* Configure IP multicast reserved */ c( "aggregate" ( /* Configure aggregate for all IP multicast reserved */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "garp-reply" ( /* Configure Gratuitous ARP reply */ c( "aggregate" ( /* Configure aggregate for all Gratuitous ARP reply */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3mtu-fail" ( /* Configure Layer 3 mtu failure */ c( "aggregate" ( /* Configure aggregate for all Layer 3 mtu failure */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sample-dest" ( /* Configure Sample at egress */ c( "aggregate" ( /* Configure aggregate for all Sample at egress */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sample-source" ( /* Configure Sample at ingress */ c( "aggregate" ( /* Configure aggregate for all Sample at ingress */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vcipc-udp" ( /* Configure VC UDP packets */ c( "aggregate" ( /* Configure aggregate for all VC UDP packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vxlan" ( /* Configure VXLAN L2/L3 packets */ c( "aggregate" ( /* Configure aggregate for all VXLAN L2/L3 packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "bfd" ( /* Configure VXLAN BFD packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dhcpv4v6" ( /* Configure DHCPv4/v6 traffic */ c( "aggregate" ( /* Configure aggregate for all DHCPv4/v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "localnh" ( /* Configure Local nh hit ssh telnet ftp etc */ c( "aggregate" ( /* Configure aggregate for all Local nh hit ssh telnet ftp etc */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "proto-802-1x" ( /* Configure 802.1X traffic */ c( "aggregate" ( /* Configure aggregate for all 802.1X traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "all-fiber-channel-enode" ( /* Configure ALL_FC_ENODE traffic */ c( "aggregate" ( /* Configure aggregate for all ALL_FC_ENODE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tcc" ( /* Configure TCC traffic */ c( "aggregate" ( /* Configure aggregate for all TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ethernet-tcc" ( /* Configure Ethernet TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "iso-tcc" ( /* Configure ISO TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pkt-inject" ( /* Configure Packet Inject traffic */ c( "aggregate" ( /* Configure aggregate for all Packet Inject traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ptpv6" ( /* Configure PTPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all PTPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ) ) ) ) ), "packet-triggered-subscribers-partition" ( /* Packet Triggered Subscribers partition configuration */ c( arg, "partition" arg ( c( "service-set" arg /* List of service-set name */, "service-set-prefix" arg /* List of service-set prefix name */ ) ), "exclude-service-set" arg /* List of service-set name */ ) ), "ntp" ( /* Network Time Protocol services */ c( "boot-server" ( /* Server to query during boot sequence */ ipaddr /* Server to query during boot sequence */ ), "authentication-key" arg ( /* Authentication key information */ sc( "type" ( /* Authentication key type */ ("md5" | "des") ), "value" ( /* Authentication key value */ unreadable /* Authentication key value */ ) ) ).as(:oneline), "peer" arg ( /* Peer parameters */ sc( "key" arg /* Authentication key */, "version" arg /* NTP version to use */, "prefer" /* Prefer this peer_serv */ ) ).as(:oneline), "server" arg ( /* Server parameters */ sc( "key" arg /* Authentication key */, "version" arg /* NTP version to use */, "prefer" /* Prefer this peer_serv */ ) ).as(:oneline), "broadcast" arg ( /* Broadcast parameters */ sc( "routing-instance-name" arg /* Routing intance name in which interface has address in broadcast subnet */, "key" arg /* Authentication key */, "version" arg /* NTP version to use */, "ttl" arg /* TTL value to transmit */ ) ).as(:oneline), "broadcast-client" /* Listen to broadcast NTP */, "multicast-client" ( /* Listen to multicast NTP */ sc( ipaddr /* Multicast address to listen to */ ) ).as(:oneline), "trusted-key" arg /* List of trusted authentication keys */, "source-address" arg ( /* Source-Address parameters */ sc( "routing-instance" arg /* Routing intance name in which source address is defined */ ) ).as(:oneline) ) ), "master-password" ( /* Master password for $8$ password-encryption */ c( "iteration-count" arg /* Define PBKDF2 iteration count */, "pseudorandom-function" ( /* Define PBKDF2 PRF */ ("hmac-sha2-256" | "hmac-sha1" | "hmac-sha2-512") ) ) ), "dump-on-panic" ) end rule(:archive_object) do c( "size" arg /* Size of files to be archived */, "files" arg /* Number of files to be archived */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "binary-data" /* Mark file as if it contains binary data */, "no-binary-data" /* Don't mark file as if it contains binary data */, "transfer-interval" arg /* Frequency at which to transfer files to archive sites */, "start-time" ( /* Start time for file transmission (yyyy-mm-dd.hh:mm) */ time /* Start time for file transmission (yyyy-mm-dd.hh:mm) */ ), "archive-sites" arg ( sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ) ) ).as(:oneline) ).as(:oneline) end rule(:authentication_object) do c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */, "no-public-keys" /* Disables ssh public key based authentication */, "ssh-rsa" arg ( /* Secure shell (ssh) RSA public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline), "ssh-dsa" arg ( /* Secure shell (ssh) DSA public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline), "ssh-ecdsa" arg ( /* Secure shell (ssh) ECDSA public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline), "ssh-ed25519" arg ( /* Secure shell (ssh) ED25519 public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline) ) end rule(:autoconf_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "interfaces" | "io" | "rtsock" | "ui" | "auth" | "all")) /* Area of autoconfiguration to enable debugging output */.as(:oneline) ) end rule(:bbe_smgd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "main" | "interface" | "rpd" | "service" | "net" | "autoconf" | "demux" | "session" | "io" | "vbf" | "dhcp" | "cpcd" | "pppoe" | "ppp" | "rtsock" | "ui" | "l2tp" | "dprof" | "auth" | "stats" | "ucac" | "snmp" | "ancp" | "jssc" | "gre" | "all")) /* Specific SMGD area to include in debugging trace */.as(:oneline) ) end rule(:bdbrepd_type) do c( "traceoptions" ( /* Database replication trace options */ bdbrepd_traceoptions_type /* Database replication trace options */ ) ) end rule(:bdbrepd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("database" | "mirror" | "replication" | "ui" | "general" | "session-db" | "server" | "all")) /* Database replication operations to include in debugging trace */.as(:oneline) ) end rule(:daemon_process) do arg.as(:arg) ( c( ("disable"), "failover" ( /* How to handle failure of parameter */ ("other-routing-engine" | "alternate-media") ), "command" arg /* Path to binary for process */ ) ).as(:oneline) end rule(:datapath_traced_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("datapath-traced-infrastructure" | "datapath-traced-server" | "client-management" | "all")) /* Area of DATAPATH Trace process to enable debugging output */.as(:oneline) ) end rule(:ddos_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "events" | "gres" | "init" | "memory" | "protocol" | "rtsock" | "signal" | "state" | "timer" | "ui" | "ipc" | "socket" | "all")) /* Area of DDOS process to enable debugging output */.as(:oneline) ) end rule(:dhcp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("binding" | "config" | "conflict" | "event" | "ifdb" | "io" | "lease" | "main" | "misc" | "option" | "packet" | "pool" | "protocol" | "relay" | "rtsock" | "scope" | "signal" | "trace" | "ui" | "all")) /* Area of DHCP server process to enable debugging output */.as(:oneline) ) end rule(:dynamic_profile_option_object) do c( "versioning" /* Enable dynamic profile versioning */ ) end rule(:httpd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "mgd" | "webauth" | "dynamic-vpn" | "init" | "all")) /* Area of HTTPD process to enable debugging output */.as(:oneline) ) end rule(:jdhcp_interface_traceoptions_level_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all")) /* Interface trace categories */.as(:oneline) ) end rule(:jdhcp_traceoptions_level_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all" | "database" | "persistent" | "interface" | "rtsock" | "flow-notify" | "io" | "ha" | "ui" | "general" | "fwd" | "rpd" | "auth" | "profile" | "session-db" | "performance" | "statistics" | "dhcpv6-io" | "dhcpv6-rpd" | "dhcpv6-session-db" | "dhcpv6-general" | "liveness-detection" | "security-persistence" | "mclag")) /* DHCP operations to include in debugging trace */.as(:oneline) ) end rule(:jet_scripts_file_type) do arg.as(:arg) ( c( "checksum" ( /* Checksum of this script */ c( "md5" arg /* MD5 checksum of this script */, "sha1" arg /* SHA1 checksum of this script */, "sha-256" arg /* SHA-256 checksum of this script */ ) ), "arguments" arg /* Command line arguments to JET application */, "daemonize" /* Runs application as daemon */, "username" arg /* User under whose privileges extension service will execute */ ) ) end rule(:jptspd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "general" | "rtsock" | "peer" | "pic" | "radius" | "session" | "all")) /* Operations to include in debugging trace */.as(:oneline) ) end rule(:jsavald_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("rtsock" | "general" | "firewall" | "database" | "all")) /* Area of process mac validation to enable debugging output */.as(:oneline) ) end rule(:juniper_transport_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "online" ( /* Online charging configuration in transport profile */ c( "tx-timeout" arg /* Timeout value waiting for response */, "session-failover-not-supported" /* Disable online charging sessions failover to alternate server */, "diameter-profile" arg /* Gy diameter profile name */, "service-context-id" arg /* Service Context ID . If not configured, default service-context-id is 9.32251@3gpp.org */, "charging-function-name" arg /* Charging Function Name corresponds to PCRF referred online charging function name */, "single-mscc" /* Include only one MSCC AVP in CCR message */, "no-mscc-in-ccrt" /* Do not include MSCC AVP in CCR-T message */, "no-initiate-session-on-activation" /* Do not initiate diameter session on activation */, "quota-request-on-activation" /* Request quota only on activation */, "all-rgs-on-termination" /* Report all (active/non-active) RGs on termination to OCS */ ) ), "offline" ( /* Offline charging in the transport profile */ c( "charging-gateways" ( /* Charging gateway group information */ c( "cdr-release" ( /* CDR Release type */ ("r99" | "r7" | "r8" | "r9") ), "peer-order" ( /* Charging servers order */ c( "peer" arg /* Charging server name */ ) ), "persistent-storage-order" ( /* Offline charging persistent storage order */ c( "local-storage" /* Local persistant storage */ ) ), "switch-back-time" arg /* Switch back time interval value */, "cdr-aggregation-limit" arg /* The number of CDRs in one DRT message, default value is 5 */, "mtu" arg /* The MTU of the DRT message */ ) ), "charging-function-name" arg /* Charging Function Name corresponds to PCRF referred offline charging function name */, "container-limit" arg /* The maximum number of container in each CDR */, "sgsn-mme-change-limit" arg /* Number of SGSN or SGW changes before CDR is closed */ ) ), "service-mode" ( /* Service mode */ ("maintenance") ) ) ) end rule(:juniper_trigger_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "tariff-time-list" arg /* Input a list of tariff time changes within a day in 15 minute increments (time in sec will be ignored) */, "offline" ( /* Offline charging in the trigger profile */ c( "volume-limit" ( /* Specify volume limit trigger for container closing */ sc( arg /* Volume limit in bytes */, "direction" ( /* Specific volume trigger traffic direction */ ("uplink" | "both") ) ) ).as(:oneline), "time-limit" arg /* The time-limit for container closure */, "exclude" ( /* Specify excluded signal triggers */ c( "plmn-change" /* No charging data updates on PLMN change */, "qos-change" /* No charging data updates on QOS change */, "rat-change" /* No charging data updates on RAT change */, "sgsn-sgw-change" /* No charging data updates on SGW change */, "user-location-change" /* No charging data updates on user location information change */, "ms-timezone-change" /* No charging data updates on MS-timezone change */, "dcca-events" /* No CDR generation on dcca-events like quota-exhaustion, threshold, etc */ ) ) ) ), "charging-method" ( /* Default charging method if not provided by PCEF */ ("none" | "online" | "offline" | "both") ), "online" ( c( "reporting-level" ( /* Default Reporting level for offline and online usage report */ c( c( "rating-group" /* Rating group level reporting */, "service-identifier" /* Service identifier level reporting */ ), "override" /* Override reporting level provided by PCEF */ ) ), "measurement-method" ( /* Default measurement method to use if not provided by PCEF */ ("none" | "volume" | "time" | "volume-and-time") ), "quota-threshold" ( /* Calculate quota threshold value as a percentage of total quota allocated */ c( arg, "override" /* Override threshold value provided by OCS */ ) ), "quota-validity-time" arg /* Configure quota validity time if one is not provided by OCS */, "quota-holding-time" arg /* Configure quota holding time if one is not provided by OCS */, "grant-quota" ( /* Configure grace-quota to be allocated in case of failure */ c( "cc-time" arg /* Configure time quota */, "cc-octet-uplink" arg /* Configure input volume quota */, "cc-octet-downlink" arg /* Configure output volume quota */, "cc-octet-both" arg /* Configure volume quota */ ) ), "requested-service-unit" ( /* Determine the requested service unit AVP behavior */ c( "include-quota-holding-time" /* Include RSU when reporting reason is quota holding time */, "cc-time" arg /* Configure the time quota requested in CCR */, "cc-octet-uplink" arg /* Configure input volume quota */, "cc-octet-downlink" arg /* Configure output volume quota */, "cc-octet-both" arg /* Configure volume quota */ ) ), "cc-failure-handling" ( /* Configure MobileNext handling during credit-control failure */ c( "block-traffic-pending-reauth-no-quota" /* Block traffic for a RG pending re-auth during quota exhaustion */, "override" /* Overrides charging failure-method provided by OCS */, "result-code-based-action" ( /* Perform action based on diamter result-code AVP */ c( "authorization-rejected" ( /* Diameter-authorization-rejected - default Terminate */ c( c( "blacklist" ( /* Put rating-group in blacklist */ sc( arg ) ).as(:oneline) ) ) ), "credit-control-not-applicable" ( /* Diameter-credit-control-not-applicable - default disable online charging */ c( c( "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "end-user-service-denied" ( /* Diameter-end-user-service-denied - default terminate */ c( c( "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "user-unknown" ( /* User-unknown - default terminate */ c( c( "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "credit-limit-reached" ( /* Diameter-credit-limit-reached - default terminate */ c( c( "blacklist" ( /* Put rating-group in blacklist */ sc( arg ) ).as(:oneline) ) ) ) ) ), "initial-request" ( /* Failure action for initial cc request - default terminate */ c( c( "grant-grace-quota" /* Grant grace quota and continue online session */, "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "update-request" ( /* Failure action for update cc request - default terminate */ c( c( "grant-grace-quota" /* Grant grace quota and continue online session */, "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ) ) ) ) ) ) ) end rule(:juniper_unified_edge_cos_options) do c( "classifier-profiles" arg ( /* Classifier tables for mobile subscribers (UMTS/EPS) */ c( "description" arg /* Text description of classifier profile */, "qos-class-identifier" arg ( /* QCI mapping to forwarding class and loss priority */ sc( "forwarding-class" arg /* Forwarding class */, "loss-priority" ( /* Loss priority value */ ("low" | "high") ) ) ).as(:oneline) ) ), "gbr-bandwidth-pools" arg ( /* GBR bandwith pools configuration */ c( "maximum-bandwidth" arg /* Bandwidth for pool */, "downgrade-gtp-v1-gbr-bearers" /* Downgrade GTPv1 GBR bearer traffic class to background traffic class */ ) ), "resource-threshold-profiles" arg ( /* Resource threshold profiles */ c( "description" arg /* Text description of resource threshold profile */, "bearers-load" ( /* Number of bearers load configurations */ c( "low" ( /* Low threshold configuration */ c( "percentage" arg /* Low threshold */, "priority-level" arg /* Priority level - default 10 */ ) ), "high" ( /* High threshold configuration */ c( "percentage" arg /* High threshold */, "priority-level" arg /* Priority level - default 5 */ ) ) ) ), "memory" ( /* Memory load configurations */ c( "low" ( /* Low threshold configuration */ c( "percentage" arg /* Low threshold */, "priority-level" arg /* Priority level - default 10 */ ) ), "high" ( /* High threshold configuration */ c( "percentage" arg /* High threshold */, "priority-level" arg /* Priority level - default 5 */ ) ) ) ), "cpu" ( /* CPU load configurations */ c( "low" ( /* Low threshold configuration */ c( "percentage" arg /* Low threshold */, "priority-level" arg /* Priority level - default 10 */ ) ), "high" ( /* High threshold configuration */ c( "percentage" arg /* High threshold */, "priority-level" arg /* Priority level - default 5 */ ) ) ) ) ) ), "cos-policy-profiles" arg ( /* QoS policy profile */ c( "description" arg /* Text description of cos policy */, "default-bearer-qci" ( /* Default bearer qci value */ sc( arg, "upgrade" /* Override qci value */, "reject" /* Reject calls with numerially lower qci */ ) ).as(:oneline), "allocation-retention-priority" ( /* ARP local policy */ sc( arg, "reject" /* Reject calls with higher priority value */ ) ).as(:oneline), "aggregated-qos-control" ( /* Aggregated qos control policy */ c( "maximum-bit-rate-uplink" ( /* Maximum bit rate uplink */ sc( arg, "upgrade" /* Override maximum-bit-rate uplink value */, "reject" /* Reject calls with higher uplink maximum-bit-rate */ ) ).as(:oneline), "maximum-bit-rate-downlink" ( /* Maximum bit rate downlink */ sc( arg, "upgrade" /* Override maximum-bit-rate downlink value */, "reject" /* Reject calls with higher downlink maximum-bit-rate */ ) ).as(:oneline) ) ), "pdp-qos-control" ( /* PDP qos control */ c( "maximum-bit-rate-uplink" ( /* Maximum bit rate uplink */ sc( arg, "upgrade" /* Override maximum-bit-rate uplink value */, "reject" /* Reject calls with higher uplink maximum-bit-rate */ ) ).as(:oneline), "maximum-bit-rate-downlink" ( /* Maximum bit rate downlink */ sc( arg, "upgrade" /* Override maximum-bit-rate downlink value */, "reject" /* Reject calls with higher downlink maximum-bit-rate */ ) ).as(:oneline), "guaranteed-bit-rate-uplink" ( /* Guaranteed bit rate uplink */ sc( arg, "upgrade" /* Override guaranteed-bit-rate uplink value */, "reject" /* Reject calls with higher uplink guaranteed-bit-rate */ ) ).as(:oneline), "guaranteed-bit-rate-downlink" ( /* Guaranteed bit rate downlink */ sc( arg, "upgrade" /* Override guaranteed-bit-rate downlink value */, "reject" /* Reject calls with higher downlink guaranteed-bit-rate */ ) ).as(:oneline), "qci" arg ( /* PDP qos control per qci */ c( "maximum-bit-rate-uplink" ( /* Maximum bit rate uplink */ sc( arg, "upgrade" /* Override maximum-bit-rate uplink value */, "reject" /* Reject calls with higher uplink maximum-bit-rate */ ) ).as(:oneline), "maximum-bit-rate-downlink" ( /* Maximum bit rate downlink */ sc( arg, "upgrade" /* Override maximum-bit-rate downlink value */, "reject" /* Reject calls with higher downlink maximum-bit-rate */ ) ).as(:oneline) ) ) ) ), "policer-action" ( /* Policer actions */ c( "non-gbr-bearer" ( /* Policer actions for non gbr bearers */ c( "violate-action" ( /* PDP policer violate action */ ("set-loss-priority-high" | "transmit") ) ) ), "gbr-bearer" ( /* Policer actions for gbr bearers */ c( "exceed-action" ( /* PDP policer exceed action */ ("drop" | "transmit") ), "violate-action" ( /* PDP policer violate action */ ("set-loss-priority-high" | "transmit") ) ) ) ) ) ) ) ) end rule(:juniper_virtual_chassis_traceoptions) do c( "file" ( /* Trace file options */ vchassis_trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "hello" | "psn" | "csn" | "lsp" | "normal" | "task" | "krt" | "spf" | "me" | "packets" | "lsp-generation" | "error" | "route" | "state" | "auto-configuration" | "graceful-restart" | "dcp-infra" | "dcp-dev-state" | "heartbeat" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:juniper_accounting_options) do c( "selective-aggregate-interface-stats" ( /* Toggle selective aggregate interface statistics collection */ sc( ("disable") ) ).as(:oneline), "periodic-refresh" ( /* Toggle periodic statistics collection */ sc( ("disable") ) ).as(:oneline), "file" arg ( /* Accounting data file configuration */ c( "nonpersistent" /* File does not persist across reboot */, "size" arg /* Maximum accounting data file size */, "files" arg /* Maximum number of files for this profile */, "transfer-interval" arg /* Frequency at which to transfer files to archive sites */, "start-time" ( /* Start time for file transmission (yyyy-mm-dd.hh:mm) */ time /* Start time for file transmission (yyyy-mm-dd.hh:mm) */ ), "compress" /* Transfer file in compressed format */, "backup-on-failure" ( /* Backup on transfer failure */ c( c( "master-only" /* Backup on master only */, "master-and-slave" /* Backup on both master and slave */ ) ) ), "push-backup-to-master" /* Push backup files to master RE */, "archive-sites" arg ( /* List of archive destinations */ sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ) ) ).as(:oneline) ) ), "interface-profile" arg ( /* Interface profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "fields" ( /* Statistics to log to file */ c( "input-bytes" /* Input bytes */, "output-bytes" /* Output bytes */, "input-packets" /* Input packets */, "output-packets" /* Output packets */, "input-errors" /* Generic input error packets */, "output-errors" /* Generic output error packets */, "input-multicast" /* Input packets arriving by multicast */, "output-multicast" /* Output packets sent by multicast */, "input-unicast" /* Input unicast packets */, "output-unicast" /* Output unicast packets */, "unsupported-protocol" /* Packets for unsupported protocol */, "rpf-check-bytes" /* Bytes failing IPv4 reverse-path-forwarding check */, "rpf-check-packets" /* Packets failing IPv4 reverse-path-forwarding check */, "rpf-check6-bytes" /* Bytes failing IPv6 reverse-path-forwarding check */, "rpf-check6-packets" /* Packets failing IPv6 reverse-path-forwarding check */ ) ) ) ), "filter-profile" arg ( /* Filter profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "counters" ( /* Name of counter */ counter_object /* Name of counter */ ) ) ), "class-usage-profile" arg ( /* Class usage profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, c( "destination-classes" ( /* Name of destination class */ dest_class_name_object /* Name of destination class */ ), "source-classes" ( /* Name of source class */ source_class_name_object /* Name of source class */ ) ) ) ), "routing-engine-profile" arg ( /* Routing Engine profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "fields" ( /* Information to log to file */ c( "host-name" /* Hostname for this router */, "date" /* Date */, "time-of-day" /* Time of day */, "uptime" /* Time since last reboot */, "cpu-load-1" /* Average system load over last 1 minute */, "cpu-load-5" /* Average system load over last 5 minutes */, "cpu-load-15" /* Average system load over last 15 minutes */, "memory-usage" /* Instantaneous active memory usage */, "total-cpu-usage" /* Total CPU usage percentage */ ) ) ) ), "mib-profile" arg ( /* MIB profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "operation" ( /* SNMP operation */ ("get" | "get-next" | "walk") ), "object-names" ( /* Names of MIB objects */ mib_variable_name_object /* Names of MIB objects */ ) ) ), "flat-file-profile" arg ( /* Flat file profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "schema-version" arg /* Name of the schema */, "fields" ( /* Statistics to log to file */ c( "all-fields" /* All parameters */, "service-accounting" /* Service accounting for filters */, "general-param" ( /* General interface parameters */ c( "all-fields" /* All general interface parameters */, "timestamp" /* Timestamp */, "accounting-type" /* Accounting status type */, "descr" /* Description */, "routing-instances" /* Routing Instances where interface belongs */, "nas-port-id" /* NAS port id */, "line-id" /* Line id */, "vlan-id" /* Vlan-id */, "logical-interface" /* Logical-Interface */, "physical-interface" /* Physical Interface name */, "user-name" /* User name of the subscriber */ ) ), "overall-packet" ( /* Overall packet statistics */ c( "all-fields" /* All overall packet statistics */, "input-bytes" /* Input bytes */, "input-packets" /* Input packets */, "input-v6-bytes" /* Input IPV6 bytes */, "input-v6-packets" /* Input IPV6 packets */, "output-bytes" /* Output bytes */, "output-packets" /* Output packets */, "output-v6-bytes" /* Output IPV6 bytes */, "output-v6-packets" /* Output IPV6 packets */, "input-errors" /* Total input errors */, "output-errors" /* Total output errors */, "input-discards" /* Total input discards */ ) ), "l2-stats" ( /* Layer2 statistics */ c( "all-fields" /* All Layer2 statistics */, "input-mcast-bytes" /* L2 multicast bytes from input side */, "input-mcast-packets" /* L2 multicast packets from input side */ ) ), "ingress-stats" ( /* Ingress queue statistics */ c( "all-fields" /* All ingress queue statistics */, "queue-id" /* Queue ID */, "input-packets" /* Total input packets on the queue */, "input-bytes" /* Total input bytes on the queue */, "output-packets" /* Total output packet on the queue */, "output-bytes" /* Total output bytes on the queue */, "drop-packets" /* Ingress queue dropped packets */ ) ), "egress-stats" ( /* Egress queue statistics */ c( "all-fields" /* All egress queue statistics */, "queue-id" /* Queue ID */, "input-packets" /* Total input packets on the queue */, "input-bytes" /* Total input bytes on the queue */, "output-packets" /* Total output packet on the queue */, "output-bytes" /* Total output bytes on the queue */, "tail-drop-packets" /* Egress queue tail dropped packets */, "red-drop-packets" /* Egress queue red dropped packets */, "red-drop-bytes" /* Egress queue red drop bytes */ ) ) ) ), "format" ( /* Flat file accounting format */ c( c( "ipdr" /* IPDR format */, "csv" /* CSV format */ ) ) ) ) ), "cleanup-interval" ( /* Backup files cleanup interval */ c( "interval" arg /* Cleanup interval in days */ ) ) ) end rule(:counter_object) do arg.as(:arg).as(:oneline) end rule(:dest_class_name_object) do arg.as(:arg).as(:oneline) end rule(:junos_hash_key) do c( "family" ( /* Protocol family */ c( "fcoe" ( /* FCoE protocol family */ c( "ethernet-interfaces" ( /* FCoE hash-key configuration on ethernet interfaces */ c( "oxid" ( /* Originator Exchange ID */ ("enable" | "disable") ) ) ), "fabric-interfaces" ( /* FCoE hash-key configuration on fabric interfaces */ c( "oxid" ( /* Originator Exchange ID */ ("enable" | "disable") ) ) ), "oxid" ( /* Originator Exchange ID */ ("enable" | "disable") ) ) ), "inet" ( /* IPv4 protocol family */ c( "layer-3" ( /* Include Layer 3 (IP) data in the hash key */ c( "destination-address" /* Include IP destination address in the hash key */ ) ), "layer-4" ( /* Include Layer 4 (TCP or UDP) data in the hash key */ c( "gtp-tunnel-endpoint-identifier" /* Include GTP TEID in the hash key */ ) ), "session-id" /* Include session ID in the hash key */, "symmetric-hash" ( /* Create symmetric hash-key with source & destination ports */ c( "complement" /* Create complement of symmetric hash-key */ ) ) ) ), "mpls" ( /* MPLS protocol family */ c( c( "label-1" /* Include the first MPLS label in the hash key */, "all-labels" /* Include all MPLS labels in hash key */, "no-labels" /* Exclude all MPLS labels from hash key */, "bottom-label-1" /* Include the first MPLS label from bottom-of-stack in the hash key */ ), "label-2" /* Include the second MPLS label in the hash key */, "label-3" /* Include the third MPLS label in the hash key */, "bottom-label-2" /* Include the second MPLS label from bottom-of-stack in the hash key */, "bottom-label-3" /* Include the third MPLS label from bottom-of-stack in the hash key */, "no-label-1-exp" /* Omit EXP bits of first MPLS label from the hash key */, "payload" ( /* Include payload data in the hash key */ c( "ether-pseudowire" ( /* Load-balance IP over ethernet PW */ c( "zero-control-word" /* MPLS ether-pseudowire payload with zero-control-word preceding ethernet packet */ ) ), "ip" ( /* Include IPv4 or IPv6 payload data in the hash key */ c( c( c( "layer-3-only" /* Include only layer-3 IP information */, "enable" /* Include layer3/4 IP payload in the hash key */, "disable" /* Exclude layer3/4 IP payload in the hash key */ ), "port-data" ( c( "source-msb" /* Include the most significant byte of the source port */, "source-lsb" /* Include the least significant byte of the source port */, "destination-msb" /* Include the most significant byte of the destination port */, "destination-lsb" /* Include the least significant byte of the destination port */ ) ) ) ) ) ) ) ) ), "multiservice" ( /* Multiservice protocol family */ c( "source-mac" /* Include source MAC address in hash key */, "destination-mac" /* Include destination MAC address in hash key */, "label-1" /* Include the first MPLS label in the hash key */, "label-2" /* Include the second MPLS label in the hash key */, "payload" ( /* Include payload data in the hash key */ c( "ip" ( /* Include IPv4 payload data in the hash key */ c( "layer-3" ( /* Include layer-3 ip info for VPLS/Bridge */ c( c( "source-ip-only" /* Include source IP only in hash-key */, "destination-ip-only" /* Include desintation IP only in hash-key */ ) ) ), "layer-4" /* Include layer-4 IP information for VPLS/Bridge */, "layer-3-only" /* Include only layer-3 IP information */ ) ) ) ), "symmetric-hash" ( /* Create a/symmetric hash-key with any attributes */ c( "complement" /* Create complement of symmetric hash-key */ ) ) ) ) ) ) ) end rule(:keepalives_type) do c( "interval" arg /* Keepalive period */, "up-count" arg /* Keepalive received to bring link up */, "down-count" arg /* Keepalive missed to bring link down */ ).as(:oneline) end rule(:kod_trace_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("main" | "vpn-localization-config" | "vpn-localization-replay" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:l2tp_access_line_object) do c( "connection-speed-update" /* Support connection speed updates */ ) end rule(:l2tp_destination_object) do c( "lockout-timeout" arg /* The lockout timeout in seconds */, "address" arg ( sc( "access-line-information" ( /* Enable sending DSL line attributes */ c( "connection-speed-update" /* Support connection speed updates */ ) ), "routing-instance" arg ( /* Routing instance in which destination exists */ sc( "drain" /* Prevents creation of tunnels and sessions at destination */ ) ).as(:oneline), "drain" /* Prevents creation of tunnels and sessions at destination */ ) ).as(:oneline), "name" arg ( sc( "drain" /* Prevents tunnels and sessions at destination */ ) ).as(:oneline) ) end rule(:l2tp_interface_traceoptions) do arg.as(:arg) ( c( "flag" enum(("ipc" | "protocol" | "packet-dump" | "system" | "all")) /* Tracing parameters */.as(:oneline), "debug-level" ( /* Trace level for PIC */ ("error" | "detail" | "extensive") ) ) ) end rule(:l2tp_tunnel_group_object) do arg.as(:arg) ( c( "l2tp-access-profile" arg /* Tunnel profile name */, "ppp-access-profile" arg /* User profile name */, "aaa-access-profile" arg /* AAA profile name */, "receive-window" arg /* Maximum receive window size */, "maximum-send-window" arg /* Limits the other end receive window size */, "retransmit-interval" arg /* Retransmit interval */, "hello-interval" arg /* Hello interval for tunnel keepalive */, "hide-avps" /* Hide L2TP AVPs */, "no-tos-reflect" /* Disable ToS bit reflect onto outer L2TP header */, "tos-reflect" /* Enable ToS bit reflect onto outer L2TP header */, "tunnel-timeout" arg /* Time to tear down tunnel when a connection is lost */, "local-gateway" ( c( "address" ( /* L2TP network server IP address */ ipv4addr /* L2TP network server IP address */ ), "gateway-name" arg /* L2TP network server name for use with remote host */ ) ), c( "service-interface" ( /* Services interface to use */ interface_unit /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */, "tunnel-switch-profile" arg /* Tunnel switch profile name */, "syslog" ( /* Define system logging parameters */ service_set_syslog_object /* Define system logging parameters */ ), "maximum-sessions" arg /* Maximum number of sessions per tunnel-group */ ) ) end rule(:layer2_pm_family_output_type) do c( c( "interface" ( /* Interface through which to send sampled traffic */ interface_name /* Interface through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */, "routing-instance" ( /* Routing instances */ layer2_pm_output_routing_instance_type /* Routing instances */ ), "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ), "no-filter-check" /* Do not check for filters on port-mirroring interface */ ) end rule(:layer2_pm_output_routing_instance_type) do arg.as(:arg) ( c( "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ) ) end rule(:ldap_server_object) do arg.as(:arg) ( c( "port" arg /* LDAP server port number */, "source-address" ( /* Use specified address as source address */ ipv4addr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */, "retry" arg /* Number of times to resend requests */, "timeout" arg /* Delay before resending unacknowledged request */, "tls-type" ( ("start-tls") ), "tls-timeout" arg /* Limit on tls handshake time */, "tls-min-version" ( ("v1.1" | "v1.2") ), "no-tls-certificate-check" /* Do not validate peer certificate */, "tls-peer-name" arg /* Expected peer fdqn */ ) ) end rule(:ldp_sync_obj) do c( ("disable"), "hold-time" arg /* Time during which maximum metric is advertised */ ) end rule(:ldp_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("fec" | "address") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:li_policy_addr6_simple_object) do c( ipv6prefix /* Prefix to match */ ) end rule(:li_policy_addr_simple_object) do c( ipv4prefix /* Prefix to match */ ) end rule(:license_object) do c( "autoupdate" ( /* Autoupdate license keys from license servers */ c( "url" arg ( /* URL of a license server */ sc( "password" arg /* Password of URL for a license server */ ) ).as(:oneline) ) ), "renew" ( /* License renew lead time and checking interval */ sc( "before-expiration" arg /* License renew lead time before expiration in days */, "interval" arg /* License checking interval in hours */ ) ).as(:oneline), "traceoptions" ( /* Trace options for licenses */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "events" | "config")) /* Tracing parameters */.as(:oneline) ) ), "keys" ( /* License keys */ c( "key" arg /* License key */ ) ) ) end rule(:lmp_control_channel_type) do arg.as(:arg) ( c( "remote-address" ( /* Control channel remote address */ ipaddr /* Control channel remote address */ ) ) ) end rule(:location_type) do c( "country-code" arg /* Two-letter country code */, "postal-code" arg /* Zip code or postal code */, "npa-nxx" arg /* First six digits of phone number (area code plus exchange) */, "latitude" arg /* Latitude in degree format */, "longitude" arg /* Longitude in degree format */, "altitude" arg /* Feet above (or below) sea level */, "lata" arg /* Local access transport area */, "vcoord" arg /* Bellcore vertical coordinate */, "hcoord" arg /* Bellcore horizontal coordinate */, "building" arg /* Building name */, "floor" arg /* Floor of the building */, "rack" arg /* Rack number */, "lcc" arg ( /* Line-card chassis location */ c( "floor" arg /* Floor of the building */, "rack" arg /* Rack number */ ) ) ) end rule(:login_class_object) do arg.as(:arg) ( c( "allowed-days" ( /* Day(s) of week when access is allowed. */ ("sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday") ), "access-start" ( /* Start time for remote access (hh:mm) */ time /* Start time for remote access (hh:mm) */ ), "access-end" ( /* End time for remote access (hh:mm) */ time /* End time for remote access (hh:mm) */ ), "idle-timeout" arg /* Maximum idle time before logout */, "logical-system" arg /* Logical system associated with login */, "login-alarms" /* Display system alarms when logging in */, "login-script" arg /* Execute this login-script when logging in */, "login-tip" /* Display tip when logging in */, "permissions" arg, "allow-commands" ( /* Regular expression for commands to allow explicitly */ regular_expression /* Regular expression for commands to allow explicitly */ ), "deny-commands" ( /* Regular expression for commands to deny explicitly */ regular_expression /* Regular expression for commands to deny explicitly */ ), "allow-configuration" ( /* Regular expression for configure to allow explicitly */ regular_expression /* Regular expression for configure to allow explicitly */ ), "deny-configuration" ( /* Regular expression for configure to deny explicitly */ regular_expression /* Regular expression for configure to deny explicitly */ ), "security-role" ( /* Common Criteria security role */ ("audit-administrator" | "crypto-administrator" | "ids-administrator" | "security-administrator") ), "satellite" ( /* Login access to satellite devices */ ("all") ), "allow-configuration-regexps" arg /* Object path regular expressions to allow */, "deny-configuration-regexps" arg /* Object path regular expressions to deny */, "configuration-breadcrumbs" /* Enable breadcrumbs during display of configuration */, "confirm-commands" arg ( /* List of commands to be confirmed explicitly */ c( arg /* Message to be displayed during confirmation */ ) ), c( "allow-hidden-commands" /* Allow all hidden commands to be executed */, "no-hidden-commands" ( /* Deny all hidden commands with exemptions */ c( "except" arg /* Specify the list of hidden command to be exempted */ ) ) ) ) ) end rule(:login_user_object) do arg.as(:arg) ( c( "full-name" arg /* Full name */, "uid" arg /* User identifier (uid) */, "class" arg /* Login class */, "authentication" ( /* Authentication method */ authentication_object /* Authentication method */ ) ) ) end rule(:lr_interfaces_type) do arg.as(:arg) ( c( "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP server mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec")) /* DHCPV6 client requested option configuration */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-propagation" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ) ) ) end rule(:lrf_profile_object) do arg.as(:arg) ( c( "policy-based-logging" /* Set rule based on policy */, "http-log-multiple-transactions" /* Log http multiple transactions */, "rule" ( /* One or more LRF rules */ lrf_rule_object /* One or more LRF rules */ ), "collector" ( /* One or more LRF collectors */ lrf_collector_object /* One or more LRF collectors */ ), "vendor-support" ( /* LRF 3rd party vendor support sub-template */ ("ibm") ), "template" ( /* LRF template */ lrf_template_object /* LRF template */ ), "performance-mode" ( /* Enable performance mode knob for LRF performance */ lrf_perf_object /* Enable performance mode knob for LRF performance */ ) ) ) end rule(:lrf_collector_object) do arg.as(:arg) ( c( "destination" ( /* Destination collector configuration */ c( "address" ( /* Destination IPv4 address of collector */ ipv4addr /* Destination IPv4 address of collector */ ), "port" arg /* Destination port of collector */ ) ), "source-address" ( /* Source address to be used in the export packets */ ipv4addr /* Source address to be used in the export packets */ ) ) ) end rule(:lrf_perf_object) do c( "packet-count" arg /* Max packet inspection threshold including both c2s and s2c direction packets */ ) end rule(:lrf_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Match direction */ ("client-to-server" | "server-to-client" | "both") ), "from" ( /* Match criteria */ lrf_match_object /* Match criteria */ ), "then" ( /* Action to take for matched condition */ c( "report" ( /* Report action */ lrf_report_object /* Report action */ ) ) ) ) ) end rule(:lrf_match_object) do c( "source-prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "source-ports" arg /* Source port list specification */, "destination-ports" arg /* Destination port list specification */, "app-unknown" /* Use to specify unknown application as the match criteria */, "application-names" ( /* Match one or more applications */ c( arg ) ), "application-groups" ( /* Match one or more application groups */ c( arg ) ) ) end rule(:lrf_report_object) do c( "volume-limit" arg /* Volume limit */, "time-limit" arg /* Time limit */, "template" arg /* Template to be used for export */, "collector" arg /* List of collectors that receive the export packets */ ) end rule(:lrf_template_object) do arg.as(:arg) ( c( "format" ( /* Template format */ ("ipfix") ), "template-type" ( /* Template type */ ("ipv4" | "ipv4-extended" | "ipv6" | "ipv6-extended" | "transport-layer" | "flow-id" | "ipflow" | "ipflow-ts" | "ipflow-extended" | "device-data" | "l7-app" | "http" | "subscriber-data" | "mobile-subscriber" | "ifl-subscriber" | "wireline-subscriber" | "ipflow-tcp-ts" | "ipflow-tcp" | "video" | "dns" | "status-code-distribution" | "pcc") ), "trigger-type" ( /* Trigger type */ ("session-close" | "volume" | "time") ), "template-tx-interval" arg /* Template export interval */ ) ) end rule(:lsp_set_match_type) do c( "lsp-name" arg /* LSP name that matches this string */, "lsp-regex" arg /* All LSPs that match this regular expression pattern */, "p2mp-name" arg /* P2MP names that match this string */, "p2mp-regex" arg /* P2MP names that match this regular expression pattern */, c( "egress" /* All LSPs for which this router is egress */, "ingress" /* All LSPs for which this router is ingress */, "transit" /* All LSPs for which this router is transit */ ) ) end rule(:lsp_nh_obj) do arg.as(:arg) ( c( "preference" arg /* Preference of LSP next hop */, "metric" arg /* Metric of LSP next hop */ ) ) end rule(:mac_addr_list_items) do arg.as(:arg) end rule(:mac_list) do arg.as(:arg) ( c( "policer" ( /* MAC policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ) end rule(:martian_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */ ), c( "allow" ) ).as(:oneline) end rule(:match_l2_flexible_mask) do c( "match-start" ( /* Start point to match in packet */ ("layer-2" | "layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits, not needed for string input */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */, "prefix" arg /* Value data/string to be matched */, "flexible-mask-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_l2_flexible_range) do c( "match-start" ( /* Start point to match in packet */ ("layer-2" | "layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits */, c( "range" arg /* Range of values to be matched */, "range-except" arg /* Range of values to be not matched */ ), "flexible-range-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_l3_flexible_mask) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits, not needed for string input */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */, "prefix" arg /* Value data/string to be matched */, "flexible-mask-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_l3_flexible_range) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits */, c( "range" arg /* Range of values to be matched */, "range-except" arg /* Range of values to be not matched */ ), "flexible-range-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_flags_value) do c( arg /* Value data to be matched */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */ ) end rule(:match_interface_object) do arg.as(:arg).as(:oneline) end rule(:match_interface_object_oam) do arg.as(:arg).as(:oneline) end rule(:match_interface_set_object) do arg.as(:arg).as(:oneline) end rule(:match_li_simple_dscp_value) do c( c( "af11" /* Assured Forwarding Class 1, Low Drop Precedence */, "af12" /* Assured Forwarding Class 1, Medium Drop Precedence */, "af13" /* Assured Forwarding Class 1, High Drop Precedence */, "af21" /* Assured Forwarding Class 2, Low Drop Precedence */, "af22" /* Assured Forwarding Class 2, Medium Drop Precedence */, "af23" /* Assured Forwarding Class 2, High Drop Precedence */, "af31" /* Assured Forwarding Class 3, Low Drop Precedence */, "af32" /* Assured Forwarding Class 3, Medium Drop Precedence */, "af33" /* Assured Forwarding Class 3, High Drop Precedence */, "af41" /* Assured Forwarding Class 4, Low Drop Precedence */, "af42" /* Assured Forwarding Class 4, Medium Drop Precedence */, "af43" /* Assured Forwarding Class 4, High Drop precedence */, "ef" /* Expedited Forwarding */, "cs0" /* Class Selector 0 */, "cs1" /* Class Selector 1 */, "cs2" /* Class Selector 2 */, "cs3" /* Class Selector 3 */, "cs4" /* Class Selector 4 */, "cs5" /* Class Selector 5 */, "cs6" /* Class Selector 6 */, "cs7" /* Class Selector 7 */, "be" /* Best effort (default) */, arg /* Range of values */ ) ) end rule(:match_li_simple_port_value) do c( c( "ftp-data" /* FTP Data */, "ftp" /* FTP */, "ssh" /* Secure Shell */, "telnet" /* Telnet */, "smtp" /* Simple Mail Transfer Protocol */, "tacacs" /* TACACS or TACACS+ */, "tacacs-ds" /* TACACS-DS */, "domain" /* Domain Name System (DNS) */, "dhcp" /* Dynamic Host Configuration Protocol */, "bootps" /* Bootstrap Protocol Server */, "bootpc" /* Bootstrap Protocol Client */, "tftp" /* Trivial FTP */, "finger" /* Finger */, "http" /* Hypertext Transfer Protocol */, "kerberos-sec" /* Kerberos Security */, "pop3" /* Post Office Protocol 3 */, "sunrpc" /* Sun Microsystems Remote Procedure Call */, "ident" /* Ident */, "nntp" /* Network News Transport Protocol */, "ntp" /* Network Time Protocol */, "netbios-ns" /* NetBIOS Name Service */, "netbios-dgm" /* NetBIOS DGM */, "netbios-ssn" /* NetBIOS Session Service */, "imap" /* Internet Message Access Protocol */, "snmp" /* Simple Network Management Protocol */, "snmptrap" /* Simple Network Management Protocol Traps */, "xdmcp" /* X Display Manager Control Protocol */, "bgp" /* Border Gateway Protocol */, "ldap" /* Lightweight Directory Access Protocol */, "mobileip-agent" /* Mobile IP agent */, "mobilip-mn" /* Mobile IP MN */, "msdp" /* Multicast Source Discovery Protocol */, "https" /* Secure HTTP */, "snpp" /* Simple Paging Protocol */, "biff" /* Biff/Comsat */, "exec" /* UNIX rexec */, "login" /* UNIX rlogin */, "who" /* UNIX rwho */, "cmd" /* UNIX rsh */, "syslog" /* System Log */, "printer" /* Printer */, "talk" /* UNIX Talk */, "ntalk" /* New Talk */, "rip" /* Routing Information Protocol */, "timed" /* UNIX Time Daemon */, "klogin" /* Kerberos rlogin */, "kshell" /* Kerberos rsh */, "ldp" /* Label Distribution Protocol */, "krb-prop" /* Kerberos Database Propagation */, "krbupdate" /* Kerberos Database Update */, "kpasswd" /* Kerberos passwd */, "socks" /* Socks */, "afs" /* AFS */, "pptp" /* Point-to-Point Tunneling Protocol */, "radius" /* RADIUS Authentication */, "radacct" /* RADIUS Accounting */, "zephyr-srv" /* Zephyr Server */, "zephyr-clt" /* Zephyr serv-hm Connection */, "zephyr-hm" /* Zephyr hostmanager */, "nfsd" /* Network File System */, "eklogin" /* Encrypted Kerberos rlogin */, "ekshell" /* Encrypted Kerberos rsh */, "rkinit" /* Kerberos remote kinit */, "cvspserver" /* CVS pserver */, arg /* Range of values */ ) ) end rule(:match_li_simple_protocol_value) do c( c( "icmp" /* Internet Control Message Protocol */, "igmp" /* Internet Group Management Protocol */, "ipip" /* IP in IP */, "tcp" /* Transmission Control Protocol */, "egp" /* Exterior Gateway Protocol */, "udp" /* User Datagram Protocol */, "rsvp" /* Resource Reservation Protocol */, "gre" /* Generic Routing Encapsulation */, "esp" /* IPSec Encapsulating Security Payload */, "ah" /* IP Security Authentication Header */, "icmp6" /* Internet Control Message Protocol version 6 */, "ospf" /* Open Shortest Path First */, "pim" /* Protocol Independent Multicast */, "sctp" /* Stream Control Transmission Protocol */, "ipv6" /* IPv6 in IP */, "dstopts" /* IPv6 Destination Options */, "routing" /* IPv6 Routing Header */, "fragment" /* IPv6 Fragment Header */, "no-next-header" /* IPv6 No Next Header */, "hop-by-hop" /* IPv6 Hop-By-Hop options */, "vrrp" /* Virtual Router Redundancy Protocol */, arg /* Range of values */ ) ) end rule(:match_simple_dscp_value) do c( c( "af11" /* Assured forwarding class 1, low drop precedence */, "af12" /* Assured forwarding class 1, medium drop precedence */, "af13" /* Assured forwarding class 1, high drop precedence */, "af21" /* Assured forwarding class 2, low drop precedence */, "af22" /* Assured forwarding class 2, medium drop precedence */, "af23" /* Assured forwarding class 2, high drop precedence */, "af31" /* Assured forwarding class 3, low drop precedence */, "af32" /* Assured forwarding class 3, medium drop precedence */, "af33" /* Assured forwarding class 3, high drop precedence */, "af41" /* Assured forwarding class 4, low drop precedence */, "af42" /* Assured forwarding class 4, medium drop precedence */, "af43" /* Assured forwarding class 4, high drop precedence */, "ef" /* Expedited forwarding */, "cs0" /* Class selector 0 */, "cs1" /* Class selector 1 */, "cs2" /* Class selector 2 */, "cs3" /* Class selector 3 */, "cs4" /* Class selector 4 */, "cs5" /* Class selector 5 */, "cs6" /* Class selector 6 */, "cs7" /* Class selector 7 */, "be" /* Best effort (default) */, arg /* Range of values */ ) ) end rule(:match_simple_payload_protocol_value) do c( c( "icmp" /* Internet Control Message Protocol */, "igmp" /* Internet Group Management Protocol */, "ipip" /* IP in IP */, "tcp" /* Transmission Control Protocol */, "egp" /* Exterior gateway protocol */, "udp" /* User Datagram Protocol */, "rsvp" /* Resource Reservation Protocol */, "gre" /* Generic routing encapsulation */, "esp" /* IPSec Encapsulating Security Payload */, "ah" /* IP Security authentication header */, "icmp6" /* Internet Control Message Protocol Version 6 */, "ospf" /* Open Shortest Path First */, "pim" /* Protocol Independent Multicast */, "sctp" /* Stream Control Transmission Protocol */, "ipv6" /* IPv6 in IP */, "no-next-header" /* IPv6 no next header */, "vrrp" /* Virtual Router Redundancy Protocol */, arg /* Range of values */ ) ) end rule(:match_simple_port_value) do c( c( "ftp-data" /* FTP data */, "ftp" /* FTP */, "ssh" /* Secure shell */, "telnet" /* Telnet */, "smtp" /* Simple Mail Transfer Protocol */, "tacacs" /* TACACS or TACACS+ */, "tacacs-ds" /* TACACS-DS */, "domain" /* Domain Name System (DNS) */, "dhcp" /* Dynamic Host Configuration Protocol */, "bootps" /* Bootstrap protocol server */, "bootpc" /* Bootstrap protocol client */, "tftp" /* Trivial FTP */, "finger" /* Finger */, "http" /* Hypertext Transfer Protocol */, "kerberos-sec" /* Kerberos Security */, "pop3" /* Post Office Protocol 3 */, "sunrpc" /* Sun Microsystems remote procedure call */, "ident" /* Ident */, "nntp" /* Network News Transport Protocol */, "ntp" /* Network Time Protocol */, "netbios-ns" /* NetBIOS name service */, "netbios-dgm" /* NetBIOS DGM */, "netbios-ssn" /* NetBIOS session service */, "imap" /* Internet Message Access Protocol */, "snmp" /* Simple Network Management Protocol */, "snmptrap" /* SNMP traps */, "xdmcp" /* X Display Manager Control Protocol */, "bgp" /* Border Gateway Protocol */, "ldap" /* Lightweight Directory Access Protocol */, "mobileip-agent" /* Mobile IP agent */, "mobilip-mn" /* Mobile IP MN */, "msdp" /* Multicast Source Discovery Protocol */, "https" /* Secure HTTP */, "snpp" /* Simple paging protocol */, "biff" /* Biff/Comsat */, "exec" /* UNIX rexec */, "login" /* UNIX rlogin */, "who" /* UNIX rwho */, "cmd" /* UNIX rsh */, "syslog" /* System log */, "printer" /* Printer */, "talk" /* UNIX Talk */, "ntalk" /* New Talk */, "rip" /* Routing Information Protocol */, "timed" /* UNIX time daemon */, "klogin" /* Kerberos rlogin */, "kshell" /* Kerberos rsh */, "ldp" /* Label Distribution Protocol */, "krb-prop" /* Kerberos database propagation */, "krbupdate" /* Kerberos database update */, "kpasswd" /* Kerberos passwd */, "socks" /* Socks */, "afs" /* AFS */, "pptp" /* Point-to-Point Tunneling Protocol */, "radius" /* RADIUS authentication */, "radacct" /* RADIUS accounting */, "zephyr-srv" /* Zephyr server */, "zephyr-clt" /* Zephyr serv-hm connection */, "zephyr-hm" /* Zephyr hostmanager */, "nfsd" /* Network File System */, "eklogin" /* Encrypted Kerberos rlogin */, "ekshell" /* Encrypted Kerberos rsh */, "rkinit" /* Kerberos remote kinit */, "cvspserver" /* CVS pserver */, arg /* Range of values */ ) ) end rule(:match_simple_protocol_value) do c( c( "icmp" /* Internet Control Message Protocol */, "igmp" /* Internet Group Management Protocol */, "ipip" /* IP in IP */, "tcp" /* Transmission Control Protocol */, "egp" /* Exterior gateway protocol */, "udp" /* User Datagram Protocol */, "rsvp" /* Resource Reservation Protocol */, "gre" /* Generic routing encapsulation */, "esp" /* IPSec Encapsulating Security Payload */, "ah" /* IP Security authentication header */, "icmp6" /* Internet Control Message Protocol Version 6 */, "ospf" /* Open Shortest Path First */, "pim" /* Protocol Independent Multicast */, "sctp" /* Stream Control Transmission Protocol */, "dstopts" /* IPv6 destination options */, "routing" /* IPv6 routing header */, "fragment" /* IPv6 fragment header */, "hop-by-hop" /* IPv6 hop by hop options */, "ipv6" /* IPv6 in IP */, "no-next-header" /* IPv6 no next header */, "vrrp" /* Virtual Router Redundancy Protocol */, arg /* Range of values */ ) ) end rule(:metric_expression_type) do c( "metric" ( /* Parameters for metric attribute */ sc( "multiplier" ( /* Coefficient for metric attribute */ float /* Coefficient for metric attribute */ ), "offset" arg /* Offset for metric attribute */ ) ).as(:oneline), "metric2" ( /* Parameters for metric2 attribute */ sc( "multiplier" ( /* Coefficient for metric2 attribute */ float /* Coefficient for metric2 attribute */ ), "offset" arg /* Offset for metric2 attribute */ ) ).as(:oneline) ) end rule(:mib_variable_name_object) do arg.as(:arg).as(:oneline) end rule(:mobile_diameter_profiles) do c( "gy-profile" ( /* Diameter Gy application profile configuration */ mobile_diameter_profile_type_gy /* Diameter Gy application profile configuration */ ), "gx-profile" ( /* Diameter Gx application profile configuration */ mobile_diameter_profile_type_gx /* Diameter Gx application profile configuration */ ) ) end rule(:mobile_diameter_profile_type_gx) do arg.as(:arg) ( c( "targets" ( /* Mobile diameter target configurations */ mobile_diameter_target /* Mobile diameter target configurations */ ), "request-timeout" arg /* Profile request timeout */, "attributes" ( /* Diameter AVP attributes for Gx application */ mobile_diameter_gx_profile_attr_type /* Diameter AVP attributes for Gx application */ ) ) ) end rule(:mobile_diameter_gx_profile_attr_type) do c( "include" ( /* Specify AVP options to be included */ c( "gx-capability-list" arg /* Include Gx Capability list AVP */, "rule-suggestion" arg /* Include Rule-suggestion AVP */, "rai" /* Include RAI AVP */, "qos-negotiation" /* Include QoS Negotiation AVP */, "qos-upgrade" /* Include QoS Upgrade AVP */ ) ), "exclude" ( /* Specify AVP options to be excluded */ c( "packet-filter-information" /* Exclude Packet Filter Information AVP */, "packet-filter-operation" /* Exclude Packet Filter Operation AVP */, "rat-type" /* Exclude Rat-Type AVP */, "default-eps-bearer-qos" /* Exclude Default EPS Bearer QOS AVP */, "an-gw-address" /* Exclude AN-GW-Address AVP */, "network-request-support" /* Exclude Network Request Support AVP */, "event-trigger" /* Exclude Event Trigger AVP */, "threegpp-rat-type" /* Exclude 3GPP-RAT-Type AVP */, "offline" /* Exclude Offline AVP */, "qos-negotiation" /* Exclude QoS Negotiation AVP */, "qos-upgrade" /* Exclude QoS Upgrade AVP */ ) ) ) end rule(:mobile_diameter_profile_type_gy) do arg.as(:arg) ( c( "targets" ( /* Mobile diameter target configurations */ mobile_diameter_target /* Mobile diameter target configurations */ ), "request-timeout" arg /* Profile request timeout */, "attributes" ( /* Diameter AVP attributes for Gy application */ mobile_diameter_gy_profile_attr_type /* Diameter AVP attributes for Gy application */ ) ) ) end rule(:mobile_diameter_gy_profile_attr_type) do c( "include" ( /* Specify AVP options to be included */ c( "cumulative-used-service-unit" /* Include cumulative-used-service-unit AVP */, "credit-instance-id" /* Include credit-instance-id AVP */, "service-start-timestamp" /* Include service-start-timestamp AVP */, "mscc-qos-information" /* Include mscc-qos-information AVP */, "framed-ip-address" /* Include framed ip address AVP */, "framed-ipv6-prefix" /* Include framed IPV6 Prefix AVP */, "gprs-negotiated-qos" /* Include GPRS negotiated QOS AVP */ ) ), "exclude" ( /* Specify AVP options to be excluded */ c( "ps-information" /* Exclude PS Information AVP. If excluded, all the 3GPP AVPs will be sent at command level */, "username" /* Exclude Username AVP */, "user-equipment-info" /* Exclude user equipment info AVP */, "all-3gpp-avps" /* Exclude all 3GPP AVPs */, "qos-information" /* Exclude QOS information AVP */, "pdn-connection-id" /* Exclude PDN connection id AVP */, "dynamic-address-flag" /* Exclude dynamic address flag AVP */, "serving-node-type" /* Exclude serving node type AVP */, "cc-selection-mode" /* Exclude charging characteristics selection mode AVP */, "start-time" /* Exclude start time AVP */, "stop-time" /* Exclude stop time AVP */, "user-location-information" /* Exclude user location information AVP */ ) ) ) end rule(:mobile_diameter_target) do arg.as(:arg) ( c( "destination-realm" arg /* Destination realm associated with this target */, "destination-host" arg /* Destination host associated with this target */, "priority" arg /* Target priority */, "network-element" arg /* Specify the diameter network element for this target */ ) ) end rule(:mobile_gateway_config_gtp) do c( "peer-history" arg /* Maximum number of peer stats stored in history */, "interface" ( /* Interface name used for all 3GPP interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP GTP control plane options */ c( "interface" ( /* Interface name used for all 3GPP control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "no-response-cache" /* Disable GTP response cache */, "response-cache-timeout" arg /* GTP response cache timeout interval */, "no-piggyback-support" /* Disable GTPv2 piggyback support */ ) ), "data" ( /* Configure 3GPP GTP data plane options */ c( "interface" ( /* Interface name used for all 3GPP data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "error-indication-interval" arg /* Error indication transmit interval per bearer */ ) ), "gn" ( /* Configure 3GPP Gn interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "gp" ( /* Configure 3GPP Gp interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "s5" ( /* Configure 3GPP S5 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "support-16-bit-sequence" /* Enable 16 bit sequence number support */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "s8" ( /* Configure 3GPP S8 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "support-16-bit-sequence" /* Enable 16 bit sequence number support */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "peer-group" arg ( /* 3GPP GTP peer group configuration */ c( "routing-instance" arg /* Routing instance of peer group */, "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* 3GPP GTP peer group control plane options */ c( "support-16-bit-sequence" /* Enable 16 bit sequence number support */, "no-piggyback-support" /* Disable GTPv2 piggyback support */ ) ), "gn" /* 3GPP GTP peer group Gn interface options */, "gp" /* 3GPP GTP peer group Gp interface options */, "peer" arg /* Peer IP address configuration */.as(:oneline) ) ), "traceoptions" ( /* Configure trace options */ gtp_traceoptions /* Configure trace options */ ) ) end rule(:gtp_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("error" | "warning" | "debug" | "encode" | "decode" | "config" | "events" | "packet-io" | "tracker" | "peer" | "pathfailure" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:mobile_gateways_ipv6_router_advertisement) do c( "disable" /* Disable IPv6 router advertisements - default is enable */, "maximum-advertisement-interval" arg /* Maximum interval between router advertisements */, "minimum-advertisement-interval" arg /* Minimum interval between router advertisements */, "maximum-initial-advertisement-interval" arg /* Maximum interval between initial router advertisements */, "maximum-initial-advertisements" arg /* Maximum number of initial router advertisements */, "reachable-time" arg /* Value to be placed in reachable time field */, "retransmission-timer" arg /* Value to be placed in retransmit timer field */, "router-lifetime" arg /* Value to be placed in router lifetime field */, "current-hop-limit" arg /* Value to be placed in current hop limit field */ ) end rule(:mobile_smd_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("critical" | "error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "ctxt" | "svcpic" | "fsm" | "ha" | "waitq" | "pfem" | "stats" | "bulkjob" | "cos-cac" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:monitor_threshold) do c( arg, arg ).as(:oneline) end rule(:monitoring_input_type) do c( "interface" arg ) end rule(:monitoring_output_type) do c( "export-format" ( /* Format for sending monitoring information */ ("cflowd-version-5") ), "destination-address" ( /* Address to which monitored packets will be sent */ ipv4addr /* Address to which monitored packets will be sent */ ), "destination-port" arg /* Port to which monitored packets will be sent */, "source-address" ( /* Address to use for generating monitored packets */ ipv4addr /* Address to use for generating monitored packets */ ), "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-export-destination" ( /* Destination for flow export */ ("collector-pic" | "cflowd-collector") ), "cflowd" ( /* Collector destination where flow records are sent */ cflowd_monitoring_type /* Collector destination where flow records are sent */ ), "interface" ( /* Interfaces used to send monitored information */ monitor_export_intf_type /* Interfaces used to send monitored information */ ) ) end rule(:cflowd_monitoring_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */ ) ) end rule(:monitor_export_intf_type) do arg.as(:arg) ( c( "engine-id" arg /* Identity (number) of this monitoring interface */, "engine-type" arg /* Type (number) of this monitoring interface */, "input-interface-index" arg /* Input interface index for records from this interface */, "output-interface-index" arg /* Output interface index for records from this interface */, "source-address" ( /* Address to use for generating monitored packets */ ipv4addr /* Address to use for generating monitored packets */ ) ) ) end rule(:mpls_dialer_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( c( "exp" arg, "exp-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, c( "note" /* Interested ISDN packet */, "ignore" /* Non-interested ISDN packet */ ) ) ) ) ) ) ) end rule(:mpls_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "instance-shared" /* Filter is routing-instance shared */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), "ip-version" ( /* Specify inner IP version */ c( "ipv4" ( /* Define L3/L4 match items to match IPv4 packets */ c( "protocol" ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ( /* Specify inner IP protocol */ c( c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ) ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "protocol" ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ( /* Specify inner IP protocol */ c( c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ), "source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ) ) ) ) ), "label" arg /* MPLS label bits */, c( "exp" arg, "exp-except" arg ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "flexible-match-mask" ( /* Match flexible mask */ match_mpls_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_mpls_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), c( "traffic-class-count" arg /* Count the packet in the named traffic-class counter */, "count" arg /* Count the packet in the named counter */ ), "sample" /* Sample the packet */, "loss-priority" ( /* Classify packet to loss-priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "packet-mode" /* Bypass flow mode for the packet */, c( "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:match_mpls_flexible_mask) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits, not needed for string input */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */, "prefix" arg /* Value data/string to be matched */, "flexible-mask-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_mpls_flexible_range) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits */, c( "range" arg /* Range of values to be matched */, "range-except" arg /* Range of values to be not matched */ ), "flexible-range-name" arg /* Select a flexible match from predefined template field */ ) end rule(:mpls_ifd_options) do c( "pop-all-labels" ( /* Pop all MPLS labels off incoming packets */ c( "required-depth" ( /* Required label depth of packet to pop all labels */ ("all" | "1" | "2") ) ) ) ) end rule(:mpls_pm_family_output_type) do c( "server-profile" arg /* Server profile name */ ) end rule(:mpls_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "exp" /* Match MPLS EXP bits */, "exp-except" /* Do not match MPLS EXP bits */, "flexible-match-mask" /* Match flexible mask */, "flexible-match-range" /* Match flexible range */, "forwarding-class" /* Match forwarding class */, "forwarding-class-except" /* Do not match forwarding class */, "interface" /* Match interface name */, "interface-group" /* Match interface group */, "interface-set" /* Match interface in set */, "loss-priority" /* Match Loss Priority */, "loss-priority-except" /* Do not match Loss Priority */, "label" /* MPLS label bits */ ) ) ) ) end rule(:mrp_trace_options) do c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("events" | "pdu" | "timers" | "state-machine" | "socket" | "error" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:mstp_interface) do (arg | "all").as(:arg) ( c( "priority" arg /* Interface priority (in increments of 16 - 0,16,..240) */, "cost" arg /* Cost of the interface */, "mode" ( /* Interface mode (P2P or shared) */ ("point-to-point" | "shared") ), "edge" /* Port is an edge port */, "access-trunk" /* Send/Receive untagged RSTP BPDUs on this interface */, "bpdu-timeout-action" ( /* Define action on BPDU expiry (Loop Protect) */ c( "block" /* Block the interface */, "alarm" /* Generate an alarm */ ) ), "no-root-port" /* Do not allow the interface to become root (Root Protect) */, "disable" /* Disable Spanning Tree on port */ ) ) end rule(:multi_chassis_protection_group) do arg.as(:arg) ( c( "interface" arg /* Inter-Chassis protection link */ ) ) end rule(:multi_chassis_protection_group_ifl) do arg.as(:arg) ( c( "interface" arg /* Inter-Chassis protection link */ ) ) end rule(:multicast_interface_options_type) do arg.as(:arg) ( c( "maximum-bandwidth" ( /* Maximum multicast bandwidth for the interface */ sc( arg /* Maximum multicast bandwidth on the interface */ ) ).as(:oneline), ("enable" | "disable"), "reverse-oif-mapping" ( /* Enable reverse OIF mapping on the multicast interface */ c( "no-qos-adjust" /* Disable reverse OIF mapping QoS adjustment */ ) ), "subscriber-leave-timer" arg /* Timeout in seconds to credit back the bandwidth on the subscriber interface */, "no-qos-adjust" /* Disable QoS adjustment for this interface */ ) ) end rule(:multilink_object) do c( "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */ ) end rule(:name_resolution_cache_type) do c( "maximum-time-in-cache" ( /* Maximum time a DNS response may be held in the cache */ sc( c( "unlimited" /* Cache according to TTL */, arg ) ) ).as(:oneline), "maximum-records-in-cache" arg /* Maximum number of DNS responses that may be held in the cache */, "blacklist-period" arg /* Time (in seconds) a record will be held in the blacklist */, "accelerations" ( /* Mechanisms for accelerating DNS resolving */ c( "no-refresh-before-ttl-expiry" /* Don't send a new query for records that are about to expire */, "initiate-next-queries" /* Immediately initiate queries for referenced entries (e.g A entries referenced from SRV ones) */, "initiate-alternative-queries" /* Initiate NAPTR, SRV and A record queries, in parallel, for every new SIP URI */ ) ) ) end rule(:nameserver_object) do arg.as(:arg) ( c( "source-address" ( /* Source address for requests to this DNS server */ ipaddr /* Source address for requests to this DNS server */ ) ) ).as(:oneline) end rule(:nasreq_definition) do c( "partition" arg ( /* NASREQ partition definition */ c( "diameter-instance" arg /* NASREQ diameter instance */, "destination-realm" arg /* NASREQ destination realm */, "destination-host" arg /* NASREQ destination host */ ) ), "timeout" arg /* Time period that a NASREQ request waits on the transmit queue before failing */, "request-retry" arg /* Number of times to retry NASREQ request when DIAMETER fails with timeout. */, "max-outstanding-requests" arg /* Number of unanswered NASREQ requests sent to server */ ) end rule(:nat_pool_object) do arg.as(:arg) ( c( "pgcp" ( /* NAT pool should be used exclusive by the pgcp service */ c( "remotely-controlled" /* Remotely controlled NAT pool allocation */, "ports-per-session" arg /* Number of ports to allocate in each call setup */, "hint" arg /* NAT hints */, ("tcp" | "udp" | "rtp-avp") ) ), "address" arg /* Address or address prefix for NAT */, "interface" ( /* Interface for nat pool */ sc( interface_unit ) ).as(:oneline), "address-overload" /* Nat pool address overload with JunOS */, "address-range" ( /* Range of addresses for NAT */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */ ) ).as(:oneline), "port" ( /* Specify ports for NAT */ c( c( "automatic" ( c( c( "auto" /* Automatically choose ports */, "sequential" /* Allocate ports in sequence */, "random-allocation" /* Allocate ports randomly */ ) ) ), "range" ( /* Range of ports */ sc( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */, "random-allocation" /* Allocate ports randomly */ ) ).as(:oneline) ), c( "secured-port-block-allocation" ( /* Secured Port block allocation */ sc( "block-size" arg /* Number of port per block. */, "max-blocks-per-address" arg /* Max block per address */, "active-block-timeout" arg /* Active block timeout */ ) ).as(:oneline), "deterministic-port-block-allocation" ( /* Deterministic Port Block Allocation */ sc( "block-size" arg /* Number of ports per block */, "include-boundary-addresses" /* Include network and broadcast in 'from' src-addresses */ ) ).as(:oneline) ), "preserve-parity" /* Allocate port with same parity as original port */, "preserve-range" /* Preserve privileged port range after NAT */ ) ), "address-allocation" ( /* Address allocation method for NAPT */ c( "round-robin" /* Round robin method of allocation */ ) ), "mapping-timeout" arg /* Address-pooling paired and endpoint-independent mapping timeout (120..86400) */, "flow-timeout" arg /* Default flow timeout for NAT flows */, "ei-mapping-timeout" arg /* Endpoint-independent mapping timeout (120..86400) */, "app-mapping-timeout" arg /* Address-pooling paired mapping timeout (120..86400) */, "limit-ports-per-address" arg /* Limit number of ports allocated per host (IP address) */, "snmp-trap-thresholds" ( /* Define snmp traps for service sets */ c( "address-port" ( /* Nat pool address and port usage trap threshold range */ sc( "low" arg /* Lower limit of pool trap threshold */, "high" arg /* Upper limit of pool trap threshold */ ) ).as(:oneline) ) ) ) ) end rule(:nat_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define a NAT term */ c( "nat-type" ( /* NAT type (symmetric/full-cone) */ ("symmetric" | "full-cone") ), "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "no-translation" /* Do not perform translation */ ), c( "port-forwarding-mappings" arg /* Port forwarding mappings */ ), "translated" ( /* Define translation parameters */ c( c( "source-pool" arg /* NAT pool for source translation */, "source-prefix" ( /* NAT prefix for source translation */ ipprefix_only /* NAT prefix for source translation */ ) ), "clat-prefix" ( /* Clat-prefix to be used for 464 translation type */ ipprefix_only /* Clat-prefix to be used for 464 translation type */ ), c( "destination-pool" arg /* NAT pool for destination translation */, "destination-prefix" ( /* NAT prefix for destination translation */ ipprefix_only /* NAT prefix for destination translation */ ) ), c( "dns-alg-pool" arg /* NAT pool for dns alg mappings */, "dns-alg-prefix" ( /* DNS ALG 96 bit prefix for mapping IPv4 addresses to IPv6 addresses */ ipprefix_only /* DNS ALG 96 bit prefix for mapping IPv4 addresses to IPv6 addresses */ ) ), c( "use-dns-map-for-destination-translation" /* Use dns alg address map for destination translation */ ), c( "overload-pool" arg /* NAT pool to be used when source pool is overloaded */, "overload-prefix" ( /* NAT prefix to be used when source pool is overloaded */ ipprefix_only /* NAT prefix to be used when source pool is overloaded */ ) ), "translation-type" ( /* Type of translation to perform */ c( "source" ( /* Type of source translation */ ("static" | "dynamic") ), "destination" ( /* Type of destination translation */ ("static") ), "basic-nat44" /* Static source address (IPv4 to IPv4) translation */, "dynamic-nat44" /* Dynamic source address only (IPv4 to IPv4) translation */, "napt-44" /* Source address (IPv4 to IPv4) and port translation */, "dnat-44" /* Static Destination address (IPv4 to IPv4) translation */, "stateful-nat64" /* Dynamic source address (IPv6 to IPv4) and prefix removal for destination address (IPv6 to IPv4)translation */, "stateful-nat464" /* Prefix removal for Src and Dest address (IPv6 to IPv4) translation */, "basic-nat-pt" /* NAT-PT (static source address (IPv6 to IPv4) and prefix removal for destination address (IPv6 to IPv4) translation) */, "napt-pt" /* NAT-PT (source address (IPv6 to IPv4) and source port and prefix removal for destination address (IPv6 to IPv4) translation) */, "basic-nat66" /* Static source address (IPv6 to IPv6) translation [same as basic-nat44 but for IPv6 address family] */, "nptv6" /* Stateless source address (IPv6 to IPv6) translation */, "napt-66" /* Source address (IPv6 to IPv6) and port translation [same as napt-44 but for IPv6 address family] */, "twice-napt-44" /* Source NAPT and destination static translation for IPv4 address family */, "twice-basic-nat-44" /* Source static and destination static translation for IPv4 address family */, "twice-dynamic-nat-44" /* Source dynamic and destination static translation for IPv4 address family */, "deterministic-napt44" /* Deterministic source NAPT for IPv4 family */ ) ), "mapping-type" ( /* Source NAT mapping type */ ("endpoint-independent") ), "flow-type" ( /* Source NAT flow type */ ("endpoint-independent") ), "ignore-dst-nat-1to1-limitation" /* Ignore destination NAT 1:1 limitation */, "secure-nat-mapping" ( /* Mapping options for enhanced security */ c( "eif-flow-limit" arg /* Number of inbound flows to be allowed for a EIF mapping */, "mapping-refresh" ( /* Enable timer refresh option */ ("inbound" | "outbound" | "inbound-outbound") ), "flow-refresh" ( /* Enable timer refresh option */ ("inbound" | "outbound" | "inbound-outbound") ) ) ), "filtering-type" ( /* Source NAT filtering type */ c( "endpoint-independent" ( /* Endpoint independent filtering */ c( "prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline) ) ) ) ), "address-pooling" ( /* Address pooling behavior for source NAT */ ("paired") ) ) ), "syslog" /* System log information about the packet */ ) ) ) ) ) ) end rule(:network_type) do arg.as(:arg) end rule(:new_call_then_type) do c( "trace" /* Trace messages accepted on this policy */, "media-policy" ( /* Media policy parameters */ c( c( "no-anchoring" /* Setting this would bypass media packet gateway processing */, "media-release" /* Release media - media will not be anchored */ ), "nat-traversal" ( /* Choose when to perform NAT traversal */ c( "nat-traversal-strategy" ( /* Choose when to perform NAT traversal */ ("never" | "always" | "same-as-signaling") ), "force-bidirectional-media" /* Force bidirectional media */ ) ), "data-inactivity-detection" ( /* Configuration of data inactivity indicators */ c( "inactivity-duration" arg /* The amount of time in seconds a stream is inactive before a notification is sent to the SPDF */ ) ), "service-class" arg /* Rate limiting and dscp marking based on the media type */ ) ) ) end rule(:new_call_usage_set_type) do arg.as(:arg) ( c( arg ) ) end rule(:new_registration_set_type) do arg.as(:arg) ( c( arg ) ) end rule(:new_transaction_set_type) do arg.as(:arg) ( c( arg ) ) end rule(:next_hop_group_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:next_hop_subgroup_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:next_hop_type) do arg.as(:arg) end rule(:ocs_definition) do c( "partition" arg ( /* OCS partition configuration */ c( "called-station-id" arg /* OCS called station id */, "charging-id" arg /* OCS charging id */, "destination-realm" arg /* OCS destination realm */, "destination-host" arg /* OCS destination host */, "diameter-instance" arg /* OCS diameter instance */, "draining" /* Set this PCRF partiton to draining state */, "draining-response-timeout" arg /* Final response timeout in draining mode */, "force-continue" /* Expect/force 'continue' as cc-failure-handling value */, "ggsn-address" ( /* Value of ggsn-address avp reported to ocs */ ipaddr /* Value of ggsn-address avp reported to ocs */ ), "ggsn-mcc-mnc" arg /* Value of 3gpp-ggsn-mcc-mnc avp reported to ocs */, "final-response-timeout" arg /* Final response timeout */, "max-outstanding-requests" arg /* Maximum number of outstanding requests */, "send-origin-state-id" /* Include origin-state-id avp */, "user-name-include" ( /* Add user-name options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Domain name */, "interface-name" /* Include interface-name */, "base-interface-name" /* Include base-interface-name */, "mac-address" /* Include MAC address */, "nas-port-id" /* Include nas-port-id */, "origin-host" /* Include origin-host */, "origin-realm" /* Include origin-host */, "user-prefix" arg /* Add user defined prefix */, "user-name" /* Include user-name */ ) ) ) ), "global" ( /* OCS global parameters */ c( "service-context-id" arg /* Service context-id for OCS */ ) ) ) end rule(:otn_options_type) do c( "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "line-loopback" /* Enable line loopback */, "no-line-loopback" /* Don't enable line loopback */, "local-loopback" /* Enable local host loopback */, "no-local-loopback" /* Don't enable local host loopback */, "prbs" /* Enable otn payload prbs */, "no-prbs" /* Don't enable otn payload prbs */, "odu-ttim-action-enable" /* Enable consequent action for ODU TTIM */, "no-odu-ttim-action-enable" /* Don't enable consequent action for ODU TTIM */, "otu-ttim-action-enable" /* Enable consequent action for OTU TTIM */, "no-otu-ttim-action-enable" /* Don't enable consequent action for OTU TTIM */, "transport-monitoring" /* Enable transport monitoring */, "no-transport-monitoring" /* Don't enable transport monitoring */, "odu-delay-management" ( /* Set odu delay management */ c( "monitor-end-point" /* Originate connection monitor end point */, "no-monitor-end-point" /* Don't originate connection monitor end point */, "start-measurement" /* Enable to start a dm measurement */, "no-start-measurement" /* Don't enable to start a dm measurement */, "bypass" /* Act as tandem passing dm value through node */, "no-bypass" /* Don't act as tandem passing dm value through node */, "number-of-frames" arg /* Number of consequent frames to declare dm done */, "remote-loop-enable" /* Enable remote DM loop on remote end */, "no-remote-loop-enable" /* Don't enable remote DM loop on remote end */ ) ), "signal-degrade" ( /* Signal degrade thresholds */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber threshold for signal degrade clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber threshold for signal-degrade (format: xe-n, example: 4.5e-3) */, "q-threshold-signal-degrade-clear" arg /* Q threshold for signal-degrade clear (e.g. 14.26) */, "q-threshold-signal-degrade" arg /* Q threshold for signal-degrade (e.g. 9.26) */ ) ), "odu-signal-degrade" ( /* Signal degrade thresholds for ODU */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber th for sd clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber th for sd (format: xe-n, example: 4.5e-3) */ ) ), "preemptive-fast-reroute" ( /* Preemptive fast reroute */ c( "odu-signal-degrade-monitor-enable" /* Enable ODU signal degrade monitoring */, "no-odu-signal-degrade-monitor-enable" /* Don't enable ODU signal degrade monitoring */, "odu-backward-frr-enable" /* Enable ODU backward frr insertion */, "no-odu-backward-frr-enable" /* Don't enable ODU backward frr insertion */, "signal-degrade-monitor-enable" /* Enable signal degrade monitoring */, "no-signal-degrade-monitor-enable" /* Don't enable signal degrade monitoring */, "backward-frr-enable" /* Enable backward frr insertion */, "no-backward-frr-enable" /* Don't enable backward frr insertion */ ) ), "fec" ( /* Forward Error Correction mode */ ("none" | "gfec" | "efec" | "gfec-sdfec" | "ufec" | "sdfec" | "hgfec") ), "insert-odu-oci" /* Force odu open connection indication */, "no-insert-odu-oci" /* Don't force odu open connection indication */, "insert-odu-lck" /* Force odu locked maintenance signal */, "no-insert-odu-lck" /* Don't force odu locked maintenance signal */, "rate" ( /* Optical Transmission Network mode */ ("pass-thru" | "fixed-stuff-bytes" | "no-fixed-stuff-bytes" | "oc192" | "otu3" | "otu4") ), "bytes" ( /* Set OTN header bytes */ c( "transmit-payload-type" arg /* Transmit payload type */ ) ), "tti" ( /* Trace Identifier */ c( "otu-dapi" arg /* OTU Destination Access Point Identifier */, "otu-sapi" arg /* OTU Source Access Point Identifier */, "otu-expected-receive-dapi" arg /* OTU Expected Receive Destination Access Point Identifier */, "otu-expected-receive-sapi" arg /* OTU Expected Receive Source Access Point Identifier */, "odu-dapi" arg /* ODU Destination Access Point Identifier */, "odu-sapi" arg /* ODU Source Access Point Identifier */, "odu-expected-receive-dapi" arg /* ODU Expected Receive Destination Access Point Identifier */, "odu-expected-receive-sapi" arg /* ODU Expected Receive Source Access Point Identifier */, "otu-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "otu-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-sapi-first-byte-nul" /* Don't insert all-0s to first byte */, "otu-expected-receive-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-expected-receive-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "otu-expected-receive-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-expected-receive-sapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-sapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-expected-receive-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-expected-receive-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-expected-receive-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-expected-receive-sapi-first-byte-nul" /* Don't insert all-0s to first byte */ ) ), "trigger" ( /* Defect triggers */ c( "oc-los" ( /* OC Loss Of Signal defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-lof" ( /* OC Loss Of Frame defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-lom" ( /* OC Loss Of Multiframe defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-wavelength-lock" ( /* OC Wavelength Lock defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-tsf" ( /* Oc tsf defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-ais" ( /* OTU Alarm Indication Signal defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-bdi" ( /* OTU Backward Defect Indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-iae" ( /* OTU Incoming Alignment defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-ttim" ( /* OTU Trail Trace Identifier Mismatch defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-sd" ( /* OTU Signal Degrade defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-fec-deg" ( /* OTU FEC Degrade defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-fec-exe" ( /* OTU FEC Excessive Error defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-ais" ( /* ODU Alarm Indication Signal defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-bdi" ( /* ODU Backward Defect Indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-iae" ( /* Odu iae defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-bei" ( /* Odu backward error indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-oci" ( /* ODU Open Connection Indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-lck" ( /* ODU Locked defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-ttim" ( /* ODU Trail Trace Identifier Mismatch defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-sd" ( /* ODU Signal Degrade defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "opu-ptim" ( /* Payload Type Mismatch defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline) ) ), "tca" ( /* TCA - threshold crossing alerts */ c( "otu-tca-es" ( /* OTU Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-ses" ( /* OTU Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU severely errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU severely errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU severely errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-uas" ( /* OTU Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU unavailable seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU unavailable seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU unavailable seconds in 24 hours */ ) ).as(:oneline), "otu-tca-bbe" ( /* OTU Background Block Error Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU BBE threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU BBE threshold crossing alert */, "threshold" arg /* TCA threshold for OTU BBE in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU BBE in 24 hours */ ) ).as(:oneline), "otu-tca-es-fe" ( /* OTU far-end Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU far-end errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU far-end errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-ses-fe" ( /* OTU far-end Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU far-end Unavailable Seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU far-end Unavailable Seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end severely errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-uas-fe" ( /* OTU far-end Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU far end unavailabe second threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU far end unavailabe second threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end unavailable seconds in 24 hours */ ) ).as(:oneline), "otu-tca-bbe-fe" ( /* OTU far-end Background Block Error (BEI) Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU BBE (BEI) threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU BBE (BEI) threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end BBE (BEI) in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end BBE (BEI) in 24 hours */ ) ).as(:oneline), "odu-tca-es" ( /* ODU Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-ses" ( /* ODU Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU severely errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU severely errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU severely-errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-uas" ( /* ODU Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU unavailable seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU unavailable seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU unavailable seconds in 24 hours */ ) ).as(:oneline), "odu-tca-bbe" ( /* ODU Background Block Error Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU BBE threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU BBE threshold crossing alert */, "threshold" arg /* TCA threshold for ODU BBE in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU backgrand block error in 24 hours */ ) ).as(:oneline), "odu-tca-es-fe" ( /* ODU far-end Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU far-end errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU far-end errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU far-end errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-ses-fe" ( /* ODU far-end Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU far-end Unavailable Seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU far-end Unavailable Seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU severely-errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-uas-fe" ( /* ODU far-end Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU far end unavailabe second threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU far end unavailabe second threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU far-end unavailable seconds in 24 hours */ ) ).as(:oneline), "odu-tca-bbe-fe" ( /* ODU far-end Background Block Error (BEI) Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU BBE (BEI) threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU BBE (BEI) threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end BBE (BEI) in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU far-end backgrand block error in 24 hours */ ) ).as(:oneline), "otu-tca-fec-ber" ( /* OTU Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline) ) ) ) end rule(:override_local_server_type) do c( "interface-client-limit" arg /* Limit the number of clients allowed on an interface */, "no-arp" /* Disable DHCP ARP table population */, "bootp-support" /* Allow processing of bootp requests */, "client-discover-match" ( /* Use secondary match criteria for DISCOVER PDU */ sc( c( "option60-and-option82" /* Use option 60 and option 82 */, "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "delay-offer" ( /* Filter options for dhcp-server */ dhcpv4_filter_option /* Filter options for dhcp-server */ ), "process-inform" ( /* Process INFORM PDUs */ c( "pool" arg /* Pool name for family inet */ ) ), "include-option-82" ( /* Include option-82 in reply packets */ c( "nak" /* Include option-82 in NAK */, "forcerenew" /* Include option-82 in FORCERENEW */ ) ), "delete-binding-on-renegotiation" /* Delete binding on renegotiation */, "allow-no-end-option" /* Allow packets without end-of-option */, "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "protocol-attributes" arg /* DHCPv4 attributes to use as defined under access protocol-attributes */ ) end rule(:dhcpv4_filter_option) do c( "delay-time" arg /* Time delay between discover and offer */, "based-on" ( /* Option number */ c( "option-82" ( /* Option 82 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-60" ( /* Option 60 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-77" ( /* Option 77 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ) ) ) ) end rule(:override_type) do c( "allow-snooped-clients" /* Allow client creation from snooped PDUs */, "no-allow-snooped-clients" /* Don't allow client creation from snooped PDUs */, "allow-no-end-option" /* Allow packets without end-of-option */, "always-write-giaddr" /* Overwrite existing 'giaddr' field, when present */, "always-write-option-82" ( /* Overwrite existing value of option 82, when present */ write_option_82_type /* Overwrite existing value of option 82, when present */ ), "user-defined-option-82" arg /* Set user defined description for option-82 */, "layer2-unicast-replies" /* Do not broadcast client responses */, "trust-option-82" /* Trust options-82 option */, "delay-authentication" /* Delay subscriber authentication in DHCP protocol processing until request packet */, "disable-relay" /* Disable DHCP relay processing */, "no-bind-on-request" /* Do not bind if stray DHCP request is received */, "interface-client-limit" arg /* Limit the number of client allowed on an interface */, "no-arp" /* Disable DHCP ARP table population */, "bootp-support" /* Allows relay of bootp req and reply */, "dual-stack" arg /* Dual stack group to use. */, "client-discover-match" ( /* Use secondary match criteria for DISCOVER PDU */ sc( c( "option60-and-option82" /* Use option 60 and option 82 */, "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "proxy-mode" /* Put the relay in proxy mode */.as(:oneline), "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "replace-ip-source-with" ( /* Replace IP source address in request and release packets */ sc( c( "giaddr" /* Replace IP source address with giaddr */ ) ) ).as(:oneline), "send-release-on-delete" /* Always send RELEASE to the server when a binding is deleted */, "apply-secondary-as-giaddr" /* Enable DHCP relay to use secondary gateway ip for relay interfaces */, "relay-source" ( /* Interface for relay source */ interface_name /* Interface for relay source */ ), "delete-binding-on-renegotiation" /* Delete binding on rengotiation */ ) end rule(:p2mp_ldp_lsp_nh_obj) do c( "root-address" arg ( /* Configure the root address of P2MP LSP */ c( "lsp-id" arg /* Configure the generic LSP identifier */, "group-address" arg ( /* IPv4/Ipv6 group address for mLDP LSP */ c( "source-address" arg /* IPv4/Ipv6 source address */ ) ) ) ) ) end rule(:packet_accounting_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "cflowd" ( /* Cflowd collector where flow records are sent */ cflowd_packet_accounting_type /* Cflowd collector where flow records are sent */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ) ) end rule(:cflowd_packet_accounting_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "version" ( /* Format of exported cflowd aggregates */ ("5" | "8") ), "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ) ) ) end rule(:packet_export_intf_type) do arg.as(:arg) ( c( "engine-id" arg /* Identity (number) of this accounting interface */, "engine-type" arg /* Type (number) of this accounting interface */, "source-address" ( /* Address to use for generating monitored packets */ ipaddr /* Address to use for generating monitored packets */ ), "export-port" ( /* Jflow export port configuration */ export_port_address_type /* Jflow export port configuration */ ) ) ) end rule(:export_port_address_type) do c( "address" ( /* Address to use for jflow export port */ ipv4prefix /* Address to use for jflow export port */ ), "gateway" ( /* Gateway address to reach jflow server */ ipv4addr /* Gateway address to reach jflow server */ ) ) end rule(:pccd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("pccd-main" | "pccd-config" | "pccd-core" | "pccd-ui" | "pccd-rpd" | "pccd-functions" | "all")) /* Area of PCCD to enable debugging output */.as(:oneline) ) end rule(:pcp_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Define direction for which the rule match is applied */ ("input" | "output") ), "term" arg ( /* Define a PCP term */ c( "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "pcp-server" arg /* Define PCP server */ ) ) ) ) ) ) end rule(:pcp_server_object) do arg.as(:arg) ( c( "ipv4-address" ( /* Configure IPv4 address for this PCP server */ ipv4addr /* Configure IPv4 address for this PCP server */ ), "ipv6-address" ( /* Configure IPv6 address for this PCP server */ ipv6addr /* Configure IPv6 address for this PCP server */ ), "softwire-concentrator" arg /* Softwire ds-lite concentrator */, "mapping-lifetime-minimum" arg /* Configure the minimum lifetime for any mapping */, "mapping-lifetime-maximum" arg /* Configure the maximum lifetime for any mapping */, "short-lifetime-error" arg /* Configure duration of a short-lifetime error */, "long-lifetime-error" arg /* Configure duration of a long-lifetime error */, "max-mappings-per-client" arg /* Configure maximum mappings permitted per client */, "pcp-options" ( /* Configure PCP options supported by this server */ sc( "third-party" /* Enable Third Party option */, "prefer-failure" /* Enable Prefer Failure option */ ) ).as(:oneline), "nat-options" ( /* NAT options of this PCP server */ c( "pool" arg /* One or more nat pools */ ) ) ) ) end rule(:pcrf_definition) do c( "partition" arg ( /* PCRF partition configuration */ c( "destination-realm" arg /* PCRF destination realm */, "destination-host" arg /* PCRF destination host */, "diameter-instance" arg /* PCRF diameter instance */, "draining" /* Set this PCRF partiton to draining state */, "draining-response-timeout" arg /* Logout response timeout in draining mode */, "ip-can-type" arg /* Value of IP-CAN-Type AVP for this PCRF partition */, "local-decision" ( /* Local decision configuration */ c( c( "grant" /* Grant user connection by default */, "deny" /* Deny user connection by default */ ), "timeout" arg /* Local decision timeout */ ) ), "logout-response-timeout" arg /* Logout response timeout */, "max-outstanding-requests" arg /* Maximum number of outstanding requests */, "report-local-rule" /* Report installed local rule to PCRF */, "report-resource-allocation" /* Report rule installation failuresto PCRF */, "report-successful-resource-allocation" /* Report rule installation successes to PCRF */, "send-dyn-subscription-indicator" /* Include Juniper-Dyn-Subscription-Indidicator into ccr-i */, "send-network-family-indicator" /* Include Juniper-Network-Family-Indidicator into ccr-i */, "send-origin-state-id" /* Include origin-state-id avp */, "subscription-id-type" arg /* Value of subscription-id-type AVP for this PCRF partition */, "subscription-id-data-include" ( /* Add subscription-id-data options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Domain name */, "interface-name" /* Include interface-name */, "base-interface-name" /* Include base-interface-name */, "mac-address" /* Include MAC address */, "nas-port-id" /* Include nas-port-id */, "origin-host" /* Include origin-host */, "origin-realm" /* Include origin-host */, "user-prefix" arg /* Add user defined prefix */, "user-name" /* Include user-name */ ) ), "update-response-timeout" arg /* Update response timeout */ ) ), "global" ( /* PCRF global parameters */ c( "rule-param" arg ( /* Charging juniper-param avp configuraion */ c( "param-name" arg /* Name associatated with this juniper-param avp */, "log-name" arg /* Log-name associatated with this juniper-param avp */ ) ) ) ) ) end rule(:peer_group) do arg.as(:arg) ( c( "local-ip-addr" ( /* Local IP address to use for this peer alone. */ ipv4addr /* Local IP address to use for this peer alone. */ ), "session-establishment-hold-time" arg /* Time within which connection must succeed with this peer */, "redundancy-group-id-list" arg /* List of redundacy groups this peer is part of */, "backup-liveness-detection" ( /* Backup liveness detection */ c( "backup-peer-ip" ( /* Backup livelness detection peer's IP address */ ipv4addr /* Backup livelness detection peer's IP address */ ) ) ), "liveness-detection" ( /* Bidirectional Forwarding Detection options for the peer */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ), "authentication-key" arg /* MD5 authentication key */ ) ) end rule(:peers_type) do arg.as(:arg) ( c( "user" arg /* User name */, "authentication" ( /* Authentication string */ unreadable /* Authentication string */ ) ) ) end rule(:periodic_oam) do c( "mpls-tp-mode" ( /* MPLS-TP Mode, Do not use IP addressing for OAM */ c( "lsping-channel-type" ( /* Supported Control-channel types for MPLS-TP mode.... */ c( c( "ipv4" /* Use channel-type IPv4(0x0021), With IP-UDP encapsulation */, "on-demand-cv" /* Use channel-type On-Demand-CV(0x0025), Without IP-UDP encapsulation */ ) ) ) ) ), "bfd-port" ( /* Egress knob to select MHOP-BFD port for MPLS BFD */ c( "import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "failure-action" ( /* Action to take when BFD session goes down */ sc( c( "teardown" /* Teardown label switched path and resignal */, "make-before-break" ( /* Resignal the label switched path before teardown */ c( "teardown-timeout" arg /* Time to wait before teardown */ ) ) ) ) ).as(:oneline), "no-router-alert-option" /* Do not set Router-Alert options in IP header for MPLS-BFD */, "use-ip-ttl-1" /* Set TTL value to 1 in IP header for MPLS-BFD */ ) ), "performance-monitoring" ( /* Performance monitoring options */ c( "traceoptions" ( /* Trace options for PM */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("init" | "error" | "event" | "general" | "packet" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "querier" ( /* Querier options */ c( "loss" ( /* Loss measurement options */ c( "traffic-class" enum(("tc-0" | "tc-1" | "tc-2" | "tc-3" | "tc-4" | "tc-5" | "tc-6" | "tc-7" | "all" | "none")) ( /* Traffic class specific options */ c( "query-interval" arg /* Minimum transmit interval */, "measurement-quantity" ( /* Loss measurement quantity */ ("bytes" | "packets") ), "average-sample-size" arg /* Number of samples used in average calculation */, "loss-threshold" arg /* Loss threshold value */, "loss-threshold-window" arg /* Number of samples for loss threshold calculation */ ) ) ) ), "delay" ( /* Delay measurement options */ c( "traffic-class" enum(("tc-0" | "tc-1" | "tc-2" | "tc-3" | "tc-4" | "tc-5" | "tc-6" | "tc-7" | "all")) ( /* Traffic class specific options */ c( "query-interval" arg /* Minimum transmit interval */, "padding-size" arg /* Size of padding */, "average-sample-size" arg /* Number of samples used in average calculation */, "twcd-delay-threshold" arg /* Two way channel delay threshold value */, "rtt-delay-threshold" arg /* Round trip delay threshold value */ ) ) ) ), "loss-delay" ( /* Combined loss-delay measurement options */ c( "traffic-class" enum(("tc-0" | "tc-1" | "tc-2" | "tc-3" | "tc-4" | "tc-5" | "tc-6" | "tc-7" | "all" | "none")) ( /* Traffic class specific options */ c( "query-interval" arg /* Minimum transmit interval */, "measurement-quantity" ( /* Loss measurement quantity */ ("bytes" | "packets") ), "padding-size" arg /* Size of padding */, "average-sample-size" arg /* Number of samples used in average calculation */, "loss-threshold" arg /* Loss threshold value */, "loss-threshold-window" arg /* Number of samples for loss threshold calculation */, "twcd-delay-threshold" arg /* Two way channel delay threshold value */, "rtt-delay-threshold" arg /* Round trip delay threshold value */ ) ) ) ) ) ), "responder" ( /* Responder options */ c( "loss" ( /* Loss measurement options */ c( "min-query-interval" arg /* Minimum query interval */ ) ), "delay" ( /* Delay measurement options */ c( "min-query-interval" arg /* Minimum query interval */ ) ) ) ) ) ), "lsp-ping-interval" arg /* Time interval between LSP ping messages */, "lsp-ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "traceoptions" ( /* Trace options for MPLSOAM process */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "pipe" | "rpc-packet-details" | "database" | "network" | "traceroute" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:pf_mapping) do arg.as(:arg) ( c( "destined-port" ( /* Port forwarding mappings */ s( arg, "translated-port" arg /* Translated port */ ) ).as(:oneline) ) ) end rule(:pgcp_gateway_object) do arg.as(:arg) ( c( "gateway-address" ( /* Local Gateway IP address */ ipv4addr /* Local Gateway IP address */ ), "routing-instance" ( /* Routing instance */ (arg | "inet.0") ), "gateway-port" arg /* Local Gateway transport port */, "cleanup-timeout" arg /* When expires the PG will clean its gate state (Applicable in disconnections) */, "service-state" ( /* Service state */ ("in-service" | "out-of-service-forced" | "out-of-service-graceful") ), "h248-timers" ( pgcp_h248_timers_object ), "h248-properties" ( pgcp_h248_properties_object ), "h248-options" ( pgcp_h248_options_object ), "max-concurrent-calls" arg /* Maximum number of concurrent calls */, "gateway-controller" ( pgcp_controller_object ), "monitor" ( /* Monitor voice traffic */ c( "media" ( /* Monitor media traffic */ c( "rtp" /* Monitor RTP traffic */, "rtcp" /* Monitor RTCP traffic */ ) ) ) ), "graceful-restart" ( c( "maximum-synchronization-time" arg /* Maximum time for synchronization procedure with the PIC */, "maximum-synchronization-mismatches" arg /* Maximum number of mismatches for synchronization procedure with the PIC */, "no-synchronization" /* Disable the synchronization procedure with the PIC */, "catchup-replication-delay" arg /* Delay between replication of new updates and catch-up */ ) ), "fast-update-filters" ( c( "maximum-terms" arg /* Maximum gate rate-limit terms to install at PFE */, "maximum-term-percentage" arg /* Maximum percentage of gates with rate-limit terms at PFE */ ) ), "session-mirroring" ( pgcp_gateway_session_mirroring_object ), "data-inactivity-detection" ( c( "inactivity-delay" arg /* Delay before data inactivity detection starts */, "latch-deadlock-delay" arg /* Delay value used for gates employing NAPT traversal */, "send-notification-on-delay" /* Send inactivity notification when delay expires */, "inactivity-duration" arg /* Default data inactivity duration (Q-MI) */, "stop-detection-on-drop" /* Stop detection when gate action is set to drop */, "no-rtcp-check" /* Do not detect data inactivity on rtcp stream */, "report-service-change" ( /* Configure the data-inactivity service-change behavior */ c( "service-change-type" ( /* Configure the service-change type to be sent upon data-inactivity */ ("forced-910" | "forced-906") ) ) ) ) ), "overload-control" ( c( "queue-limit-percentage" arg /* Overload control queue limit percentage */, "reject-new-calls-threshold" arg /* Overload control reject new calls threshold */, "reject-all-commands-threshold" arg /* Overload control reject all commands threshold */, "queue-maximum-length" arg /* Overload control queue maximum length */, "error-code" arg /* Overload control error code */ ) ), "platform" ( /* Define the platform on which the gateway should be activated */ c( c( "routing-engine" /* The gateway should be activated on the RE */, "device" ( /* The gateway should be activated on a services device */ interface_device /* The gateway should be activated on a services device */ ) ) ) ), "ipsec-transport-security-association" arg /* IPsec transport security association name */ ) ) end rule(:pgcp_controller_object) do arg.as(:arg) ( c( "controller-address" ( /* Gateway controller IP address */ ipv4addr /* Gateway controller IP address */ ), "controller-port" arg /* Gateway controller port */, "interim-ah-scheme" ( pgcp_interim_ah_scheme_object ), c( "remote-controller" /* The gateway controller is remote */, "local-controller" arg /* The gateway controller is local */ ) ) ) end rule(:pgcp_gateway_session_mirroring_object) do c( "delivery-function" arg /* Session-mirroring delivery functions */, "disable-session-mirroring" /* Disable session mirroring for this gateway */ ) end rule(:pgcp_h248_options_object) do c( "service-change" ( pgcp_h248_service_change_object ), "audit-observed-events-returns" /* Activation of history buffer for audit observed events */, "encoding" ( c( "no-octet-string-bit-mirroring" /* No octet string bit mirroring */, "no-dscp-bit-mirroring" /* No DSCP bit mirroring */, "use-lower-case" /* Encode H248 message in lower case */ ) ), "h248-profile" ( c( "profile-name" arg /* The H.248 profile declared by the BGF */, "profile-version" arg /* The H.248 profile-version declared by the BGF */ ) ), "accept-emergency-calls-while-graceful" /* Accept emergency calls while BGF is in OOS gracefull state */, "implicit-tcp-latch" /* Latch implicitly upon TCP transport usage */, "implicit-tcp-source-filter" /* Implicitly filter TCP source addresses */ ) end rule(:pgcp_h248_service_change_object) do c( "control-association-indications" ( /* Control association indications */ control_association_indications_object /* Control association indications */ ), "virtual-interface-indications" ( /* Virtual interface indications */ virtual_interface_indications_object /* Virtual interface indications */ ), "context-indications" ( /* Context indications */ context_indications_object /* Context indications */ ), "use-wildcard-response" /* Request short response to service-change messages */ ) end rule(:context_indications_object) do c( "state-loss" ( /* Configure state loss service change */ ("forced-915" | "forced-910" | "none") ) ) end rule(:control_association_indications_object) do c( "up" ( pgcp_association_up_object ), "down" ( pgcp_association_down_object ), "disconnect" ( pgcp_association_disconnect_object ) ) end rule(:pgcp_association_disconnect_object) do c( "reconnect" ( /* Configure reconnect service change */ ("disconnected-900" | "restart-902") ), "controller-failure" ( /* Configure controller failure service change */ ("restart-902" | "failover-909") ) ) end rule(:pgcp_association_down_object) do c( "administrative" ( /* Configure administrative service change */ ("forced-905" | "forced-908" | "none") ), "failure" ( /* Configure failure service change */ ("forced-904" | "forced-908" | "none") ), "graceful" ( /* Configure graceful service change */ ("none" | "graceful-905") ) ) end rule(:pgcp_association_up_object) do c( "failover-cold" ( /* Configure failover-cold service change */ ("restart-901" | "failover-920") ), "failover-warm" ( /* Configure failover-warm service change */ ("restart-902" | "failover-919") ), "cancel-graceful" ( /* Configure cancel-graceful service change */ ("none" | "restart-918") ) ) end rule(:pgcp_h248_properties_object) do c( "base-root" ( /* Setting H248 mg-mgc transaction time values */ pgcp_h248_base_root_object /* Setting H248 mg-mgc transaction time values */ ), "segmentation" ( pgcp_h248_segmentation_object ), "diffserv" ( pgcp_h248_diffserv_object ), "hanging-termination-detection" ( /* Enabling Hanging termination detection */ pgcp_h248_hangterm_object /* Enabling Hanging termination detection */ ), "traffic-management" ( /* Setting of h248 traffic management default values */ pgcp_h248_traffic_management_object /* Setting of h248 traffic management default values */ ), "notification-behavior" ( /* Setting of h248 Notify behavior values */ pgcp_h248_notification_behavior_object /* Setting of h248 Notify behavior values */ ), "application-data-inactivity-detection" ( /* Setting application data inactivity detection */ pgcp_h248_application_data_inactivity_detection_object /* Setting application data inactivity detection */ ), "event-timestamp-notification" ( /* Setting event timestamp notification */ pgcp_h248_event_timestamp_notification_object /* Setting event timestamp notification */ ), "inactivity-timer" ( /* Default values for inactivity timeout */ pgcp_h248_inactivity_timer_object /* Default values for inactivity timeout */ ) ) end rule(:pgcp_h248_application_data_inactivity_detection_object) do c( "ip-flow-stop-detection" ( /* Setting ip flow stop detection */ ("immediate-notify" | "regulated-notify") ) ) end rule(:pgcp_h248_event_timestamp_notification_object) do c( "request-timestamp" ( /* Notification timestamp */ ("requested" | "suppressed" | "autonomous") ) ) end rule(:pgcp_h248_hangterm_object) do c( "timerx" arg /* Setting timerx value */ ) end rule(:pgcp_h248_inactivity_timer_object) do c( "inactivity-timeout" ( c( "detect" /* Enable/Disable inactivity timer detection */, "maximum-inactivity-time" ( c( "default" arg /* Default maximum inactivity timeout */, "minimum" arg /* Minimum range for maximum inactivity timeout */, "maximum" arg /* Maximum range for maximum inactivity timeout */ ) ) ) ) ) end rule(:pgcp_h248_notification_behavior_object) do c( "notification-regulation" ( c( "default" arg /* Default suppression percentage of Notification behavior Regulation */ ) ) ) end rule(:pgcp_h248_base_root_object) do c( "normal-mg-execution-time" ( /* MG transaction response time expected by MGC. */ c( "default" arg, "minimum" arg /* Minimum range of execution time value */, "maximum" arg /* Maximum range of execution time value */ ) ), "mg-provisional-response-timer-value" ( /* MG pending response time upon incomplete transaction. */ c( "default" arg, "minimum" arg /* Minimum range of timers value */, "maximum" arg /* Maximum range of timer value */ ) ), "mg-originated-pending-limit" ( /* Max MG TransactionPendings num recieved. */ c( "default" arg, "minimum" arg /* Minimum range of pending limit value */, "maximum" arg /* Maximum range of pending limit value */ ) ), "normal-mgc-execution-time" ( /* MGC transaction response time expected by MG. */ c( "default" arg, "minimum" arg /* Minimum range of execution time value */, "maximum" arg /* Maximum range of execution time value */ ) ), "mgc-provisional-response-timer-value" ( /* MGC pending response time upon incomplete transaction. */ c( "default" arg, "minimum" arg /* Minimum range of timers value */, "maximum" arg /* Maximum range of timers value */ ) ), "mgc-originated-pending-limit" ( /* Max MGC TransactionPendings num recieved. */ c( "default" arg, "minimum" arg /* Minimum range of pending limit value */, "maximum" arg /* Maximum range of pending limit value */ ) ) ) end rule(:pgcp_h248_diffserv_object) do c( "dscp" ( /* Differentiated Services Code Point (DSCP) */ c( "default" ( ("do-not-change" | "af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "nc1" | "nc2" | "be" | arg) ), "ignore-signaled-value" /* Ignore property value appearing in H.248 signaling */ ) ) ) end rule(:pgcp_h248_segmentation_object) do c( "mgc-segmentation-timer" ( /* Time the MG waits for remaining segments from MGC */ c( "default" arg, "minimum" arg /* Minimum range of timer value */, "maximum" arg /* Maximum range of timer value */ ) ), "mgc-maximum-pdu-size" ( /* Maximum size of the MGC's incoming messages from MG */ c( "default" arg, "minimum" arg /* Minimum range of pdu size value */, "maximum" arg /* Maximum range of pdu size value */ ) ), "mg-segmentation-timer" ( /* Time the MGC waits for remaining segments from MGC */ c( "default" arg, "minimum" arg /* Minimum range of timer value */, "maximum" arg /* Maximum range of timer value */ ) ), "mg-maximum-pdu-size" ( /* Maximum size of the MG's incoming messages from MGC */ c( "default" arg, "minimum" arg /* Minimum range of pdu size value */, "maximum" arg /* Maximum range of pdu size value */ ) ) ) end rule(:pgcp_h248_timers_object) do c( "maximum-waiting-delay" arg /* Randomly determined delay before retraversing PGC list (MWD) */, "tmax-retransmission-delay" arg /* Delay before PGC is considered down (T-MAX) */, "initial-average-ack-delay" arg /* Assumed initial average reply time (for retransmission rate) (I-AAD) */, "maximum-net-propagation-delay" arg /* Worst case network propagation delay (M-NPD), used for calculating LONG-TIMER */ ) end rule(:pgcp_h248_traffic_management_object) do c( "sustained-data-rate" ( /* SDR permitted for the stream */ c( "default" arg /* Default rate value */, "minimum" arg /* Minimum range of rate value */, "maximum" ( /* Maximum range of rate value */ enum(arg) ), "rtcp" ( /* Default rtcp rate */ pgcp_h248_rtcp_rate_units_object /* Default rtcp rate */ ), "rtcp-include" /* TMAN SDR includes RTCP bandwidth */ ) ), "peak-data-rate" ( /* PDR permitted for the stream */ c( "default" arg /* Default rate value */, "minimum" arg /* Minimum range of rate value */, "maximum" ( /* Maximum range of rate value */ enum(arg) ), "rtcp" ( /* Default rtcp rate */ pgcp_h248_rtcp_rate_units_object /* Default rtcp rate */ ) ) ), "max-burst-size" ( /* MBS for the stream */ c( "default" arg /* Default rate value */, "minimum" arg /* Minimum range of rate value */, "maximum" ( /* Maximum range of rate value */ enum(arg) ), "rtcp" ( /* Default rtcp rate */ pgcp_h248_rtcp_burst_units_object /* Default rtcp rate */ ) ) ) ) end rule(:pgcp_h248_rtcp_burst_units_object) do c( c( "percentage" arg /* Value entered is percentage of RTP's parallel value */, "fixed-value" arg /* Value entered is a fixed one */ ) ) end rule(:pgcp_h248_rtcp_rate_units_object) do c( c( "percentage" arg /* Value entered is percentage of RTP's parallel value */, "fixed-value" arg /* Value entered is a fixed one */ ) ) end rule(:pgcp_interim_ah_scheme_object) do c( "algorithm" ( /* Define authentication algorithm */ ("hmac-null") ) ) end rule(:pgcp_media_service_object) do arg.as(:arg) ( c( "nat-pool" arg /* Pool name */ ) ) end rule(:pgcp_rule_object) do arg.as(:arg) ( c( "gateway" arg /* Gateway Name */, c( "media-service" arg /* One or more PGCP media service */, "nat-pool" arg /* One or more nat pools */ ) ) ) end rule(:pgcp_session_mirroring_object) do c( "delivery-function" ( /* Interface for delivering mirrored packets */ pgcp_delivery_function_object /* Interface for delivering mirrored packets */ ), "disable-session-mirroring" /* Disable PGCP session mirroring */ ) end rule(:pgcp_delivery_function_object) do arg.as(:arg) ( c( "destination-address" ( /* Delivery function destination IP address */ ipv4addr /* Delivery function destination IP address */ ), "destination-port" arg /* Delivery function destination port */, "network-operator-id" arg /* Network operator ID */, "source-address" ( /* Network-element-id */ ipv4addr /* Network-element-id */ ), "source-port" arg /* Network-element-port */, "memory-managment" ( /* Measure memory usage */ pgcp_debug_mem_mgmt_object /* Measure memory usage */ ) ) ) end rule(:pgcp_debug_mem_mgmt_object) do c( "operational-mode" ( /* Memory managment operation mode */ ("fast" | "type-tracking" | "location-tracking") ) ) end rule(:pgcp_virtual_interface_object) do arg.as(:arg) ( c( "routing-instance" ( /* Routing instance of server to which to forward */ (arg | "inet.0") ), "service-state" ( /* Service state */ ("in-service" | "out-of-service-forced" | "out-of-service-graceful") ), c( "media-service" arg /* One or more PGCP media service */, "nat-pool" arg /* One or more nat pools */ ), "interface" ( /* Interface name */ interface_name /* Interface name */ ) ) ) end rule(:pim_bootstrap_options_type) do c( "priority" arg /* Eligibility to be the bootstrap router */, "import" ( /* Bootstrap import policy */ policy_algebra /* Bootstrap import policy */ ), "export" ( /* Bootstrap export policy */ policy_algebra /* Bootstrap export policy */ ) ) end rule(:pim_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("prefix") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:pim_rp_group_range_type) do arg.as(:arg) ( c( "nexthop-hold-time" arg /* Nexthop hold time in milliseconds */ ) ) end rule(:pm_rspan_bridge_domain) do arg.as(:arg) end rule(:pm_rspan_vlan) do arg.as(:arg) ( c( "no-tag" /* Removes extra RSAPN tag from mirrored packets */ ) ) end rule(:pm_family_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "maximum-packet-length" arg /* Maximum length of the mirrored packet */ ) end rule(:pmond_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("events" | "heartbeat" | "process-tracking" | "ui" | "all")) /* Area of process health monitor to enable debugging output */.as(:oneline) ) end rule(:port_range) do arg.as(:arg) ( c( "maximum-port" arg /* Maximum port in the port range */ ) ).as(:oneline) end rule(:ppp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("access" | "address-pool" | "auth" | "chap" | "pap" | "config" | "ifdb" | "lcp" | "memory" | "message" | "mlppp" | "ncp" | "ppp" | "radius" | "redundancy" | "rtsock" | "session" | "signal" | "timer" | "ui" | "ci" | "all")) /* Area of PPP process to enable debugging output */.as(:oneline) ) end rule(:ppp_options_type) do c( "dynamic-profile" arg /* Dynamic profile name */, "chap" ( /* Challenge Handshake Authentication Protocol options */ c( c( "access-profile" arg /* Profile containing client list and access parameters */, "default-chap-secret" ( /* Default CHAP secret to be used when no matching access profile exists */ unreadable /* Default CHAP secret to be used when no matching access profile exists */ ) ), "local-name" arg /* Name sent in CHAP-Challenge and CHAP-Response */, "no-rfc2486" /* RFC2486 compliance is not enforced */, "passive" /* Handle incoming CHAP requests only */, "challenge-length" ( /* CHAP challenge length */ sc( "minimum" arg /* Minimum CHAP challenge length */, "maximum" arg /* Maximum CHAP challenge length */ ) ).as(:oneline) ) ), "pap" ( /* Password Authentication Protocol options */ c( c( "access-profile" arg /* Profile containing client list and access parameters */, "default-password" ( /* Default PAP password used in the absence of matching profile */ unreadable /* Default PAP password used in the absence of matching profile */ ) ), "local-name" arg /* Name sent in PAP request packet */, "no-rfc2486" /* RFC2486 compliance is not enforced */, "local-password" ( /* Password sent in PAP request packet */ unreadable /* Password sent in PAP request packet */ ), "passive" /* Do not handle PAP authentication requests */ ) ), "authentication" ( /* Order in which PPP authentication protocols are negotiated */ ("pap" | "chap") ), "compression" ( /* Set compression options */ sc( "acfc" /* Negotiate Address/Control field compression */, "pfc" /* Negotiate Protocol field compression */ ) ).as(:oneline), "lcp-restart-timer" arg /* LCP restart timer */, "ncp-restart-timer" arg /* NCP restart timer */, "no-termination-request" /* Don't send PPP termination requests */, "loopback-clear-timer" arg /* Loopback clear timer */, "lcp-max-conf-req" arg /* Maximum LCP Conf-Req to be sent, 0 means infinite */, "ncp-max-conf-req" arg /* Maximum NCP Conf-Req to be sent, 0 means infinite */, "on-demand-ip-address" /* Enable On-Demand IPv4 address allocation and de-allocation */, "aaa-options" arg /* Attach AAA options name to dynamic-profile */, "initiate-ncp" ( /* Enable server initiated NCP */ c( "ip" /* Enable server initiated IPNCP */, "ipv6" /* Enable server initiated IPv6NCP */, "dual-stack-passive" /* Disable server initiated IPNCP/IPv6NCP for dual-stack client */ ) ), "mru" arg /* The Maximum Receive Unit size in bytes */, "mtu" ( /* The Maximum Transfer Unit size in bytes */ ("use-lower-layer" | arg) ), "peer-ip-address-optional" /* Set Peer IP Address Optional in IP NCP Negotiations */, "ipcp-suggest-dns-option" /* Suggest peer to negotiate with DNS Adresses options */ ) end rule(:pppoe_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "events" | "gres" | "init" | "interface-db" | "memory" | "protocol" | "rtsock" | "session-db" | "signal" | "state" | "stats" | "timer" | "ui" | "all")) /* Area of PPPoE process to enable debugging output */.as(:oneline), "filter" ( /* Trace filtering */ c( "aci" arg /* Regular expression to match ACI */, "ari" arg /* Regular expression to match ARI */, "service-name" arg /* Service name */, "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | arg) ), "user" ( /* Filter by user name */ c( arg ) ) ) ) ) end rule(:pppoe_options_type) do c( "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | arg) ), "idle-timeout" arg /* Time for which session can be idle (0 = forever) */, "access-concentrator" arg /* Name of the access concentrator (PPPoE server) */, "service-name" arg /* Service to be requested (from PPPoE server) */, "auto-reconnect" arg /* Time to reconnect after session terminates (0 = never) */, c( "server" /* PPPoE operates in server mode */, "client" /* PPPoE operates in client mode */ ) ) end rule(:pppoe_underlying_options_type) do c( "access-concentrator" arg /* Name of the access concentrator (PPPoE server) */, "direct-connect" /* Ignore received VS tags for PPPoE sessions */, "duplicate-protection" /* Disallow multiple PPPoE sessions to a single client */, "dynamic-profile" arg /* Attach dynamic-profile to interface */, "max-sessions" arg /* Maximum number of PPPoE sessions allowed on underlying interface */, "max-sessions-vsa-ignore" /* Ignore the max-sessions VSA */, "service-name-table" arg /* Attach Service Name Table to interface */, "short-cycle-protection" ( /* Enable short cycle protection on underlying interface */ c( "lockout-time-min" arg /* Minimum lockout time */, "lockout-time-max" arg /* Maximum lockout time */, "filter" ( /* Granularity of blocking filter */ ("aci") ) ) ) ) end rule(:prefix_action) do arg.as(:arg) ( c( "policer" arg /* Police the packet using a set of named policer */, "count" /* Enable counters */, "filter-specific" /* Filter specific, else term specific */, "subnet-prefix-length" arg /* Prefix length for the total address range */, c( "source-prefix-length" arg /* Source prefix range */, "destination-prefix-length" arg /* Destination prefix range */ ) ) ) end rule(:prefix_list_items) do arg.as(:arg) end rule(:profile_radius_server_object) do arg.as(:arg) ( c( "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* Port number to which to send RADIUS accounting messages */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */ ) ) end rule(:programmable_rpd_type) do c( "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("client" | "japi" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "purge-timeout" arg /* Purge timeout for all programmable-rpd clients in seconds */ ) end rule(:proto_object) do arg.as(:arg) ( c( "tunable-name" ( /* Protocol tunable name */ tunable_object /* Protocol tunable name */ ) ) ) end rule(:protocol_attribute_type) do arg.as(:arg) ( c( "dhcp" ( /* DHCPv4 configurable attributes */ dhcp_attribute_type /* DHCPv4 configurable attributes */ ), "dhcpv6" ( /* DHCPv6 configurable attributes */ dhcp_attribute_type /* DHCPv6 configurable attributes */ ) ) ) end rule(:proxy_object) do c( "server" arg /* URL or IP address of the proxy server host */, "port" arg /* Proxy server port */, "username" arg /* Username as configured in the proxy server */, "password" ( /* Password as configured in the proxy server */ unreadable /* Password as configured in the proxy server */ ) ) end rule(:ptsp_forward_rule_object) do arg.as(:arg) ( c( "term" arg ( /* One or more terms in PTSP rule */ c( "from" ( /* Match criteria */ ptsp_forward_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "forwarding-instance" arg /* Forwarding instance assigned to outgoing packets */, "unit-number" arg /* Unit number associated with forwarding instance */ ) ) ) ) ) ) end rule(:ptsp_forward_match_object) do c( "local-address" ( /* Match IP local address */ sfw_addr_object /* Match IP local address */ ), "local-address-range" ( /* Match IP local address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "local-prefix-list" arg ( /* One or more named lists of local prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), c( "applications" arg /* Match one or more applications */, "nested-applications" arg /* Match one or more nested-applications */, "application-groups" arg /* Match one or more applications */ ) ) end rule(:ptsp_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "demux" ( /* Demux occurs on source or destination address */ ("source-address" | "destination-address") ), "count-type" ( /* Terms in this rule collect statstics based on rule or applications */ ("rule" | "application") ), "forward-rule" arg /* Forwarding rule to be applied */, "term" arg ( /* One or more terms in PTSP rule */ c( "from" ( /* Match criteria */ ptsp_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "count" ( /* Count packets by application or application group */ ("none" | "application" | "nested-application" | "application-group" | "application-group-any" | "rule") ), "police" arg /* Policer name */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */ ) ) ) ) ) ) ) end rule(:ptsp_match_object) do c( "remote-address" ( /* Match IP remote address */ sfw_addr_object /* Match IP remote address */ ), "remote-address-range" ( /* Match IP remote address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "remote-prefix-list" arg ( /* One or more named lists of remote prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "protocol" arg /* IPv4 protocol number */, "local-ports" arg /* Local port list specification */, "local-port-range" ( /* Match local port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline), "remote-ports" arg /* Remote port list specification */, "remote-port-range" ( /* Match remote port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline), c( "application-group-any" /* Match any application group */, "applications" arg /* Match one or more applications */, "nested-applications" arg /* Match one or more nested-applications */, "application-groups" arg /* Match one or more application groups */ ) ) end rule(:qualified_nh_obj) do arg.as(:arg) ( c( "preference" arg /* Preference of qualified next hop */, "metric" arg /* Metric of qualified next hop */, "interface" ( /* Interface of qualified next hop */ interface_name /* Interface of qualified next hop */ ), "mac-address" ( /* Next-hop Mac Address */ mac_unicast /* Next-hop Mac Address */ ), "tag" arg /* Tag string */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ) ) ) end rule(:r2cp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "event" | "interface" | "node" | "packet" | "rtsock" | "session" | "socket" | "timer" | "virtual-channel" | "all")) /* Area of R2CP process to enable debugging output */.as(:oneline) ) end rule(:radius_disconnect_object) do arg.as(:arg) ( c( "secret" ( /* Secret with which to authenticate RADIUS client sending disconnect requests */ unreadable /* Secret with which to authenticate RADIUS client sending disconnect requests */ ) ) ) end rule(:radius_server_object) do arg.as(:arg) ( c( "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* RADIUS server accounting port number */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ) ) ) end rule(:radius_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("send" | "send-detail" | "receive" | "receive-detail" | "timeout" | "state" | "all")) /* Tracing parameters */.as(:oneline), "server" arg /* Trace packet sent to or received from the server[s] */, "client" arg /* Trace packet sent to or received from the client[s] */, "snoop-segment" arg /* Trace packet related to snoop-segment */ ) end rule(:radius_options_vlan_type) do c( "nas-port-options" arg ( /* Attach NAS Port options to VLAN/SVLAN ranges */ c( "nas-port-type" ( /* Configure NAS port type */ ("async" | "sync" | "isdn-sync" | "isdn-v120" | "isdn-v110" | "virtual" | "piafs" | "hdlc-clear-channel" | "x25" | "x75" | "g3-fax" | "sdsl" | "adsl-cap" | "adsl-dmt" | "idsl" | "ethernet" | "xdsl" | "cable" | "wireless" | "wireless-ieee80211" | "token-ring" | "fddi" | "wireless-cdma2000" | "wireless-umts" | "wireless-1x-ev" | "iapp" | arg) ), "nas-port-extended-format" ( /* Configure NAS port format */ c( "ae-width" arg /* Number of bits for the aggregated ethernet identifier field */, "slot" arg /* Value to write to the slot field */, "slot-width" arg /* Number of bits for the slot field */, "adapter" arg /* Value to write to the adapter field */, "adapter-width" arg /* Number of bits for the adapter field */, "port" arg /* Value to write to the port field */, "port-width" arg /* Number of bits for the port field */, "pw-width" arg /* Number of bits for the pseudo-wire field */, "stacked-vlan-width" arg /* Number of bits for the S-VLAN subinterface field */, "vlan-width" arg /* Number of bits for the VLAN subinterface field */, "stacked" /* Include the S-VLAN ID for subscribers on interfaces */, "vpi-width" arg /* Number of bits for the ATM VPI field */, "vci-width" arg /* Number of bits for the ATM VCI field */ ) ), "stacked-vlan-ranges" arg /* Configure interface based on stacked-vlan range */, "vlan-ranges" arg /* Configure interface based on vlan range */ ) ) ) end rule(:reconfigure_trigger_type) do c( "radius-disconnect" /* Trigger DHCP reconfigure by radius initiated disconnect */ ) end rule(:reconfigure_type) do c( "clear-on-abort" /* Delete client on reconfiguration abort */, "attempts" arg /* Number of reconfigure attempts before aborting */, "timeout" arg /* Initial timeout value for retry */, "token" arg /* Reconfigure token */, "trigger" ( /* DHCP reconfigure trigger */ reconfigure_trigger_type /* DHCP reconfigure trigger */ ), "support-option-pd-exclude" /* Request prefix exclude option in reconfigure message */ ) end rule(:redundancy_group_type) do arg.as(:arg) ( c( "redundancy-group-id" arg /* Redundancy Group ID */, "peer-chassis-id" arg ( /* Peer Chassis ID */ c( "no-auto-vlan-provisioning" /* Disable auto VLAN provisioning on inter-chassis-link */, "inter-chassis-link" ( /* ICL interface name */ interface_device /* ICL interface name */ ), "no-auto-iccp-provisioning" /* Disable auto ICCP provisioning */, "session-establishment-hold-time" arg /* Time within which connection must succeed with this peer */, "liveness-detection" ( /* Bidirectional Forwarding Detection options for the peer */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ), "authentication-key" arg /* MD5 authentication key */, "traceoptions" ( /* Trace options for ICCP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("error" | "event" | "packet" | "pipe" | "pipe-detail" | "all")) /* Trace flag information */.as(:oneline) ) ) ) ), "satellite" arg /* Satellite slot-id or range or all */, "system-mac-address" ( /* System MAC address */ mac_unicast /* System MAC address */ ), "cluster" arg /* Cluster member of redundancy-group */ ) ) end rule(:registration_policy_type) do arg.as(:arg) ( c( "term" arg ( /* Term definition */ c( "from" ( /* From action */ new_transaction_from_type /* From action */ ), "then" ( /* Action */ new_registration_then_type /* Action */ ) ) ) ) ) end rule(:new_registration_then_type) do c( "nat-traversal" ( /* How to traverse NAT devices */ nat_traversal_action /* How to traverse NAT devices */ ) ) end rule(:nat_traversal_action) do c( "nat-traversal-strategy" ( /* Choose when to perform NAT traversal */ ("never" | "always" | "by-via") ), "keepalive-interval" arg /* Keepalive interval */, "minimum-registration-interval" arg /* Minimum registration interval allowed in register packet */, "keepalive-mechanisms" ( /* A prioritized list of keepalive mechanisms */ c( "register-fast-expiration" /* Reduce the expiration interval in REGISTER responses */ ) ) ) end rule(:new_transaction_from_type) do c( "source-address" ( /* Source addresses and masks */ ipaddr /* Source addresses and masks */ ), "method" ( /* Methods */ transaction_method_type /* Methods */ ), "request-uri" ( /* Request URI field */ sc( "regular-expression" ( /* Regular expression matched on incoming Request-URI */ regular_expression /* Regular expression matched on incoming Request-URI */ ), "registration-state" ( /* Registration state */ ("registered" | "not-registered") ), "uri-hiding" ( /* URI hidden */ ("hidden-uri" | "not-hidden-uri") ) ) ).as(:oneline), "contact" ( /* Contact field */ sc( "regular-expression" ( /* Regular expression matched on incoming contact */ regular_expression /* Regular expression matched on incoming contact */ ), "registration-state" ( /* Registration state */ ("registered" | "not-registered") ), "uri-hiding" ( /* URI hidden */ ("hidden-uri" | "not-hidden-uri") ) ) ).as(:oneline) ) end rule(:relay_bulk_leasequery_v4_type) do c( "attempts" arg /* Number of retry attempts */, "timeout" arg /* Number of seconds */ ) end rule(:relay_bulk_leasequery_v6_type) do c( "attempts" arg /* Number of retry attempts */, "timeout" arg /* Number of seconds */, "trigger" ( /* Trigger for bulk leasequery */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline) ) end rule(:relay_leasequery_type) do c( "attempts" arg /* Number of retry attempts */, "timeout" arg /* Number of seconds */ ) end rule(:relay_option_60_type_group) do c( "vendor-option" ( /* Add vendor option */ c( "equals" ( /* Option 60 equals */ relay_option_60_match_group /* Option 60 equals */ ), "not-equals" ( /* Option 60 does not equal */ relay_option_60_match_group /* Option 60 does not equal */ ), "starts-with" ( /* Option 60 starts with */ relay_option_60_match_group /* Option 60 starts with */ ), c( "default-relay-server-group" arg /* Name of DHCP relay server group when match is not made */, "default-local-server-group" arg /* Name of DHCP local server group when match is not made */, "drop" /* Discard when a match is not made */, "forward-only" /* Forward without subscriber services when a match is not made */ ) ) ) ) end rule(:relay_option_60_match_group) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:relay_option_60_type_top) do c( "vendor-option" ( /* Add vendor option */ c( "equals" ( /* Option 60 equals */ relay_option_60_match_top /* Option 60 equals */ ), "not-equals" ( /* Option 60 does not equal */ relay_option_60_match_top /* Option 60 does not equal */ ), "starts-with" ( /* Option 60 starts with */ relay_option_60_match_top /* Option 60 starts with */ ), c( "default-relay-server-group" arg /* Name of DHCP relay server group when match is not made */, "default-local-server-group" arg /* Name of DHCP local server group when match is not made */, "drop" /* Discard when a match is not made */, "forward-only" /* Forward without subscriber services when a match is not made */ ) ) ) ) end rule(:relay_option_60_match_top) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:relay_option_82_type) do c( "circuit-id" ( /* Add circuit identifier */ c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "user-defined" /* Include user defined string */, "keep-incoming-circuit-id" /* Keep incoming circuit identifier */ ) ), "remote-id" ( /* Add remote identifier */ c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "keep-incoming-remote-id" /* Keep incoming remote identifier */ ) ), "server-id-override" /* Add link-selection and server-id sub-options on packets to server */, "vendor-specific" ( /* Add vendor-specific information */ jdhcp_vendor_specific_type /* Add vendor-specific information */ ).as(:oneline) ) end rule(:relay_v4_option_ascii_hex) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:relay_v6_option_ascii_hex) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:res_cleanupd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("events" | "gencfg" | "module" | "sysvsem" | "sysvshm" | "tracking" | "ui" | "all")) /* Area of resource cleanup process to enable debugging output */.as(:oneline) ) end rule(:resource_monitor_type) do c( "resource-category" enum(("jtree")) ( /* Resource category */ c( "resource-type" enum(("free-pages" | "free-dwords" | "contiguous-pages")) ( /* Resource type */ c( "low-watermark" arg /* Low watermark limit percentage */, "high-watermark" arg /* High watermark limit percentage */ ) ) ) ), "traceoptions" ( /* Resource monitor trace options */ resource_monitor_traceoptions_type /* Resource monitor trace options */ ), "no-throttle" /* Disable throttling of subscribers and services based on resource utilization */, "no-logging" /* Disable logging of warning or error messages resource levels exceeded */, "high-threshold" arg /* High threshold percentage for resource utilization */, "free-heap-memory-watermark" arg /* Watermark percentage for ukern heap resource utilization */, "free-nh-memory-watermark" arg /* Watermark percentage for NH resource utilization */, "free-fw-memory-watermark" arg /* Watermark percentage for Filter / Firewall resource utilization */ ) end rule(:resource_monitor_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Resource monitor operations to include in debugging trace */.as(:oneline) ) end rule(:resources_type) do c( "cpu" ( c( "priority" arg /* Highest priority (nice level) process can run at */, "time" arg /* Maximum amount of CPU time that can be accumulated */ ) ), "memory" ( c( "data-size" arg /* Maximum size of the data segment */, "locked-in" arg /* Maximum bytes that can be locked into memory */, "resident-set-size" arg /* Maximum amount of private physical memory at any given moment */, "socket-buffers" arg /* Maximum amount of physical memory that may be dedicated to socket buffers */, "stack-size" arg /* Maximum size of the stack segment */ ) ), "file" ( c( "size" arg /* Maximum size of a file that can be created */, "open" arg /* Maximum number of simultaneous open files */, "core-size" arg /* Maximum size of a core file that can be created */ ) ) ) end rule(:rib_aggregate_type) do c( "defaults" ( /* Global route options */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "discard" /* Drop packets to destination; send no ICMP unreachables */, "next-table" arg /* Next hop to another table */, c( "brief" /* Include longest common sequences from contributing paths */, "full" /* Include all AS numbers from all contributing paths */ ), c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ) ) ), "route" arg ( /* Individual route options */ c( "policy" ( /* Policy filter */ policy_algebra /* Policy filter */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "discard" /* Drop packets to destination; send no ICMP unreachables */, "next-table" arg /* Next hop to another table */, c( "brief" /* Include longest common sequences from contributing paths */, "full" /* Include all AS numbers from all contributing paths */ ), c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ) ) ) ) end rule(:rib_group_inet_type) do c( arg /* Name of the routing table group */ ).as(:oneline) end rule(:rib_group_type) do c( arg /* Name of the IPv4 routing table group */, "inet" arg /* Name of the IPv4 routing table group */, "inet6" arg /* Name of the IPv6 routing table group */ ) end rule(:rib_static_metric_type) do c( arg /* Metric value */, "type" arg /* Metric type */ ).as(:oneline) end rule(:rip_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("prefix") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:rmopd_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "ipc" | "ppm" | "statistics" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:rmps_clnt_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("infra" | "memory" | "communication" | "resource-tables" | "info-tables" | "redundancy" | "all")) /* Resource Management Packet Steering Client to trace */.as(:oneline) ) end rule(:rmpsd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "gres" | "init" | "memory" | "communication" | "license-management" | "signal" | "state" | "timer" | "ui" | "resource-manager" | "info-manager" | "packet-steering" | "all")) /* Resource Management Packet Steering Area to trace */.as(:oneline) ) end rule(:route_filter_list_items) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */, "address-mask" arg /* Mask applied to prefix address */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */ ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ sc( "index" arg /* Set prefix segment index */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, ipaddr /* Next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( "strict" /* Do not use any other available next hops */, c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline) ) ) end rule(:route_record_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("parse" | "all")) /* Area of route-record to enable debuging output */.as(:oneline) ) end rule(:routing_destinations) do c( "default-availability-check-profile" arg /* Profile that will be used if no other profile was attached to a server */, "availability-check-profiles" ( /* Definitions of servers availability check profiles */ availability_check_profile /* Definitions of servers availability check profiles */ ), "servers" ( /* Servers definitions */ routing_destination_server /* Servers definitions */ ), "clusters" ( /* Clusters definitions */ routing_destination_cluster /* Clusters definitions */ ) ) end rule(:availability_check_profile) do arg.as(:arg) ( c( "keepalive-method" ( /* How will availability check be done */ sc( c( "sip-options" /* Check availability by sending a SIP OPTIONS message */ ) ) ).as(:oneline), "keepalive-strategy" ( /* When will the server be checked for availability */ sc( c( "send-always" ( /* Always check the server availability */ c( "failures-before-unavailable" arg /* A server is assumed to be unavailable when a keepalive message was not answered this number of times */, "successes-before-available" arg /* A server is assumed to be available when a keepalive message was successfully answered this number of times */ ) ), "send-when-unavailable" ( /* Check the server availability only when it is marked as unavailable */ sc( "successes-before-available" arg /* A server is assumed to be available when a keepalive message was successfully answered this number of times */ ) ).as(:oneline), "do-not-send" ( /* Never perform availability checks of the server */ sc( "blackout-period" arg /* Time a server will be considered unavailable */ ) ).as(:oneline) ) ) ).as(:oneline), "keepalive-interval" ( /* How often should the server be checked for availability */ c( "available-server" arg /* How often should a server that is marked as available be checked for availablility */, "unavailable-server" arg /* How often should a server that is marked as unavailable be checked for availablility */ ) ), "transaction-timeout" arg /* A server is assumed to be unavailable when a keepalive message was not answered in this time */ ) ) end rule(:routing_destination_cluster) do arg.as(:arg) ( c( "server" arg ( c( "priority" arg /* Defines the redundency order */, "weight" arg /* Defines the load balancing ratio */ ) ) ) ) end rule(:routing_destination_server) do arg.as(:arg) ( c( "address" ( /* Server's address */ routing_destination_address /* Server's address */ ), "service-point" arg /* Exit point */, "admission-control" arg /* Admission control profile for the server */, "availability-check-profile" arg /* Availability check profile for the server */ ) ) end rule(:routing_destination_address) do c( ipaddr /* IP address */, "port" arg /* Port number */, "transport-protocol" ( /* Transport protocol */ transport_protocol /* Transport protocol */ ) ).as(:oneline) end rule(:rpd_rib_group_type) do arg.as(:arg) ( c( "export-rib" arg /* Export routing table */, "import-rib" arg /* Import routing table */, "import-policy" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) end rule(:rtf_prefix_list_items) do arg.as(:arg) end rule(:sampling_family_inet6_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet6_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_sampling_inet6_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:packet_export_inline) do c( "source-address" ( /* Address to use for generating monitored packets */ ipaddr /* Address to use for generating monitored packets */ ), "flow-export-rate" arg /* Flow export rate of monitored packets in kpps */ ) end rule(:sampling_family_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) end rule(:sampling_global_mpls_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_global_mpls_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ) ) end rule(:cflowd_global_mpls_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:sampling_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */, "family" ( /* Protocol family */ c( "inet" ( /* Sampling parameters for IPv4 */ c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) ), "mpls" ( /* Sampling parameters for MPLS */ c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) ), "inet6" ( /* Sampling parameters for IPv6 */ c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) ) ) ) ) end rule(:sampling_instance_inet6_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_inet6_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_instance_inet6_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:packet_export_inline_instance) do c( "source-address" ( /* Address to use for generating monitored packets */ ipaddr /* Address to use for generating monitored packets */ ), "flow-export-rate" arg /* Flow export rate of monitored packets in kpps */ ) end rule(:sampling_instance_inet_global_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "file" ( /* Configure parameters for dumping sampled packets */ sc( ("disable"), "filename" arg /* Name of file to contain sampled packet dumps */, "files" arg /* Maximum number of sampled packet dump files */, "size" arg /* Maximum sample dump file size */, "world-readable" /* Allow any user to read the sampled dump */, "no-world-readable" /* Don't allow any user to read the sampled dump */, "stamp" /* Timestamp every packet in the dump */, "no-stamp" /* Don't timestamp every packet in the dump */ ) ).as(:oneline), "port-mirroring" ( /* Configure sending sampled traffic out through an interface */ inet_pm_family_output_type /* Configure sending sampled traffic out through an interface */ ), "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_sampling_inet_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version" ( /* Format of exported cflowd aggregates */ ("5" | "8" | "500") ) ) ) end rule(:sampling_instance_inet_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_inet_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_instance_inet_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version" ( /* Format of exported cflowd aggregates */ ("5" | "8") ) ) ) end rule(:sampling_instance_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) end rule(:sampling_instance_mpls_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_mpls_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ) ) end rule(:cflowd_instance_mpls_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:sampling_instance_vpls_output_type) do c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_vpls_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ) ) end rule(:cflowd_instance_vpls_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:sampling_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "file" ( /* Configure parameters for dumping sampled packets */ sc( ("disable"), "filename" arg /* Name of file to contain sampled packet dumps */, "files" arg /* Maximum number of sampled packet dump files */, "size" arg /* Maximum sample dump file size */, "world-readable" /* Allow any user to read the sampled dump */, "no-world-readable" /* Don't allow any user to read the sampled dump */, "stamp" /* Timestamp every packet in the dump */, "no-stamp" /* Don't timestamp every packet in the dump */ ) ).as(:oneline), "port-mirroring" ( /* Configure sending sampled traffic out through an interface */ inet_pm_family_output_type /* Configure sending sampled traffic out through an interface */ ), "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version" ( /* Format of exported cflowd aggregates */ ("5" | "8" | "500") ) ) ) end rule(:sampling_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) end rule(:satellite_bridge_filter) do arg.as(:arg) ( c( "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "source-mac-address" ( /* Match MAC source address */ firewall_mac_addr_object /* Match MAC source address */ ), "destination-mac-address" ( /* Match MAC destination address */ firewall_mac_addr_object /* Match MAC destination address */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "accept" /* Accept the packet */, "discard" /* Discard the packets */ ), "next-hop-group" arg /* Use specified next-hop group */ ) ) ) ) ) ) end rule(:satellite_policy_options) do c( "extended-ports-template" arg ( /* Extended ports template */ c( "pic" ( /* PIC attributes */ satellite_pic_type /* PIC attributes */ ) ) ), "port-group-alias" arg ( /* Port group alias */ c( "pic" arg ( /* Satellite PIC information */ c( "port" arg /* Port id or range or all */ ) ) ) ), "extended-ports-policy" arg ( /* Define a extended-ports-policy */ c( "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "extended-ports-template" arg /* Apply extended ports template to satellite matching conditions defined in this term */ ) ) ) ) ) ), "candidate-uplink-port-policy" arg ( /* Define a candidate uplink-port policy */ c( "uplink-port-group" arg /* Uplink port group alias name */, "minimum-links" arg /* Minimum child links to keep extended-ports UP */, "holddown" arg /* Time to hold down after uplink failure */, "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "uplink-port-group" arg /* Uplink port group alias name */, "minimum-links" arg /* Minimum child links to keep extended-ports UP */, "holddown" arg /* Time to hold down after uplink failure */ ) ) ) ) ) ), "environment-monitoring-policy" arg ( /* Define a environment monitoring policy */ c( "alarm" ( /* Policy default alarm policy */ c( "linkdown" ( /* Policy default linkdown alarm */ ("ignore" | "red" | "yellow") ) ) ), "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "alarm" ( /* Term alarm policy */ c( "linkdown" ( /* Set linkdown alarm */ ("ignore" | "red" | "yellow") ) ) ) ) ) ) ) ) ), "forwarding-policy" arg ( /* Define forwarding policy for extended ports */ c( "port-group-extended" ( /* Define a extend port group mapping */ port_extend_type /* Define a extend port group mapping */ ), "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "port-group-extended" ( /* Define a extend port group mapping */ port_extend_type /* Define a extend port group mapping */ ) ) ) ) ) ) ) ) end rule(:port_extend_type) do arg.as(:arg) ( c( "filter" arg /* Assign a filter for uplink selection */, "port-group-uplink" ( /* Define a uplink port group mapping */ c( arg /* Uplink port group alias name used for uplink pinning mode */, "minimum-links" arg /* Minimum child links to keep extended-ports UP */, "holddown" arg /* Time to hold down after uplink failure */ ) ), "mirror-ingress" ( /* Define a ingress port mirror */ c( "port-group-mirror" arg /* Mirror port group alias name for local port mirroring */ ) ), "mirror-egress" ( /* Define a egress port mirror */ c( "port-group-mirror" arg /* Mirror port group alias name for local port mirroring */ ) ) ) ) end rule(:satellite_pic_type) do arg.as(:arg) ( c( "port" ( /* Port number */ satellite_pic_port_attr /* Port number */ ), "port-range" ( /* Physical ports to channelize */ s( arg, arg, c( "channel-speed" ( /* Port channel speed */ ("10g" | "disable-auto-speed-detection") ) ) ) ) ) ) end rule(:satellite_pic_port_attr) do arg.as(:arg) ( c( "channel-speed" ( /* Port channel speed */ ("10g" | "disable-auto-speed-detection") ) ) ) end rule(:sbc_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" ( /* Tracing parameters */ c( "configuration" ( /* Trace configuration events */ ("trace" | "debug" | "info" | "warning" | "error") ), "ipc" ( /* Trace IPC events */ ("trace" | "debug" | "info" | "warning" | "error") ), "device-monitor" ( /* Trace device monitor events */ ("trace" | "debug" | "info" | "warning" | "error") ), "ui" ( /* Trace ui events */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Trace common events */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-pool" ( /* Trace memory-pool events */ ("trace" | "debug" | "info" | "warning" | "error") ), "packet-capture" ( /* Trace packet capture events */ ("trace" | "debug" | "info" | "warning" | "error") ), "all" ( /* Minimal trace level for all components */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ) ) end rule(:script_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("all" | "events" | "input" | "offline" | "output" | "rpc" | "xslt")) /* Tracing parameters */.as(:oneline) ) end rule(:scripts_type) do c( "commit" ( /* Commit-time scripting mechanism */ c( "allow-transients" /* Allow loading of transient configuration changes */, "traceoptions" ( /* Trace options for commit scripts */ script_traceoptions /* Trace options for commit scripts */ ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "max-datasize" arg /* Maximum data segment size for scripts execution */, "direct-access" /* Access the configuration directly from database */, "dampen" ( /* Dampen execution of commit scripts */ c( "dampen-options" ( /* Dampen options for commit scripts */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "file" ( /* Commit script file */ commit_scripts_file_type /* Commit script file */ ) ) ), "op" ( /* Operations scripting */ c( "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "traceoptions" ( /* Trace options for operation scripts */ script_traceoptions /* Trace options for operation scripts */ ), "file" ( /* Configuration for each operation script */ op_scripts_file_type /* Configuration for each operation script */ ), "no-allow-url" /* Do not allow the remote execution of op scripts */, "allow-url-for-python" /* Allow the remote execution of Python op scripts */, "max-datasize" arg /* Maximum data segment size for scripts execution */, "dampen" ( /* Dampen execution of op scripts */ c( "dampen-options" ( /* Dampen options for op scripts */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ) ) ), "snmp" ( /* Snmp scripts */ c( "refresh" /* Refresh all snmp scripts from their source */, "refresh-from" arg /* Refresh all snmp scripts from a given base URL */, "file" ( /* Configuration for each snmp script */ snmp_scripts_file_type /* Configuration for each snmp script */ ), "traceoptions" ( /* Trace options for snmp scripts */ script_traceoptions /* Trace options for snmp scripts */ ), "max-datasize" arg /* Maximum data segment size for scripts execution */ ) ), "translation" ( /* Translation scripts */ c( "max-datasize" arg /* Maximum data segment size for translation scripts execution */ ) ), "load-scripts-from-flash" /* Load scripts from flash */, "language" ( /* Allow/Disallow Python scripts on-box */ ("python") ), "synchronize" /* Push all scripts to other RE on commit synchronize */ ) end rule(:commit_scripts_file_type) do arg.as(:arg) ( c( "optional" /* Allow commit to succeed if the script is missing */, "source" arg /* URL of source for this script */, "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "checksum" ( /* Checksum of this script */ c( "md5" arg /* MD5 checksum of this script */, "sha1" arg /* SHA1 checksum of this script */, "sha-256" arg /* SHA-256 checksum of this script */ ) ) ) ) end rule(:op_scripts_file_type) do arg.as(:arg) ( c( "command" arg /* Command alias for the script file */, "dampen" ( /* Dampen execution of the script */ c( "dampen-options" ( /* Dampen options for the script */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "description" arg /* Description of the script */, "source" arg /* URL of source for this script */, "allow-commands" ( /* Regular expression for commands to allow explicitly */ regular_expression /* Regular expression for commands to allow explicitly */ ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "arguments" arg ( /* Command line argument to the script */ c( "description" arg /* Description of the argument */ ) ), "checksum" ( /* Checksum of this script */ c( "md5" arg /* MD5 checksum of this script */, "sha1" arg /* SHA1 checksum of this script */, "sha-256" arg /* SHA-256 checksum of this script */ ) ) ) ) end rule(:sdk_mgmtd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("service-infrastructure" | "routing-instance" | "config-handling" | "command-handling" | "cli-show-commands" | "all")) /* Area of daemon to enable debugging output */.as(:oneline) ) end rule(:sdk_vmmd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "configuration" | "ccif" | "pxe" | "platform" | "heartbeat" | "routing-instances" | "snmp" | "miscellaneous" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:sec_object) do c( "security-name" arg /* Specify v3 security-name */, "context" arg /* Specify context name associated to this security-name */ ) end rule(:securid_server_object) do arg.as(:arg) ( c( "configuration-file" arg /* Path to the SecurID server configuration (sdconf.rec) file */ ) ) end rule(:security_authentication_key_chains) do c( "key-chain" arg ( /* Key chain configuration */ c( "description" arg /* Text description of this authentication-key-chain */, "tolerance" arg /* Clock skew tolerance */, "key" arg ( /* Authentication element configuration */ c( "secret" arg /* Authentication key */, "start-time" ( /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ time /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ ), "algorithm" ( /* Authentication algorithm */ ("md5" | "hmac-sha-1") ), "options" ( /* Protocol's transmission encoding format */ ("basic" | "isis-enhanced") ) ) ) ) ) ) end rule(:security_dhcpv6_options_type) do c( "option-37" ( /* Configure DHCPv6 remote identifier option */ c( "prefix" ( /* Configure DHCPv6 remote identifier prefix */ c( "host-name" /* Prefix router host name to DHCPv6 remote identifier */, "logical-system-name" /* Prefix logical system name to DHCPv6 remote identifier */, "routing-instance-name" /* Prefix routing instance name to DHCPv6 remote identifier */, "vlan-name" /* Prefix vlan name to DHCPv6 remote identifier */, "vlan-id" /* Prefix vlan tag to DHCPv6 remote identifier */ ) ), "use-interface-mac" /* Add incoming interface's MAC address to DHCPv6 remote identifier */, "use-interface-index" ( /* Add interface index to DHCPv6 remote identifier */ ("logical" | "device") ), "use-interface-name" ( /* Add interface name to DHCPv6 remote identifier */ ("logical" | "device") ), "use-interface-description" ( /* Add interface description to DHCPv6 remote identifier */ ("logical" | "device") ), "use-string" arg /* Add custom string to DHCPv6 remote identifier */ ) ), "option-18" ( /* Configure DHCPv6 interface identifier option */ c( "prefix" ( /* Configure DHCPv6 interface identifier prefix */ c( "host-name" /* Prefix router host name to DHCPv6 interface identifier */, "logical-system-name" /* Prefix logical system name to DHCPv6 interface identifier */, "routing-instance-name" /* Prefix routing instance name to DHCPv6 interface identifier */, "vlan-name" /* Prefix vlan name to DHCPv6 interface identifier */, "vlan-id" /* Prefix vlan tag to DHCPv6 interface identifier */ ) ), "use-interface-mac" /* Add incoming interface's MAC address to DHCPv6 circuit identifier */, "use-interface-index" ( /* Add interface index to DHCPv6 interface identifier */ ("logical" | "device") ), "use-interface-name" ( /* Add interface name to DHCPv6 remote identifier */ ("logical" | "device") ), "use-interface-description" ( /* Add interface description to DHCPv6 interface identifier */ ("logical" | "device") ), "use-string" arg /* Add custom string to DHCPv6 interface identifier */ ) ), "option-16" ( /* Configure DHCPv6 vendor class identifier option. Overwrite if exists */ c( "use-string" arg /* Add custom string to DHCPv6 vendor identifier */ ) ) ) end rule(:security_group_vpn) do c( "member" ( /* Group VPN member configuration */ gvpn_member /* Group VPN member configuration */ ) ) end rule(:gvpn_member) do c( "ike" ( /* Group VPN IKE configuration */ gvpn_member_ike /* Group VPN IKE configuration */ ), "ipsec" ( /* Group VPN IPsec configuration */ gvpn_member_ipsec_vpn /* Group VPN IPsec configuration */ ) ) end rule(:gvpn_member_ike) do c( "traceoptions" ( /* Trace options for Group VPN Member */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("timer" | "routing-socket" | "parse" | "config" | "ike" | "policy-manager" | "general" | "database" | "certificates" | "snmp" | "thread" | "high-availability" | "next-hop-tunnels" | "all")) /* Tracing parameters */.as(:oneline), "gateway-filter" ( /* Set gateway filter for trace */ c( "local-address" ( /* Use an IP address to identify the local gateway */ ipv4addr /* Use an IP address to identify the local gateway */ ), "remote-address" ( /* Use an IP address to identify the remote gateway */ ipv4addr /* Use an IP address to identify the remote gateway */ ) ) ) ) ), "proposal" ( /* Define an IKE proposal */ gvpn_member_ike_proposal /* Define an IKE proposal */ ), "policy" ( /* Define an IKE policy */ gvpn_member_ike_policy /* Define an IKE policy */ ), "gateway" arg ( /* Define an IKE gateway */ c( "ike-policy" arg /* Name of the IKE policy */, "address" ( /* Addresses or hostnames of peer:1 primary, upto 4 backups */ hostname /* Addresses or hostnames of peer:1 primary, upto 4 backups */ ), "server-address" ( /* Server Addresses upto 4 */ ipv4addr /* Server Addresses upto 4 */ ), "local-identity" ( /* Set the local IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The local IPv4 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The local hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The local user-FQDN */ ) ), "distinguished-name" /* Use a distinguished name specified in local certificate */ ) ) ).as(:oneline), "local-address" ( /* Local IPv4 address for group member */ ipv4addr /* Local IPv4 address for group member */ ), "routing-instance" arg /* Name of routing instance that hosts local address */ ) ) ) end rule(:gvpn_member_ike_policy) do arg.as(:arg) ( c( "mode" ( /* Define the IKE mode for Phase 1 */ ("main" | "aggressive") ), "description" arg /* Text description of IKE policy */, "proposals" arg, "certificate" ( /* Certificate configuration */ c( "local-certificate" arg /* Local certificate identifier */, "trusted-ca" ( /* Specify the CA to use */ sc( c( arg /* Index of the preferred CA to use */, "use-all" /* Use all configured CAs */ ) ) ).as(:oneline), "peer-certificate-type" ( /* Preferred type of certificate from peer */ ("pkcs7" | "x509-signature") ) ) ), "proposal-set" ( /* Types of default IKE proposal-set */ ("basic" | "compatible" | "standard") ), "pre-shared-key" ( /* Define a preshared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) end rule(:gvpn_member_ike_proposal) do arg.as(:arg) ( c( "description" arg /* Text description of IKE proposal */, "authentication-method" ( /* Define authentication method */ ("pre-shared-keys" | "rsa-signatures" | "dsa-signatures") ), "dh-group" ( /* Define Diffie-Hellman group */ ("group1" | "group2" | "group5" | "group14") ), "authentication-algorithm" ( /* Define authentication algorithm */ ("md5" | "sha1" | "sha-256") ), "encryption-algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "lifetime-seconds" arg /* Lifetime, in seconds */ ) ) end rule(:gvpn_member_ipsec_vpn) do c( "vpn" ( /* Define an IPSec VPN */ ipsec_gvpn_member_template /* Define an IPSec VPN */ ) ) end rule(:ipsec_gvpn_member_template) do arg.as(:arg) ( c( "ike-gateway" arg /* Name of IKE gateway */, "group-vpn-external-interface" ( /* MPLS-facing interface used for Group VPN */ interface_name /* MPLS-facing interface used for Group VPN */ ), "group" arg /* Enable Group VPN by defining group id */, "heartbeat-threshold" arg /* Define heartbeat threshold for Group VPN */, "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output") ), "tunnel-mtu" arg /* Maximum transmit packet size */, "df-bit" ( /* Specifies how to handle the Don't Fragment bit */ ("clear" | "set" | "copy") ), "fail-open" ( /* List of fail open rules */ ipsec_gvpn_fail_open_rule_object /* List of fail open rules */ ) ) ) end rule(:ipsec_gvpn_fail_open_rule_object) do c( "rule" ( /* Define fail open rules upto 10 */ ipsec_gvpn_fail_open_rule_address_object /* Define fail open rules upto 10 */ ) ) end rule(:ipsec_gvpn_fail_open_rule_address_object) do arg.as(:arg) ( c( "source-address" ( /* Match IP source address */ ipsec_gvpn_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ ipsec_gvpn_addr_object /* Match IP destination address */ ) ) ) end rule(:ipsec_gvpn_addr_object) do c( ipv4prefix_only /* Prefix to match */ ) end rule(:security_ike) do c( "traceoptions" ( /* Trace options for IPSec key management */ security_traceoptions /* Trace options for IPSec key management */ ), "respond-bad-spi" ( /* Respond to IPSec packets with bad SPI values */ sc( arg ) ).as(:oneline), "proposal" ( /* Define an IKE proposal */ ike_proposal /* Define an IKE proposal */ ), "policy" ( /* Define an IKE policy */ ike_policy /* Define an IKE policy */ ), "gateway" arg ( /* Define an IKE gateway */ c( "ike-policy" arg /* Name of the IKE policy */, c( "address" ( /* Addresses or hostnames of peer:1 primary, upto 4 backups */ (arg) ), "dynamic" ( /* Site to site peer with dynamic IP address */ c( c( "distinguished-name" ( /* Use a distinguished name: */ c( "container" arg /* Specify the container string */, "wildcard" arg /* Specify the wildcard string */ ) ), "hostname" arg /* Use a fully-qualified domain name */, "inet" ( /* Use an IPV4 address to identify the dynamic peer */ ipv4addr /* Use an IPV4 address to identify the dynamic peer */ ), "inet6" ( /* Use an IPV6 address to identify the dynamic peer */ ipv6addr /* Use an IPV6 address to identify the dynamic peer */ ), "user-at-hostname" arg /* Use an e-mail address */ ), "connections-limit" arg /* Maximum number of users connected to gateway */, "ike-user-type" ( /* Type of the IKE ID */ ("group-ike-id" | "shared-ike-id") ) ) ) ), "dead-peer-detection" ( /* Enable RFC-3706 DPD */ c( "always-send" /* Send DPD messages periodically, regardless of traffic */, "interval" arg /* The interval at which to send DPD messages */, "threshold" arg /* Maximum number of DPD retransmissions */ ) ), "no-nat-traversal" /* Disable IPSec NAT traversal */, "nat-keepalive" arg /* Interval at which to send NAT keepalives */, "local-identity" ( /* Set the local IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The local IPv4 identity */ ) ), "inet6" ( /* Use an IPv6 address */ c( ipv6addr /* The local IPv6 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The local hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The local user-FQDN */ ) ), "distinguished-name" /* Use a distinguished name specified in local certificate */ ) ) ).as(:oneline), "remote-identity" ( /* Set the remote IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The remote IPv4 identity */ ) ), "inet6" ( /* Use an IPv6 address */ c( ipv6addr /* The remote IPv6 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The remote hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The remote user-FQDN */ ) ), "distinguished-name" ( /* Use a distinguished name: */ c( "container" arg /* Specify the container string */, "wildcard" arg /* Specify the wildcard string */ ) ) ) ) ).as(:oneline), "external-interface" ( /* External interface for IKE negotiations */ interface_unit /* External interface for IKE negotiations */ ), "xauth" ( /* Use extended authentication */ sc( "access-profile" arg /* Access profile that contains authentication information */ ) ).as(:oneline), "general-ikeid" /* Accept peer IKE-ID in general */, "version" ( /* Negotiate using either IKE v1 or IKE v2 protocol */ ("v1-only" | "v2-only") ) ) ) ) end rule(:ike_policy) do arg.as(:arg) ( c( "mode" ( /* Define the IKE first phase mode */ ("main" | "aggressive") ), "description" arg /* Text description of IKE policy */, "proposals" arg, "local-certificate" arg /* File to read certificate from */, "local-key-pair" arg /* File to read key-pair from */, "encoding" ( /* Encoding to use for certificate or CRL on disk */ ("binary" | "pem") ), "identity" arg /* Define the remote certificate name */, "pre-shared-key" ( /* Define a preshared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) end rule(:ike_proposal) do arg.as(:arg) ( c( "description" arg /* Text description of IKE proposal */, "authentication-method" ( /* Define authentication method */ ("pre-shared-keys" | "rsa-signatures" | "dsa-signatures") ), "dh-group" ( /* Define Diffie-Hellman group */ ("group1" | "group2" | "group5" | "group14" | "group19" | "group20") ), "authentication-algorithm" ( /* Define authentication algorithm */ ("md5" | "sha1" | "sha-256" | "sha-384") ), "encryption-algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "lifetime-seconds" arg /* Lifetime, in seconds */ ) ) end rule(:security_ipsec) do c( "proposal" ( /* Define an IPSec proposal */ ipsec_proposal /* Define an IPSec proposal */ ), "policy" ( /* Define an IPSec policy */ ipsec_policy /* Define an IPSec policy */ ), "security-association" ( /* Define an IPSec security association */ ipsec_sa /* Define an IPSec security association */ ), "internal" ( /* Define an IPSec SA for internal RE-RE communication */ c( "security-association" ( /* Define an IPSec security association */ ipsec_internal_sa /* Define an IPSec security association */ ) ) ), "trusted-channel" ( /* Define an IPSec SA for trusted-channel communication */ c( "security-association" ( /* Define an IPSec security association */ ipsec_trusted_channel_sa /* Define an IPSec security association */ ), "port-exclusion-list" arg /* Define port exlusion list */ ) ) ) end rule(:ipsec_internal_sa) do c( "description" arg /* Text description of internal security association */, "manual" ( /* Define a manual security association */ c( "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:ipsec_policy) do arg.as(:arg) ( c( "description" arg /* Text description of IPSec policy */, "perfect-forward-secrecy" ( /* Define perfect forward secrecy */ c( "keys" ( /* Define Diffie-Hellman group */ ("group1" | "group2" | "group5" | "group14" | "group19" | "group20") ) ) ), "proposals" arg, "proposal-set" ( /* Types of default IPSEC proposal-set */ ("basic" | "compatible" | "standard") ) ) ) end rule(:ipsec_proposal) do arg.as(:arg) ( c( "description" arg /* Text description of IPSec proposal */, "protocol" ( /* Define an IPSec protocol for the proposal */ ("ah" | "esp" | "bundle") ), "authentication-algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha-256-128" | "hmac-sha-256-96" | "hmac-sha2-256") ), "encryption-algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc" | "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm") ), "lifetime-seconds" arg /* Lifetime, in seconds */ ) ) end rule(:ipsec_sa) do arg.as(:arg) ( c( "description" arg /* Text description of security association */, "mode" ( /* Define security association mode */ ("transport" | "tunnel") ), c( "manual" ( /* Define a manual security association */ c( "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ), "dynamic" ( /* Define a dynamic security association */ c( "replay-window-size" ( /* Define replay protection window size */ ("32" | "64") ), "ipsec-policy" arg /* Name of the IPSec policy */ ) ) ) ) ) end rule(:ipsec_trusted_channel_sa) do c( "description" arg /* Text description of trusted channel security association */, "manual" ( /* Define a manual security association */ c( "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:security_macsec) do c( "traceoptions" ( /* Tracing options for debugging protocol operation */ macsec_trace_options /* Tracing options for debugging protocol operation */ ), "connectivity-association" arg ( /* Configure connectivity association properties */ c( "cipher-suite" ( /* Cipher suite to be used for encryption */ ("gcm-aes-128" | "gcm-aes-256" | "gcm-aes-xpn-128" | "gcm-aes-xpn-256") ), "security-mode" ( /* Connectivity association mode */ ("dynamic" | "static-sak" | "static-cak") ), "secure-channel" arg ( /* Configure secure channel properties */ c( "id" ( /* Secure channel identifier */ c( "mac-address" ( /* MAC addresses */ mac_addr /* MAC addresses */ ), "port-id" arg /* Port identifier */ ) ), "direction" ( /* Secure channel direction */ ("inbound" | "outbound") ), "encryption" /* Enable Encryption */, "offset" ( /* Confidentiality offset */ ("0" | "30" | "50") ), "include-sci" /* Include secure channel identifier in MAC Security PDU */, "security-association" arg ( /* Security association */ c( "key" arg /* Security association key in hexadecimal format of length 32 */ ) ) ) ), "mka" ( /* Configure MAC Security Key Agreement protocol properties */ c( "transmit-interval" arg /* Configure MKA periodic transmit interval */, "key-server-priority" arg /* Configure MKA key server priority */, "must-secure" /* Allow only secure dot1x traffic */ ) ), "replay-protect" ( /* Configure replay protection */ c( "replay-window-size" arg /* Configure replay protection window size */ ) ), "no-encryption" /* Disable encryption */, "offset" ( /* Confidentiality offset */ ("0" | "30" | "50") ), "include-sci" /* Include secure channel identifier in MAC Security PDU */, "pre-shared-key" ( /* Configure pre-shared connectivity association key */ c( "ckn" arg /* Connectivity association key name in hexadecimal format */, "cak" arg /* Connectivity association key in hexadecimal format (max_length = 64) */ ) ), "exclude-protocol" enum(("cdp" | "lldp" | "lacp")) /* Configure protocols to exclude from MAC Security */.as(:oneline) ) ), "interfaces" arg ( /* Interfaces on which macsec configuration is applied */ c( "connectivity-association" arg /* Connectivity association name */, "traceoptions" ( /* Tracing options of MKA protocol */ mka_trace_options /* Tracing options of MKA protocol */ ) ) ), "cluster-control-port" arg ( /* Cluster control port on which macsec configuration is applied */ c( "connectivity-association" arg /* Connectivity association name */, "traceoptions" ( /* Tracing options of MKA protocol */ mka_trace_options /* Tracing options of MKA protocol */ ) ) ), "cluster-data-port" arg ( /* Cluster data port on which macsec configuration is applied */ c( "connectivity-association" arg /* Connectivity association name */, "traceoptions" ( /* Tracing options of MKA protocol */ mka_trace_options /* Tracing options of MKA protocol */ ) ) ) ) end rule(:macsec_trace_options) do c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("config" | "debug" | "normal" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:mka_trace_options) do c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("mka-packets" | "state" | "to-secy" | "keys" | "normal" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:security_model_access) do enum(("any" | "usm" | "v1" | "v2c")).as(:arg) ( c( "security-level" enum(("none" | "authentication" | "privacy")) ( /* Security level access configuration */ c( "context-match" ( /* Type of match to perform on context-prefix */ ("exact" | "prefix") ), "read-view" arg /* View used for read access */, "write-view" arg /* View used for write access */, "notify-view" arg /* View used to notifications */ ) ) ) ) end rule(:security_option_82_type) do c( "circuit-id" ( /* Configure DHCP option 82 circuit id */ c( "prefix" ( /* Configure DHCP option 82 circuit id prefix */ c( "host-name" /* Add router host name to DHCP option-82 circuit id */, "logical-system-name" /* Add logical system name to DHCP option-82 circuit id */, "routing-instance-name" /* Add routing instance name to DHCP option-82 circuit id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */ ) ), "remote-id" ( /* Configure DHCP option 82 remote id */ c( "host-name" /* Add router host name to DHCP option-82 remote id */, "use-interface-description" ( /* Use interface description instead of interface name */ ("logical" | "device") ), "use-string" arg /* Use raw string instead of the default remote id */, "mac" /* Add chassis MAC Address to DHCP option-82 remote id */ ) ), "vendor-id" ( /* Configure DHCP option 82 vendor id */ c( "use-string" arg /* Use raw string instead of the default vendor id */ ) ) ) end rule(:security_pki) do c( "ca-profile" arg ( /* Certificate authority profile configuration */ c( "ca-identity" arg /* Certificate authority identifier */, "source-address" ( /* Use specified address as source address */ ipv4addr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */, "enrollment" ( /* Enrollment parameters for certificate authority */ c( "url" arg /* Enrollment URL of certificate authority */, "retry" arg /* Number of enrollment retry attempts before aborting */, "retry-interval" arg /* Interval in seconds between the enrollment retries */ ) ), "revocation-check" ( /* Method for checking certificate revocations */ c( c( "use-crl" /* Use CRL for revocation check */, "use-ocsp" /* Use OCSP for revocation check */, "disable" /* Disable revocation check */ ), "ocsp" ( /* Online Cerificate Status Protocol (OCSP) configuration */ c( "url" arg, "nonce-payload" ( /* Include Nonce payload in OCSP requests */ ("enable" | "disable") ), "disable-responder-revocation-check" /* Disable OCSP responder certificate revocation check */, "accept-unknown-status" /* Accept certificates with unknown status */, "connection-failure" ( /* Actions on failure to connect to OCSP Responder */ c( c( "fallback-crl" /* Use CRL for revocation check */, "disable" /* Disable OCSP check on connection failure */ ) ) ) ) ), "crl" ( /* Certificate revocation list configuration */ c( "disable" ( sc( "on-download-failure" /* Check revocation status with existing CRL file if present, otherwise skip. This feature must be enabled for manual CRL download. */ ) ).as(:oneline), "url" arg ( c( "password" ( /* Password for authentication with the server */ unreadable /* Password for authentication with the server */ ) ) ), "refresh-interval" arg /* CRL refresh interval */ ) ) ) ), "administrator" ( /* Administrator information */ c( "email-address" arg /* Administrator e-mail to which to send certificate requests */ ) ) ) ), "auto-re-enrollment" ( /* Auto re-enroll of certificate */ c( "cmpv2" ( /* CMPv2 auto re-enrollment configuration */ c( "certificate-id" arg ( /* CMPv2 auto re-enrollment configuration for certificate-id */ c( "ca-profile-name" arg /* Name of certificate authority profile */, "re-enroll-trigger-time-percentage" arg /* Re-enrollment trigger time before expiration as percentage */, "re-generate-keypair" /* Generate new key-pair for auto-re-enrollment */ ) ) ) ), "scep" ( /* SCEP auto re-enrollment configuration */ c( "certificate-id" arg ( /* SCEP auto re-enrollment configuration for certificate-id */ c( "ca-profile-name" arg /* Name of certificate authority profile */, "re-generate-keypair" /* Generate new key-pair for auto-re-enrollment */, "re-enroll-trigger-time-percentage" arg /* Re-enrollment trigger time before expiration as percentage */, "challenge-password" ( /* Password used by CA for enrollment and revocation */ unreadable /* Password used by CA for enrollment and revocation */ ), "scep-encryption-algorithm" ( /* SCEP encryption algorithm */ c( c( "des" /* Use DES as SCEP encryption algorithm */, "des3" /* Use DES3 as SCEP encryption algorithm */ ) ) ), "scep-digest-algorithm" ( /* SCEP digest algorithm */ c( c( "md5" /* Use MD5 as SCEP digest algorithm */, "sha1" /* Use SHA1 as SCEP digest algorithm */ ) ) ) ) ) ) ), "certificate-id" arg ( /* Auto re-enrollment configuration for certificate-id */ c( "ca-profile-name" arg /* Name of certificate authority profile */, "re-generate-keypair" /* Generate new key-pair for auto-re-enrollment */, "re-enroll-trigger-time-percentage" arg /* Re-enrollment trigger time before expiration as percentage */, "challenge-password" ( /* Password used by CA for enrollment and revocation */ unreadable /* Password used by CA for enrollment and revocation */ ), "scep-encryption-algorithm" ( /* SCEP encryption algorithm */ c( c( "des" /* Use DES as SCEP encryption algorithm */, "des3" /* Use DES3 as SCEP encryption algorithm */ ) ) ), "scep-digest-algorithm" ( /* SCEP digest algorithm */ c( c( "md5" /* Use MD5 as SCEP digest algorithm */, "sha1" /* Use SHA1 as SCEP digest algorithm */ ) ) ), "validity-period" arg /* Certificate validity period in days from enrollment start date */ ) ) ) ), "traceoptions" ( /* PKI trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("certificate-verification" | "online-crl-check" | "enrollment" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:security_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "rate-limit" arg /* Limit the incoming rate of trace messages */, "filter" ( /* Filter parameters for IKE traceoptions */ c( "fpc" arg /* FPC slot number */, "pic" arg /* PIC slot number */ ) ), "flag" enum(("timer" | "routing-socket" | "parse" | "config" | "ike" | "policy-manager" | "general" | "database" | "certificates" | "snmp" | "thread" | "high-availability" | "next-hop-tunnels" | "all" | "ams" | "lic")) /* Tracing parameters */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) end rule(:server_bulk_leasequery_type) do c( "max-connections" arg /* Max TCP connections allowed at a time */, "timeout" arg /* Timeout for blocked connection */, "max-empty-replies" arg /* Maximum number of empty replies for a connection */, "restricted-requestor" /* Allow bulk leasequery only from restricted requestors */ ) end rule(:server_group_type) do c( c( arg /* IP Address of one or more DHCP servers */ ) ) end rule(:server_leasequery_type) do c( "restricted-requestor" /* Allow leasequery only from restricted requestors */ ) end rule(:server_v6_option_ascii_hex) do c( "ascii" arg /* ASCII string */, "hexadecimal" arg /* Hexadecimal string */ ) end rule(:service_device_pool_object) do arg.as(:arg) ( c( "interface" arg /* Service device name */ ) ) end rule(:service_interface_pool_object) do arg.as(:arg) ( c( "interface" arg /* Service interface name */ ) ) end rule(:service_point_type) do arg.as(:arg) ( c( "service-point-type" ( /* Service point type */ ("sip") ), "transport-details" ( /* IP address, port number and transport-protocols for the service-point */ sc( "port-number" arg /* Port number */, "ip-address" ( /* IP address */ ipaddr /* IP address */ ), "tcp" /* Transport protocol - TCP */, "udp" /* Transport protocol - UDP */, "fqdn" arg /* Fully Qualified Domain Name */ ) ).as(:oneline), "service-interface" ( /* Associated service interface */ interface_unit /* Associated service interface */ ), "service-policies" ( service_policies_type ), "default-media-realm" arg /* Use this realm for allocating media resources for calls initiated to/from this service-point */ ) ) end rule(:service_policies_type) do c( "new-transaction-input-policies" arg /* New transaction input policy name */, "new-transaction-output-policies" arg /* New transaction output policy name */, "new-registration-input-policies" arg /* New registration input policy name */, "new-call-usage-input-policies" arg /* New call usage input policy name */, "new-call-usage-output-policies" arg /* New call usage output policy name */ ) end rule(:service_set_ipsec_vpn_options_object) do c( "trusted-ca" arg /* List of trusted certificate authority profiles */, "local-gateway" ( /* Address and routing instance for local gateway */ sc( ipaddr /* Local gateway address */, "routing-instance" arg /* Name of routing instance that hosts local gateway */, "interface" ( /* Interface as local gateway */ interface_unit /* Interface as local gateway */ ), "gw-interface" ( /* Interface as local gateway */ interface_unit /* Interface as local gateway */ ) ) ).as(:oneline), "ike-access-profile" arg /* IKE access profile for dynamic peers */, "passive-mode-tunneling" /* No active IP packet checks before IPSec encapsulation */, "clear-dont-fragment-bit" /* Clear the do not fragment bit */, "copy-dont-fragment-bit" /* Copy the do not fragment bit */, "set-dont-fragment-bit" /* Set the do not fragment bit */, "tunnel-mtu" arg /* Maximum transmit packet size */, "no-anti-replay" /* Disable the anti-replay check */, "anti-replay-window-size" arg /* Size of the anti-replay window */, "udp-encapsulate" ( /* UDP encapsulation of IPsec data traffic */ sc( "dest-port" arg /* UDP destination port */ ) ).as(:oneline) ) end rule(:service_set_syslog_object) do c( "host" arg ( c( sc( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ) ).as(:oneline), "facility-override" ( /* Alternate facility for logging to remote host */ ("authorization" | "daemon" | "ftp" | "kernel" | "user" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7") ), "log-prefix" arg /* Prefix for all logging to this host */, "port" arg /* UDP port for syslogd on the host */, "class" ( /* Syslog messages classes */ c( "session-logs" ( /* Allow syslog messages for session events */ c( "open" /* Allow syslog messages for session open events */, "close" /* Allow syslog messages for session close events */ ) ), "packet-logs" /* Allow syslog messages for packet related events */, "stateful-firewall-logs" /* Allow syslog messages for stateful firewall events */, "alg-logs" /* Allow syslog messages for ALG events */, "nat-logs" /* Allow syslog messages for NAT events */, "ids-logs" /* Allow syslog messages for IDS events */, "pcp-logs" ( /* PCP logs */ sc( "map" /* Allow syslog messages for PCP */, "debug" /* Allow PCP debug syslogs */ ) ).as(:oneline), "ha-logs" ( /* Stateful high availability logs */ c( "open-synchronized" /* Allow syslog message for session open events */, "close-synchronized" /* Allow syslog message for session close events */ ) ) ) ), "source-address" ( /* Use specified address as source address */ ipv4addr /* Use specified address as source address */ ) ) ), "message-rate-limit" arg /* Maximum syslog messages per second allowed from this interface. Applies per member if set at aggregate level */ ) end rule(:services_ike) do c( "proposal" ( /* Define an IKE proposal */ ike_proposal /* Define an IKE proposal */ ), "policy" ( /* Define an IKE policy */ svc_ike_policy /* Define an IKE policy */ ) ) end rule(:services_ipsec) do c( "proposal" ( /* Define an IPSec proposal */ ipsec_proposal /* Define an IPSec proposal */ ), "policy" ( /* Define an IPSec policy */ ipsec_policy /* Define an IPSec policy */ ) ) end rule(:services_pcef) do c( "traceoptions" ( /* Trace options related to PCEF */ pcef_traceoptions /* Trace options related to PCEF */ ), "event-trigger-profiles" ( /* Event trigger profiles */ c( evt_trigger_profile ) ), "flow-descriptions" ( /* PCC flow descriptions */ c( pcc_flow ) ), "pcc-action-profiles" ( /* PCC action profiles */ c( pcc_action_profile ) ), "pcc-rules" ( /* PCC rules */ c( pcc_rule ) ), "pcc-rulebases" ( /* PCC rulebases */ c( pcc_rulebase ) ), "profile" ( /* PCEF profiles */ c( pcef_profiles ) ) ) end rule(:evt_trigger_profile) do arg.as(:arg) ( c( "rat-change" /* RAT change trigger */, "sgsn-change" /* SGSN change trigger */, "plmn-change" /* PLMN change trigger */, "ip-can-change" /* IP-CAN change trigger */, "tft-change" /* TFT change trigger */, "rai-change" /* RAI change trigger */, "user-location-change" /* User location change */, "ue-timezone-change" /* UE timezone change */ ) ) end rule(:pcc_action_profile) do arg.as(:arg) ( c( "logging-rule" arg /* Policy based logging rule name */, "maximum-bit-rate" ( /* Maximum bit rate */ sc( "uplink" arg /* Maximum bit rate uplink */, "downlink" arg /* Maximum bit rate downlink */ ) ).as(:oneline), "burst-size" ( /* Burst Size */ c( "uplink" arg /* Burst size uplink */, "downlink" arg /* Burst size downlink */ ) ), "gate-status" ( /* Control gate status */ ("uplink" | "downlink" | "uplink-downlink" | "disable-both") ), "charging" ( /* Charing related configuration */ c( "rating-group" arg /* Rating group */, "service-identifier" arg /* Service identifier */, "charging-method" ( /* Charging method */ ("online" | "offline" | "both" | "none") ), "measurement-method" ( /* Charging measure method */ ("none" | "volume" | "time" | "volume-time" | "event") ), "application-function-record-info" ( /* Application function record information */ c( "af-charging-identifier" arg /* Application function charging identifier */ ) ), "service-id-level-reporting" /* Toggle service-id level reporting */ ) ), "redirect" ( /* Redirect to different destination */ c( "url" arg /* Redirect url name */ ) ), "forwarding-class" ( /* Classify packet to forwarding class */ c( arg /* Forwarding class name */ ) ), "steering" ( /* Steering information */ c( "routing-instance" ( /* Routing instance information */ sc( "uplink" arg /* Instance name uplink */, "downlink" arg /* Instance name downlink */ ) ).as(:oneline), "path" ( /* HTTP steering information */ sc( c( "ipv4-address" ( /* IPv4 address of the steering destination */ ipv4prefix /* IPv4 address of the steering destination */ ), "ipv6-address" ( /* IPv6 address of the steering destination */ ipv6prefix /* IPv6 address of the steering destination */ ) ) ) ).as(:oneline), "keep-existing-steering" /* Keep existing steering */ ) ), "hcm-profile" ( /* HCM Profile */ c( arg /* HCM Profile Name */ ) ), "monitoring-key" arg /* Usage Monitoring key */ ) ) end rule(:pcc_flow) do arg.as(:arg) ( c( "direction" ( /* PCC flow direction */ ("downlink" | "uplink" | "both") ), "protocol" arg /* PCC flow IPv4 protocol */, "local-ports" arg /* Local port or port list */, "local-port-range" ( /* Local port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline), "remote-ports" arg /* Remote port or port list */, "remote-port-range" ( /* Remote port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline), "remote-address" ( /* Remote address */ sc( c( "ipv4-address" ( /* IPv4 address for the flow */ ipv4prefix /* IPv4 address for the flow */ ), "ipv6-address" ( /* IPv6 address for the flow */ ipv6prefix /* IPv6 address for the flow */ ) ) ) ).as(:oneline) ) ) end rule(:pcc_rule) do arg.as(:arg) ( c( "from" ( /* Aggregate of flows using same pcc-action-profile */ c( "flows" arg /* Associate PCC Flows */, "applications" arg /* Associated application signature names */, "nested-applications" arg /* Associated nested application signature names */, "application-groups" arg /* Application Group signature names */ ) ), "then" ( /* Specified pcc-action-profile */ c( "pcc-action-profile" arg /* PCC Action profile name */ ) ) ) ) end rule(:pcc_rulebase) do arg.as(:arg) ( c( "pcc-rule" arg ( sc( "precedence" arg /* PCC rule precedence */ ) ).as(:oneline) ) ) end rule(:pcef_profiles) do arg.as(:arg) ( c( "control-byte-rating-group" arg /* Rating group id */, "unresolved-flow-action" ( /* Flow action */ ("forward" | "drop") ), "maximum-per-pdn-service-flows" ( /* Max service flows per PDN */ sc( arg /* Value */ ) ).as(:oneline), "dynamic-policy-control" ( /* Dynamic policy control */ c( "pcc-rules" ( /* PCC rules association */ c( profile_rule_assoc ) ), "pcc-rulebases" arg /* PCC rulebase association */, "diameter-profile" arg /* Diameter profile name */, "event-trigger-profile" arg /* Event trigger profile name */, "session-failover-not-supported" /* Session failover not supported */, "release" ( /* To override Gx release to R8|R9 */ ("r8" | "r9") ) ) ), "static-policy-control" ( /* Static policy control */ c( "pcc-rules" ( /* PCC rules association */ c( profile_static_rule_association ) ), "pcc-rulebases" arg ( /* PCC rulebase association */ c( "time-of-day-profile" arg /* Time of day profile name */ ) ), "activate-dedicated-bearers" arg /* Enable dedicated bearer activation on initial attach with qci */ ) ), "aaa-policy-control" ( /* AAA policy control */ c( "profile" arg /* AAA profile name */, "user-password" arg /* User password */, "pcc-rulebases" arg /* PCC rulebase association */ ) ) ) ) end rule(:pcef_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "general" | "high-availability" | "debug" | "fsm" | "tftmgr" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:profile_rule_assoc) do arg.as(:arg) ( c( "precedence" arg /* PCC rule precedence */ ) ).as(:oneline) end rule(:profile_static_rule_association) do arg.as(:arg) ( c( "precedence" arg /* PCC rule precedence */, "time-of-day-profile" arg /* Time of day profile name */, "pcc-action-profile" ( /* PCC action profile association */ sc( arg ) ).as(:oneline) ) ).as(:oneline) end rule(:sfw_addr_object) do ("any-unicast" | "any-ipv4" | "any-ipv6" | arg).as(:arg) ( c( "except" /* Match address not in this prefix */ ) ).as(:oneline) end rule(:sfw_match_object) do c( "source-address" ( /* Match IP source address */ sfw_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ sfw_addr_object /* Match IP destination address */ ), "destination-port" ( c( c( "range" ( /* Range of ports */ sc( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline) ) ) ), "source-address-range" ( /* Match IP source address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "source-prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "applications" arg /* Match one or more applications */, "application-sets" arg /* Match one or more application sets */ ) end rule(:sfw_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define a stateful firewall term */ c( "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "reject" /* Reject the packet */ ), "allow-ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "syslog" /* System log information about the packet */, "skip-ids" /* No IDS processing will be done on a matching packet */ ) ) ) ) ) ) end rule(:sgw_config_gtp) do c( "peer-history" arg /* Maximum number of peer stats stored in history */, "interface" ( /* Interface name used for all 3GPP interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP GTP control plane options */ c( "interface" ( /* Interface name used for all 3GPP control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */, "ddn-delay-sync" ( /* Enable/disable downlink data notification delay sync */ ("enable" | "disable") ), "no-response-cache" /* Disable GTP response cache */, "response-cache-timeout" arg /* GTP response cache timeout interval */, "no-piggyback-support" /* Disable GTPv2 piggyback support */ ) ), "data" ( /* Configure 3GPP GTP data plane options */ c( "interface" ( /* Interface name used for all 3GPP data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "num-gtpu-end-markers" arg /* Number of GTPU end marker pkts to be sent. range:1..10 */, "indirect-tunnel" ( /* Enable/disable indirect tunnel */ ("enable" | "disable") ), "error-indication-interval" arg /* Error indication transmit interval per bearer */ ) ), "s1u" ( /* Configure 3GPP S1U interface */ c( "interface" ( /* Interface name used for S1U data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ), "s11" ( /* Configure 3GPP S11 interface */ c( "interface" ( /* Interface name used for S11 control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "s12" ( /* Configure 3GPP S12 interface */ c( "interface" ( /* Interface name used for S12 data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ), "s4" ( /* Configure 3GPP S4 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ) ) ), "s5" ( /* Configure 3GPP S5 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ) ) ), "s8" ( /* Configure 3GPP S8 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ) ) ), "traceoptions" ( /* Configure trace options */ gtp_traceoptions /* Configure trace options */ ) ) end rule(:sgw_idle_mode_buffering) do c( "disable" /* Disable idle mode buffering */, "expire-timer" arg /* Expire timer */ ) end rule(:signaling_realm) do arg.as(:arg) end rule(:sip_timers_type) do c( "inactive-call" arg /* Maximum time for signaling inactivity */, "timer-c" arg /* Maximum time to wait for final response on invite */ ) end rule(:sm_ippool_pool) do arg.as(:arg) ( c( "service-mode" ( /* Service mode */ ("maintenance") ), "family" ( /* Address family */ c( c( "inet" ( /* IPv4 address pool configuration */ c( "network" arg ( /* Specify IPv4 network prefix */ c( "external-assigned" /* Assigned by an external authority */, "allocation-prefix-length" arg /* Size of address allocation block */, "range" arg ( /* Specify ranges within the prefix */ c( "low" ( /* Lower limit of the range */ ipv4addr /* Lower limit of the range */ ), "high" ( /* Upper limit of the range */ ipv4addr /* Upper limit of the range */ ), "external-assigned" /* Assigned by an external authority */ ) ) ) ) ) ), "inet6" ( /* IPv6 address pool configuration */ c( "network" arg ( /* Specify IPv6 network prefix */ c( "external-assigned" /* Assigned by an external authority */, "allocation-prefix-length" arg /* Size of address allocation block */, "range" arg ( /* Specify ranges within the prefix */ c( "low" ( /* Lower limit of the range */ ipv6prefix_only /* Lower limit of the range */ ), "high" ( /* Upper limit of the range */ ipv6prefix_only /* Upper limit of the range */ ), "external-assigned" /* Addresses in this range are assigned to the client by an external authority */ ) ) ) ) ) ) ) ) ), "ageing-window" arg /* Time in sec when the address should not be re-used */, "pool-prefetch-threshold" arg /* Pool usage threshold to prefetch more addresses */, "pool-snmp-trap-threshold" arg /* Pool usage threshold to generate SNMP trap */, "default-pool" /* Pool usage as one of default pools or APN(s) specific */ ) ) end rule(:smid_type) do c( "traceoptions" ( /* Subscriber management trace options */ smid_traceoptions_type /* Subscriber management trace options */ ), "maintain-subscriber" ( /* Options to maintain subscriber */ smid_maintain_subscriber_type /* Options to maintain subscriber */ ), "gres-route-flush-delay" /* Delay flushing routes after RE switchover */, "enforce-strict-scale-limit-license" /* Options to enforce strict scale limit license */, "overrides" ( /* Subscriber management configuration */ c( "no-unsolicited-ra" /* Disable all unsolicited router advertisement packets */, "shmlog" ( /* Subscriber management shmlog configuration */ c( "disable" /* Disable shmlogs */, "filtering" ( /* Subscriber management shmlog filtering */ c( "enable" /* Enable shmlog filtering */ ) ), "file" ( sc( arg, "size" arg /* Maximum file size */, "files" arg /* Maximum number of files */ ) ).as(:oneline), "log-name" (arg | "all") ( /* The log name(s) to override */ c( c( "none" /* Shmlog verbosity null */, "terse" /* Shmlog verbosity terse */, "brief" /* Shmlog verbosity brief */, "detail" /* Shmlog verbosity detail */, "extensive" /* Shmlog verbosity extensive */ ), c( "file-logging" /* Enable file write for the log(s) */, "no-file-logging" /* Disable file write for the log(s) */ ) ) ), "log-type" enum(("debug" | "info" | "notice")) ( /* The log type to override */ c( c( "none" /* Shmlog verbosity null */, "terse" /* Shmlog verbosity terse */, "brief" /* Shmlog verbosity brief */, "detail" /* Shmlog verbosity detail */, "extensive" /* Shmlog verbosity extensive */ ), c( "file-logging" /* Enable file write for the log(s) */, "no-file-logging" /* Disable file write for the log(s) */ ) ) ) ) ) ) ), "enable" /* Enable subscriber management features */ ) end rule(:smid_maintain_subscriber_type) do c( "interface-delete" /* Maintain subscriber on interface delete events */ ) end rule(:smid_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("database" | "ui" | "general" | "session-db" | "server" | "issu" | "all")) /* Subscriber management replication operations to include in debugging trace */.as(:oneline) ) end rule(:smihelperd_type) do c( "traceoptions" ( /* Subscriber management helper trace options */ smihelperd_traceoptions_type /* Subscriber management helper trace options */ ) ) end rule(:smihelperd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("sdb" | "general" | "ui" | "snmp" | "all")) /* Subscriber management replication operations to include in debugging trace */.as(:oneline) ) end rule(:smpl_analyzer_type) do arg.as(:arg) ( c( "input" ( /* Ports and VLANs to monitor */ smpl_analyzer_input_type /* Ports and VLANs to monitor */ ), "output" ( /* Outgoing port or VLAN for mirrored packets */ smpl_analyzer_output_type /* Outgoing port or VLAN for mirrored packets */ ) ) ) end rule(:smpl_analyzer_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "maximum-packet-length" arg /* Maximum length of the mirrored packet */, "ingress" ( /* Ports and VLANs to monitor incoming traffic */ smpl_analyzer_ingress_type /* Ports and VLANs to monitor incoming traffic */ ), "egress" ( /* Ports and VLANs to monitor outgoing traffic */ smpl_analyzer_egress_type /* Ports and VLANs to monitor outgoing traffic */ ) ) end rule(:smpl_analyzer_egress_type) do c( "interface" ( /* Port to monitor outgoing traffic */ analyzer_egress_interface_type /* Port to monitor outgoing traffic */ ), "routing-instance" ( /* Routing instances */ analyzer_egress_routing_instance_type /* Routing instances */ ), "vlan" ( /* VLAN to monitor outgoing traffic */ analyzer_egress_vlan_type /* VLAN to monitor outgoing traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor outgoing traffic */ analyzer_egress_bridge_domain_type /* Bridge-domain to monitor outgoing traffic */ ) ) end rule(:analyzer_egress_bridge_domain_type) do arg.as(:arg) end rule(:analyzer_egress_interface_type) do (arg | "all").as(:arg) end rule(:analyzer_egress_routing_instance_type) do arg.as(:arg) ( c( "vlan" ( /* VLAN to monitor outgoing traffic */ analyzer_egress_vlan_type /* VLAN to monitor outgoing traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor outgoing traffic */ analyzer_egress_bridge_domain_type /* Bridge-domain to monitor outgoing traffic */ ) ) ) end rule(:analyzer_egress_vlan_type) do arg.as(:arg) end rule(:smpl_analyzer_ingress_type) do c( "interface" ( /* Port to monitor incoming traffic */ analyzer_ingress_interface_type /* Port to monitor incoming traffic */ ), "routing-instance" ( /* Routing instances */ analyzer_ingress_routing_instance_type /* Routing instances */ ), "vlan" ( /* VLAN to monitor incoming traffic */ analyzer_ingress_vlan_type /* VLAN to monitor incoming traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor incoming traffic */ analyzer_ingress_bridge_domain_type /* Bridge-domain to monitor incoming traffic */ ) ) end rule(:analyzer_ingress_bridge_domain_type) do arg.as(:arg) end rule(:analyzer_ingress_interface_type) do (arg | "all").as(:arg) end rule(:analyzer_ingress_routing_instance_type) do arg.as(:arg) ( c( "vlan" ( /* VLAN to monitor incoming traffic */ analyzer_ingress_vlan_type /* VLAN to monitor incoming traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor incoming traffic */ analyzer_ingress_bridge_domain_type /* Bridge-domain to monitor incoming traffic */ ) ) ) end rule(:analyzer_ingress_vlan_type) do arg.as(:arg) end rule(:smpl_analyzer_output_type) do c( c( "interface" ( /* Outgoing port for mirrored packets */ interface_name /* Outgoing port for mirrored packets */ ), "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */, "routing-instance" ( /* Routing instances */ output_routing_instance_type /* Routing instances */ ), "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ) ) end rule(:output_routing_instance_type) do arg.as(:arg) ( c( "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ), "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ) ) end rule(:snmp_scripts_file_type) do arg.as(:arg) ( c( "oid" arg ( /* Oid implemented by this script */ c( "priority" arg /* Registration priority */ ) ), "source" arg /* URL of source for this script */, "python-script-user" arg /* Run the python snmp script with privileges of user */, "refresh" /* Refresh all snmp scripts from their source */, "refresh-from" arg /* Refresh all snmp scripts from a given base URL */, "checksum" ( /* Checksum of this script */ c( "md5" arg /* MD5 checksum of this script */, "sha1" arg /* SHA1 checksum of this script */, "sha-256" arg /* SHA-256 checksum of this script */ ) ) ) ) end rule(:soft_gre_tunnel_group_object) do arg.as(:arg) ( c( "source-address" ( /* Local address of tunnel */ ipaddr /* Local address of tunnel */ ), "destination-networks" ( /* Create tunnels for routes in these destination networks */ soft_gre_destination_network_object /* Create tunnels for routes in these destination networks */ ), "service-interface" ( /* Pseudowire interface to use */ interface_unit /* Pseudowire interface to use */ ), "tunnel-idle-timeout" arg /* Time to tear down tunnel when idle */, "dynamic-profile" arg /* Dynamic profile for tunnel interface */ ) ) end rule(:soft_gre_destination_network_object) do arg.as(:arg) end rule(:software_datapath_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("ager" | "commands" | "configuration" | "flow" | "init" | "ipv6-router-advertisement" | "memory" | "redundancy" | "reassembly" | "buffering" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:sonet_options_type) do c( "vtmapping" ( /* VT mapping mode */ ("klm" | "itu-t") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "path-trace" arg /* Path trace string */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "trigger" ( /* Defect triggers */ c( "lol" ( /* LOL defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "pll" ( /* PLL defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "lof" ( /* LOF defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "los" ( /* LOS defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "ais-l" ( /* AIS-L defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "rfi-l" ( /* RFI-L defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "ber-sd" ( /* BER-SD defect trigger */ c( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ), "ber-sf" ( /* BER-SF defect trigger */ c( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ), "ais-p" ( /* AIS-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "lop-p" ( /* LOP-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "rfi-p" ( /* RFI-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "uneq-p" ( /* UNEQ-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "plm-p" ( /* PLM-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "locd" ( /* LOCD defect trigger (ATM only) */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "lcdp" ( /* LCD-P defect trigger (Ethernet WAN only) */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline) ) ), "aps" ( /* Automatic Protection Switching */ aps_type /* Automatic Protection Switching */ ), c( "payload-scrambler" ( /* Enable payload scrambling */ sc( arg ) ).as(:oneline), "no-payload-scrambler" /* Do not enable payload scrambling */ ), "z0-increment" /* Increment Z0 in SDH mode */, "no-z0-increment" /* Don't increment Z0 in SDH mode */, "loop-timing" /* Set loop timing for STM-1 */, "no-loop-timing" /* Don't set loop timing for STM-1 */, "bytes" ( /* Set SONET header bytes */ c( "e1-quiet" arg /* E1-quiet value */, "f1" arg /* F1 user value */, "f2" arg /* F2 user value */, "s1" arg /* S1/Z1 value (stratum clock by convention) */, "z3" arg /* Z3 user value */, "z4" arg /* Z4 user value */, "c2" arg /* C2 user value */ ) ), "rfc-2615" /* RFC 2615 compliance */, "aggregate" ( /* Join a SONET aggregate */ interface_device /* Join a SONET aggregate */ ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ) ) end rule(:source_class_name_object) do arg.as(:arg).as(:oneline) end rule(:source_address_filter_list_items) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */ ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ sc( "index" arg /* Set prefix segment index */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, ipaddr /* Next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( "strict" /* Do not use any other available next hops */, c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */ ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline) ) ) end rule(:srd_ev_action_object) do c( c( "acquire-mastership" /* Attempt to acquire mastership */, "release-mastership" /* Attempt to release mastership */, "release-mastership-force" /* Attempt to release mastership */, "release-mastership-if-standby-clear" /* Attempt to release mastership if standby has no warning */, "broadcast-warning" /* Attempt to release mastership */ ), "add-static-route" ( /* Add a static route in the specified routing table */ srd_route_add_object /* Add a static route in the specified routing table */ ), "delete-static-route" ( /* Delete a static route in the specified routing table */ srd_route_delete_object /* Delete a static route in the specified routing table */ ) ) end rule(:srd_events_object) do arg.as(:arg) ( c( "monitor" ( /* Interfaces to be tracked */ c( "link-down" arg /* Interfaces to be monitored for link-down events */, "process" ( /* Processes related events */ c( "routing" ( /* Routing process related events */ c( "restart" /* Routing protocol restart event */, "abort" /* Routing protocol abort event */ ) ) ) ), "peer" ( /* Events from remote peers */ c( c( "mastership-release" /* Received mastership-release message from peer */, "mastership-acquire" /* Received mastership-acquire message from peer */ ) ) ) ) ) ) ) end rule(:srd_route_add_object) do arg.as(:arg) ( c( c( "next-hop" arg /* Next-hop (interface) to destination */, "receive" /* Install a receive route for the destination */ ), "routing-instance" arg /* Routing instance where the route should be added */ ) ) end rule(:srd_route_delete_object) do arg.as(:arg) ( c( "routing-instance" arg /* Routing instance where the route should be added */ ) ) end rule(:srd_rs_id_object) do arg.as(:arg) ( c( "redundancy-group" arg /* Name of redundancy-group */, "redundancy-policy" arg /* Redundancy-policy list */, "keepalive" arg /* Frequency of SRD hello messages */, "hold-time" arg /* Time before SRD peer is declared down */, "healthcheck-timer-interval" arg /* Healthcheck timer interval */ ) ) end rule(:srd_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "connect" | "route" | "ssd" | "snmp" | "system" | "opcmd" | "state-machine" | "kcom" | "database" | "swithover" | "stateful-sync" | "redundancy-group" | "all")) /* Tracing flag parameters */.as(:oneline) ) end rule(:ssd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("infrastructure" | "server" | "routing-instance" | "client-management" | "interfaces-management" | "route-management" | "nexthop-management" | "firewall-management" | "nexthop-group-management" | "cli" | "cfg" | "all")) /* Area of sdk-service daemon to enable debugging output */.as(:oneline) ) end rule(:ssl_initiation_config) do c( "profile" arg ( /* SSL client profile */ c( "enable-flow-tracing" /* Enable flow tracing for the profile */, "protocol-version" ( /* Protocol SSL version accepted */ ("all" | "ssl3" | "tls1" | "tls11" | "tls12") ), "preferred-ciphers" ( /* Select preferred ciphers */ ("strong" | "medium" | "weak" | "custom") ), "custom-ciphers" ( /* Custom cipher list */ ("rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-des-cbc-sha" | "rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "rsa-export-with-rc4-40-md5" | "rsa-export-with-des40-cbc-sha" | "rsa-export1024-with-des-cbc-sha" | "rsa-export1024-with-rc4-56-md5" | "rsa-export1024-with-rc4-56-sha" | "rsa-with-null-md5" | "rsa-with-null-sha") ), "enable-session-cache" /* Enable SSL session cache */, "trusted-ca" ( /* List of trusted certificate authority profiles */ ("all" | arg) ), "client-certificate" arg /* Local certificate identifier */, "actions" ( /* Traffic related actions */ c( "ignore-server-auth-failure" /* Ignore server authentication failure */, "crl" ( /* Certificate Revocation actions. */ c( "disable" /* Disable CRL validation. */, "if-not-present" ( /* Action if CRL information is not present. */ ("allow" | "drop") ), "ignore-hold-instruction-code" /* Ignore 'Hold Instruction Code' present in the CRL entry. */ ) ) ) ) ) ) ) end rule(:ssl_proxy_config) do c( "global-config" ( /* Global proxy configuration */ c( "session-cache-timeout" arg /* Session cache timeout */ ) ), "profile" arg ( /* SSL Proxy profile */ c( "enable-flow-tracing" /* Enable flow tracing for the profile */, "protocol-version" ( /* Protocol SSL version accepted */ ("all" | "ssl3" | "tls1" | "tls11" | "tls12") ), "preferred-ciphers" ( /* Select preferred ciphers */ ("strong" | "medium" | "weak" | "custom") ), "custom-ciphers" ( /* Custom cipher list */ ("rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-des-cbc-sha" | "rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "rsa-export-with-rc4-40-md5" | "rsa-export-with-des40-cbc-sha" | "rsa-export1024-with-des-cbc-sha" | "rsa-export1024-with-rc4-56-md5" | "rsa-export1024-with-rc4-56-sha" | "rsa-with-null-md5" | "rsa-with-null-sha") ), "enable-session-cache" /* Enable SSL session cache */, "trusted-ca" ( /* List of trusted certificate authority profiles */ ("all" | arg) ), "root-ca" arg /* Root certificate for interdicting server certificates in proxy mode */, "whitelist" arg /* Addresses exempted from SSL Proxy */, "actions" ( /* Logging and traffic related actions */ c( "ignore-server-auth-failure" /* Ignore server authentication failure */, "log" ( /* Logging actions */ c( "all" /* Log all events */, "sessions-dropped" /* Log only ssl session drop events */, "sessions-allowed" /* Log ssl session allow events after an error */, "sessions-ignored" /* Log session ignore events */, "sessions-whitelisted" /* Log ssl session whitelist events */, "errors" /* Log all error events */, "warning" /* Log all warning events */, "info" /* Log all information events */ ) ), "crl" ( /* Certificate Revocation actions. */ c( "disable" /* Disable CRL validation. */, "if-not-present" ( /* Action if CRL information is not present. */ ("allow" | "drop") ), "ignore-hold-instruction-code" /* Ignore 'Hold Instruction Code' present in the CRL entry. */ ) ), "renegotiation" ( /* Renegotiation options */ ("allow" | "allow-secure" | "drop") ), "disable-session-resumption" /* Disable session resumption */ ) ) ) ) ) end rule(:ssl_termination_config) do c( "profile" arg ( /* SSL server profile */ c( "enable-flow-tracing" /* Enable flow tracing for the profile */, "protocol-version" ( /* Protocol SSL version accepted */ ("all" | "ssl3" | "tls1" | "tls11" | "tls12") ), "preferred-ciphers" ( /* Select preferred ciphers */ ("strong" | "medium" | "weak" | "custom") ), "custom-ciphers" ( /* Custom cipher list */ ("rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-des-cbc-sha" | "rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "rsa-export-with-rc4-40-md5" | "rsa-export-with-des40-cbc-sha" | "rsa-export1024-with-des-cbc-sha" | "rsa-export1024-with-rc4-56-md5" | "rsa-export1024-with-rc4-56-sha" | "rsa-with-null-md5" | "rsa-with-null-sha") ), "enable-session-cache" /* Enable SSL session cache */, "trusted-ca" ( /* List of trusted certificate authority profiles */ ("all" | arg) ), "server-certificate" arg /* Local certificate identifier */ ) ) ) end rule(:ssl_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("brief" | "detail" | "extensive" | "verbose") ), "flag" enum(("cli-configuration" | "termination" | "initiation" | "proxy" | "selected-profile" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:stp_interface) do (arg | "all").as(:arg) ( c( "priority" arg /* Interface priority (in increments of 16 - 0,16,..240) */, "cost" arg /* Cost of the interface */, "mode" ( /* Interface mode (P2P or shared) */ ("point-to-point" | "shared") ), "edge" /* Port is an edge port */, "access-trunk" /* Send/Receive untagged RSTP BPDUs on this interface */, "bpdu-timeout-action" ( /* Define action on BPDU expiry (Loop Protect) */ c( "block" /* Block the interface */, "alarm" /* Generate an alarm */ ) ), "no-root-port" /* Do not allow the interface to become root (Root Protect) */, "disable" /* Disable Spanning Tree on port */ ) ) end rule(:stp_trace_options) do c( "file" ( /* Trace file options */ trace_file_type /* Trace file options */ ), "flag" enum(("events" | "bpdu" | "timers" | "port-information-state-machine" | "port-receive-state-machine" | "port-role-select-state-machine" | "port-role-transit-state-machine" | "port-state-transit-state-machine" | "port-migration-state-machine" | "port-transmit-state-machine" | "topology-change-state-machine" | "bridge-detection-state-machine" | "state-machine-variables" | "ppmd" | "all-failures" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:subscription_type) do c( arg /* Link bandwidth percentage for RSVP reservation */, "ct0" arg /* Subscription percentage for traffic class 0 */, "ct1" arg /* Subscription percentage for traffic class 1 */, "ct2" arg /* Subscription percentage for traffic class 2 */, "ct3" arg /* Subscription percentage for traffic class 3 */ ) end rule(:svc_ike_policy) do arg.as(:arg) ( c( "description" arg /* Text description of IKE policy */, "mode" ( /* Define the IKE first phase mode */ ("main" | "aggressive") ), "version" ( /* Define the IKE version to use for the negotiation */ ("1" | "2") ), "proposals" arg, "local-id" ( /* Define local identification */ sc( c( "ipv4_addr" ( /* One or more IPv4 address identification values */ ipv4addr /* One or more IPv4 address identification values */ ), "fqdn" arg /* One or more fully qualified domain name values */, "key-id" arg /* One or more key ID identification values */, "ipv6-addr" ( /* One or more IPv6 address identification values */ ipv6addr /* One or more IPv6 address identification values */ ) ) ) ).as(:oneline), "certificate-policy-oids" arg /* Allowed certificate policy object identifiers (maximum 5) */, "local-certificate" arg /* Local certificate identifier */, "peer-certificate-type" ( /* Preferred type of certificate from peer */ ("pkcs7" | "x509-signature") ), "remote-id" ( /* Define remote identification */ c( "any-remote-id" /* Allow any remote ID */, "ipv4_addr" ( /* One or more IPv4 address identification values */ ipv4addr /* One or more IPv4 address identification values */ ), "fqdn" arg /* One or more fully qualified domain name values */, "key-id" arg /* One or more key ID identification values */, "ipv6-addr" ( /* One or more IPv6 address identification values */ ipv6addr /* One or more IPv6 address identification values */ ) ) ), "pre-shared-key" ( /* Define a preshared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline), "respond-bad-spi" ( /* Respond to IPSec packets with bad SPI values */ sc( arg ) ).as(:oneline) ) ) end rule(:sw_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output") ), "term" arg ( /* Define a softwire term */ c( "then" ( /* Action to take if the 'from' condition is matched */ c( c( "ds-lite" arg /* Apply DS-Lite softwire */, "v6rd" arg /* Apply 6rd softwire */ ) ) ) ) ) ) ) end rule(:syslog_object) do enum(("any" | "authorization" | "daemon" | "ftp" | "ntp" | "security" | "kernel" | "user" | "dfc" | "external" | "firewall" | "pfe" | "conflict-log" | "change-log" | "interactive-commands")).as(:arg) ( c( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ) ) ).as(:oneline) end rule(:system_id_ip_map) do arg.as(:arg) ( c( "ip-address" ( /* Peer ID (IP Address) */ ipv4prefix /* Peer ID (IP Address) */ ) ) ) end rule(:tacplus_server_object) do arg.as(:arg) ( c( "port" arg /* TACACS+ authentication server port number */, "secret" ( /* Shared secret with the authentication server */ unreadable /* Shared secret with the authentication server */ ), "timeout" arg /* Request timeout period */, "single-connection" /* Optimize TCP connection attempts */, "source-address" ( /* Use specified address as source address */ hostname /* Use specified address as source address */ ) ) ) end rule(:tdir_netmon_object) do c( "traceoptions" ( /* Net Monitoring trace options */ tdir_netmon_traceoptions_object /* Net Monitoring trace options */ ), "profile" ( /* Network monitoring probe profile configuration */ tdir_netmon_profile_object /* Network monitoring probe profile configuration */ ), "source-interface" ( /* Network monitoring probe sending interface */ tdir_netmon_src_iface /* Network monitoring probe sending interface */ ) ) end rule(:tdir_netmon_profile_object) do arg.as(:arg) ( c( c( "http" ( /* HTTP probe options */ tdir_http_probe_object /* HTTP probe options */ ), "icmp" /* ICMP probe options */, "tcp" ( /* TCP probe options */ tdir_tcp_probe_object /* TCP probe options */ ), "ssl-hello" ( /* SSL hello probe options */ tdir_ssl_hello_probe_object /* SSL hello probe options */ ), "custom" ( /* Custom probe options */ tdir_netmon_custom_probe_object /* Custom probe options */ ) ), "probe-interval" arg /* Probe interval */, "failure-retries" arg /* Probe failure retries */, "recovery-retries" arg /* Probe recovery retries */ ) ) end rule(:tdir_http_probe_object) do c( "port" arg /* Port number */, "url" arg /* URL name */, "method" ( /* HTTP method */ ("get" | "options") ), "hostname" arg /* Hostname */ ) end rule(:tdir_netmon_custom_probe_object) do c( "protocol" ( /* Custom protocol */ ("tcp" | "udp") ), "cmd" ( /* Custom probe command configuration */ tdir_netmon_custom_probe_command_object /* Custom probe command configuration */ ) ) end rule(:tdir_netmon_custom_probe_command_object) do arg.as(:arg) ( c( "port" arg /* Port number */, "default-real-service-status" ( /* Default status of real service */ ("down" | "up") ), "send" ( /* Send ASCII string or binary buffer */ tdir_netmon_custom_probe_send_object /* Send ASCII string or binary buffer */ ), "expect" ( /* Expect ASCII string or binary buffer */ tdir_netmon_custom_probe_expect_object /* Expect ASCII string or binary buffer */ ).as(:oneline) ) ) end rule(:tdir_netmon_custom_probe_expect_object) do c( c( "ascii" ( /* Expect ASCII string */ tdir_netmon_cust_probe_ascii_expect_obj /* Expect ASCII string */ ).as(:oneline), "binary" ( /* Expect binary buffer */ tdir_netmon_cust_probe_binary_expect_obj /* Expect binary buffer */ ).as(:oneline) ) ).as(:oneline) end rule(:tdir_netmon_cust_probe_ascii_expect_obj) do c( arg, "offset" ( /* Expect buffer offset */ tdir_netmon_cust_probe_expect_offset_obj /* Expect buffer offset */ ), "real-service-action" ( /* Action on expect match */ ("up" | "down") ) ).as(:oneline) end rule(:tdir_netmon_cust_probe_binary_expect_obj) do c( arg, "offset" ( /* Expect buffer offset */ tdir_netmon_cust_probe_expect_offset_obj /* Expect buffer offset */ ), "real-service-action" ( /* Action on expect match */ ("up" | "down") ) ).as(:oneline) end rule(:tdir_netmon_cust_probe_expect_offset_obj) do c( arg, "length" arg /* Expect buffer offset length */ ).as(:oneline) end rule(:tdir_netmon_custom_probe_send_object) do c( c( "ascii" arg /* Send ASCII string */, "binary" arg /* Send binary buffer */ ) ).as(:oneline) end rule(:tdir_netmon_src_iface) do arg.as(:arg) ( c( "family" ( /* Address family */ c( "inet" ( /* Address family IPv4 */ c( "address" ( /* Address family IPv4 address */ ipv4addr /* Address family IPv4 address */ ) ) ), "inet6" ( /* Address family IPv6 */ c( "address" ( /* Address family IPv6 address */ ipv6addr /* Address family IPv6 address */ ) ) ) ) ) ) ) end rule(:tdir_netmon_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("all-real-services" | "messages" | "probe" | "inter-thread" | "database" | "file-descriptor-queue" | "probe-infra" | "all")) /* Tracing flag parameters */.as(:oneline), "monitor" arg ( c( "group-name" arg /* Group name */, "real-services-name" arg /* Real service */ ) ) ) end rule(:tdir_service_load_balance_object) do c( "traceoptions" ( /* Traffic load balance trace options */ tdir_traceoptions_object /* Traffic load balance trace options */ ), "route-hold-timer" arg /* Route hold timer, when PIC is down */, "instance" ( /* Traffic load balance instance configuration */ tdir_slb_instance_object /* Traffic load balance instance configuration */ ) ) end rule(:tdir_slb_instance_object) do arg.as(:arg) ( c( "interface" ( /* Interface name */ interface_name /* Interface name */ ), "server-inet-bypass-filter" arg /* Server Implicit inet bypass filter reference */, "server-inet6-bypass-filter" arg /* Server Implicit inet6 bypass filter reference */, "client-interface" ( /* Client facing interface name */ interface_unit /* Client facing interface name */ ), "server-interface" ( /* Server facing interface name */ interface_unit /* Server facing interface name */ ), "client-vrf" arg /* Client-side VRF */, "server-vrf" arg /* Server-side VRF */, "group" ( /* Group configuration */ tdir_slb_group_object /* Group configuration */ ), "real-service" ( /* Real service configuration */ tdir_real_service_object /* Real service configuration */ ), "virtual-service" ( /* Virtual service configuration */ tdir_virtual_service_object /* Virtual service configuration */ ) ) ) end rule(:tdir_real_service_object) do arg.as(:arg) ( c( "address" ( /* IP address */ ipaddr /* IP address */ ), "admin-down" /* Set the real service to DOWN state */ ) ) end rule(:tdir_slb_group_object) do arg.as(:arg) ( c( "real-services" arg /* Real services group association */, "routing-instance" arg /* Routing instance name */, "health-check-interface-subunit" arg /* Subunit on which the health-check is to be initiated */, "network-monitoring-profile" arg /* Network monitoring profile name */, "real-service-rejoin-options" ( /* Real service rejoin options */ tdir_auto_rejoin_object /* Real service rejoin options */ ) ) ) end rule(:tdir_auto_rejoin_object) do c( "no-auto-rejoin" /* Disable real service auto-rejoin, when it comes up */ ) end rule(:tdir_ssl_hello_probe_object) do c( "port" arg /* Port number */, "version" ( /* SSL version */ ("2" | "3") ) ) end rule(:tdir_tcp_probe_object) do c( "port" arg /* Port number */ ) end rule(:tdir_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("normal" | "config" | "connect" | "health" | "parse" | "probe" | "route" | "snmp" | "statistics" | "system" | "operational-commands" | "filter" | "all")) /* Tracing flag parameters */.as(:oneline) ) end rule(:tdir_virtual_service_object) do arg.as(:arg) ( c( "mode" ( /* Virtual service mode */ ("layer2-direct-server-return" | "direct-server-return" | "translated") ), "address" ( /* IP address */ ipaddr /* IP address */ ), "route-metric" arg /* Route metric */, "rebalance-threshold" arg /* Rebalance threshold */, "routing-instance" arg /* Routing instance name */, "service" ( /* Listening service configuration */ tdir_virtual_service_svc_object /* Listening service configuration */ ), "server-interface" ( /* Server facing interface name */ interface_unit /* Server facing interface name */ ), "group" arg /* Group name */, "load-balance-method" ( /* Load balance method */ c( c( "hash" ( /* Load balance hash method */ c( "hash-key" ( /* Hash-key type */ tdir_virtual_service_lb_hash_method_obj /* Hash-key type */ ) ) ), "random" /* Load balance random method */ ) ) ) ) ) end rule(:tdir_virtual_service_lb_hash_method_obj) do c( "source-ip" /* Source-address based hashing */, "destination-ip" /* Destination-address based hashing */, "protocol" /* Protocol based hashing */ ) end rule(:tdir_virtual_service_svc_object) do arg.as(:arg) ( c( "virtual-port" arg /* Virtual port number */, "server-listening-port" arg /* Server listening port */, "protocol" arg /* Service transport portocol */, "include-real-server-ips-in-server-filter" /* Includes list of all real server ip address in server filter */ ) ) end rule(:te_class_object) do c( "traffic-class" ( /* Traffic class */ ("ct0" | "ct1" | "ct2" | "ct3") ), "priority" arg /* Preemption priority for this class */ ).as(:oneline) end rule(:three_color_policer_type) do arg.as(:arg) ( c( "filter-specific" /* Three color policer is filter-specific */, "logical-interface-policer" /* Policer is logical interface policer */, "physical-interface-policer" /* Policer is physical interface policer */, "shared-bandwidth-policer" /* Share policer bandwidth among bundle links */, "action" ( /* Action for three-color policer */ c( "loss-priority" ( /* Loss priority for packet */ three_color_policer_action /* Loss priority for packet */ ).as(:oneline) ) ), c( "single-rate" ( /* Single-rate policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-rate" arg /* Bandwidth allowed for committed traffic */, "committed-burst-size" arg /* Burst size allowed for committed traffic */, "excess-burst-size" arg /* Burst size allowed for excess traffic */ ) ), "single-packet-rate" ( /* Single-rate packet policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-pps" arg /* PPS allowed for committed traffic */, "committed-packet-burst" arg /* Packet burst allowed for committed traffic */, "excess-packet-burst" arg /* Packet burst allowed for excess traffic */ ) ), "two-rate" ( /* Two-rate policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-rate" arg /* Bandwidth allowed for committed traffic */, "committed-burst-size" arg /* Burst size allowed for committed traffic */, "peak-information-rate" arg /* Bandwidth allowed for peak traffic */, "peak-burst-size" arg /* Burst size allowed for peak traffic */, "aggregate-policing" ( /* Configure Aggregate Policer */ c( "policer" arg ( /* Two-color policer to be used as aggregate */ c( "aggregate-sharing-mode" ( /* Hierarchical Metering model */ ("hybrid") ) ) ) ) ) ) ), "two-packet-rate" ( /* Two-rate packet policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-pps" arg /* PPS allowed for committed traffic */, "committed-packet-burst" arg /* Packet burst allowed for committed traffic */, "peak-information-pps" arg /* PPS allowed for peak traffic */, "peak-packet-burst" arg /* Packet burst allowed for peak traffic */ ) ) ) ) ) end rule(:three_color_policer_action) do ("high").as(:arg) ( c( "then" ( /* Action to take if the rate limits are exceeded */ c( "discard" /* Discard the packet */ ) ) ) ).as(:oneline) end rule(:to_fabric_object) do c( "except" /* Match traffic switched locally and not going to fabric */ ) end rule(:trace_file_type) do c( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ).as(:oneline) end rule(:transaction_method_type) do enum(("method-invite" | "method-options" | "method-refer" | "method-subscribe" | "method-publish" | "method-message" | "method-register")).as(:arg) end rule(:transaction_policy_type) do arg.as(:arg) ( c( "term" arg ( /* Term definition */ c( "from" ( /* From action */ new_transaction_from_type /* From action */ ), "then" ( /* Action */ new_transaction_then_type /* Action */ ) ) ) ) ) end rule(:new_transaction_then_type) do c( "accept" /* Accept the request */, "reject" /* Reject the request */, "route" ( /* How to route the request */ route_action /* How to route the request */ ), "trace" /* Trace messages accepted on this policy */, "admission-control" arg /* Admission controller for the request */, "message-manipulation" ( /* Definitions of forward and reverse manipulations */ c( "forward-manipulation" arg, "reverse-manipulation" arg ) ), "signaling-realm" arg /* Signaling realm */, "on-3xx-response" ( /* Behavior on receiving a 3XX Response */ c( c( "recursion-limit" arg /* The number of recursion to manage */ ) ) ) ) end rule(:route_action) do c( "next-hop" ( c( c( "address" ( /* Static route by IP address */ routing_destination_address /* Static route by IP address */ ), "request-uri" /* Route by request-uri */, "sip-based" /* Routing based on the SIP procedures */ ) ) ), "egress-service-point" arg /* Exit point */, "server-cluster" arg /* Cluster name */ ) end rule(:transport_protocol) do c( c( "udp", "tcp" ) ) end rule(:tty_port_object) do c( "authentication-order" ( ("radius" | "tacplus" | "password") ), "log-out-on-disconnect" /* Log out the console session when cable is unplugged */, "port-type" ( /* Switch console between RJ45 and mini-USB */ ("rj45" | "mini-usb") ), "disable" /* Disable console */, "insecure" /* Disallow superuser access */, "speed" ( /* Speed of the port */ ("1200" | "2400" | "4800" | "9600" | "19200" | "38400" | "57600" | "115200") ), "type" ( /* Terminal type */ ("ansi" | "vt100" | "small-xterm" | "xterm") ), "silent-with-modem" /* Make the console silent if modem is connected and no call is present on the modem */ ) end rule(:tunable_object) do arg.as(:arg) ( c( "tunable-value" arg /* Protocol tunable value */ ) ) end rule(:tunnel_end_point) do arg.as(:arg) ( c( c( "ipv6" ( /* Enter an IPv6 tunnel */ c( "source-address" ( /* Tunnel source address */ ipv6addr /* Tunnel source address */ ), "destination-address" ( /* Tunnel destination address */ ipv6addr /* Tunnel destination address */ ) ) ), "ipv4" ( /* Enter an IPv4 tunnel */ c( "source-address" ( /* Tunnel source address */ ipv4addr /* Tunnel source address */ ), "destination-address" ( /* Tunnel destination address */ ipv4addr /* Tunnel destination address */ ) ) ) ), c( "gre" ( /* Tunnel is GRE */ c( "key" arg /* Key for authentication */ ) ), "gre-in-udp" ( /* Tunnel is GRE-in-UDP */ c( "source-port" arg /* UDP source port */, "destination-port" arg /* UDP destination port */, "key" arg /* GRE key for authentication */ ) ) ) ) ) end rule(:tunnel_interface_type) do arg.as(:arg) end rule(:twamp_authentication_key_chain) do arg.as(:arg) ( c( "key-id" arg ( /* Authentication element configuration */ c( "secret" arg /* Authentication key */ ) ) ) ) end rule(:unified_edge_gateway_diameter) do c( "network-element" arg ( /* Diameter network element configuration per mobile gateway */ c( "session-pics" ( /* Session MS-PICs to serve this Diameter network element */ unified_edge_gateway_diameter_ne_session_pics /* Session MS-PICs to serve this Diameter network element */ ) ) ) ) end rule(:unified_edge_gateway_diameter_ne_session_pics) do c( "group" arg ( /* Diameter network element Multiservice PIC group */ c( "session-pic" arg /* Multiservice PICs serving the Diameter network element in this group */ ) ) ) end rule(:unified_edge_ggsn_pgw_system) do c( "pfes" ( /* Packet forwarding engines used for anchoring */ c( "interface" arg ( /* Interface representing packet forwarding engine */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "session-pics" ( /* Multiservice PICs used for anchoring control sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "service-pics" ( /* Multiservice PICs used for anchoring service related data sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ) ) end rule(:unified_edge_mobile_options) do c( "traceoptions" ( /* Mobility config and operational command daemon trace options */ mobiled_traceoptions /* Mobility config and operational command daemon trace options */ ) ) end rule(:mobiled_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "protocol" | "init" | "error" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:unified_edge_pcef) do c( "traceoptions" ( /* Trace options related to PCEF */ pcef_traceoptions /* Trace options related to PCEF */ ), "event-trigger-profiles" ( /* Event trigger profiles */ c( evt_trigger_profile ) ), "flow-descriptions" ( /* PCC flow descriptions */ c( pcc_flow ) ), "pcc-action-profiles" ( /* PCC action profiles */ c( pcc_action_profile ) ), "pcc-rules" ( /* PCC rules */ c( pcc_rule ) ), "pcc-rulebases" ( /* PCC rulebases */ c( pcc_rulebase ) ), "profiles" ( /* PCEF profiles */ c( pcef_profiles ) ), "pcc-time-of-day-profiles" ( /* PCEF Time Of Day profiles */ c( pcef_time_of_day_profile ) ) ) end rule(:pcef_time_of_day_profile) do arg.as(:arg) ( c( "rule-activation-time" ( /* Rule Activation Time of this profile */ pcef_tod_time_type /* Rule Activation Time of this profile */ ), "rule-deactivation-time" ( /* Rule Dectivation Time of this profile */ pcef_tod_time_type /* Rule Dectivation Time of this profile */ ) ) ) end rule(:pcef_tod_time_type) do c( c( "SUNDAY" /* Sunday */, "MONDAY" /* Monday */, "TUESDAY" /* Tuesday */, "WEDNESDAY" /* Wednesday */, "THURSDAY" /* Thursday */, "FRIDAY" /* Friday */, "SATURDAY" /* Saturday */, "DAY1" /* 1st of the month */, "DAY2" /* 2nd of the month */, "DAY3" /* 3rd of the month */, "DAY4" /* 4th of the month */, "DAY5" /* 5th of the month */, "DAY6" /* 6th of the month */, "DAY7" /* 7th of the month */, "DAY8" /* 8th of the month */, "DAY9" /* 9th of the month */, "DAY10" /* 10th of the month */, "DAY11" /* 11th of the month */, "DAY12" /* 12th of the month */, "DAY13" /* 13th of the month */, "DAY14" /* 14th of the month */, "DAY15" /* 15th of the month */, "DAY16" /* 16th of the month */, "DAY17" /* 17th of the month */, "DAY18" /* 18th of the month */, "DAY19" /* 19th of the month */, "DAY20" /* 20th of the month */, "DAY21" /* 21st of the month */, "DAY22" /* 22nd of the month */, "DAY23" /* 23rd of the month */, "DAY24" /* 24th of the month */, "DAY25" /* 25th of the month */, "DAY26" /* 26th of the month */, "DAY27" /* 27th of the month */, "Last-day-of-month" /* Last day of the month */ ), c( "JANUARY" /* January */, "FEBRUARY" /* February */, "MARCH" /* March */, "APRIL" /* April */, "MAY" /* May */, "JUNE" /* June */, "JULY" /* July */, "AUGUST" /* August */, "SEPTEMBER" /* September */, "OCTOBER" /* October */, "NOVEMBER" /* November */, "DECEMBER" /* December */ ), time /* Time of the day in hh:mm format */ ) end rule(:unified_edge_sgw_system) do c( "pfes" ( /* Packet forwarding engines used for anchoring */ c( "interface" arg ( /* Interface representing packet forwarding engine */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "session-pics" ( /* Multiservice PICs used for anchoring control sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ) ) end rule(:unified_edge_tdf) do arg.as(:arg) ( c( "service-mode" ( /* Service mode */ ("maintenance") ), "system" ( /* System parameters */ unified_edge_tdf_system /* System parameters */ ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "traceoptions" ( /* Trace options related to subscriber management */ mobile_smd_traceoptions /* Trace options related to subscriber management */ ), "cac" ( /* TDF cac configuration */ c( "maximum-subscribers" arg /* Maximum number of TDF subscribers */, "maximum-subscribers-trap-percentage" arg /* Percentage of Maximum subscribers */, "memory" ( /* Memory threshold configuration */ c( "percentage" arg /* Memory threshold */ ) ), "cpu" ( /* CPU threshold configuration */ c( "percentage" arg /* CPU threshold */ ) ) ) ), "charging" ( /* TDF charging profile definitions */ c( "traceoptions" ( /* Charging trace options */ charging_traceoptions /* Charging trace options */ ), "charging-profiles" ( /* Charging profile */ c( juniper_charging_profiles ) ), "transport-profiles" ( /* Transport profile definition */ c( juniper_transport_profiles ) ) ) ), "domains" ( /* TDF domains configuration */ c( tdf_domain ) ), "domain-selection" ( /* TDF domain selection */ c( "term" arg ( /* Define a domain selection term */ c( "from" ( /* Define match criteria */ domain_sel_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "domain" arg /* TDF domain name */, "pcef-profile" arg /* PCEF profile name */ ) ) ) ) ) ), "aaa" ( /* AAA related configuration */ c( "clients" ( /* AAA radius clients */ c( arg /* AAA radius client */ ) ), "snoop-segments" ( /* AAA radius snoop segments */ c( arg /* AAA radius snoop segment */ ) ) ) ) ) ) end rule(:domain_sel_match_object) do c( "client" arg /* AAA Radius client */, "snoop-segment" arg /* AAA Radius snoop-segment */, "user-name" ( /* Radius avp user-name */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "nas-ip-address" ( /* Radius avp nas-ip-address */ sc( "equals" ( /* Attribute match options */ c( ipv4prefix /* IPv4 address/prefix value */ ) ) ) ).as(:oneline), "calling-station-id" ( /* Radius avp calling-station-id */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "called-station-id" ( /* Radius avp called-station-id */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "class" ( /* Radius avp class */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "threegpp-imsi" ( /* Radius avp 3gpp-imsi */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "framed-ip-address" ( /* Radius avp framed-ip-address */ sc( "equals" ( /* Attribute match options */ c( ipv4prefix /* IPv4 address/prefix value */ ) ) ) ).as(:oneline), "framed-ipv6-prefix" ( /* Radius avp framed-ipv6-prefix */ sc( "equals" ( /* Attribute match options */ c( ipv6prefix /* IPv6 address/prefix value */ ) ) ) ).as(:oneline), "attribute" arg ( /* Custom radius attributes */ c( "code" arg /* Attribute code */, "vendor-id" arg /* Attribute vendor-id */, "format" ( /* Attribute format */ sc( c( "string" ( /* Format string */ c( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ), "time" ( /* Format time */ c( c( "equals" ( /* Attribute match options */ c( time /* Time value */ ) ), "greater-than" ( /* Attribute match options */ c( time /* Time value */ ) ), "less-than" ( /* Attribute match options */ c( time /* Time value */ ) ) ) ) ), "integer" ( /* Format integer */ c( c( "equals" ( /* Attribute match options */ c( arg /* Integer value */ ) ), "greater-than" ( /* Attribute match options */ c( arg /* Integer value */ ) ), "less-than" ( /* Attribute match options */ c( arg /* Integer value */ ) ) ) ) ), "v4address" ( /* Format v4address */ c( "equals" ( /* Attribute match options */ c( ipv4prefix /* IPv4 address/prefix value */ ) ) ) ), "v6prefix" ( /* Format v6prefix */ c( "equals" ( /* Attribute match options */ c( ipv6prefix /* IPv6 address/prefix value */ ) ) ) ), "v6address" ( /* Format v6address */ c( "equals" ( /* Attribute match options */ c( ipv6prefix /* IPv6 address/prefix value */ ) ) ) ) ) ) ).as(:oneline) ) ) ) end rule(:tdf_domain) do arg.as(:arg) ( c( "subscriber-type" ( /* Specify subscriber type */ ("ip" | "ifl") ), "subscriber-exclude-prefix" ( /* Exclude subscriber address prefix */ c( "family" ( /* Address family */ c( "inet" ( /* IPv4 address configuration */ c( "network" arg /* Specify IPv4 network prefix */ ) ), "inet6" ( /* IPv6 address pool configuration */ c( "network" arg /* Specify IPv6 network prefix */ ) ) ) ) ) ), "pcef-profile" arg /* PCEF profile for the TDF domain */, "tdf-interface" ( /* TDF interface */ interface_unit /* TDF interface */ ), "maximum-bit-rate" ( /* Default subscriber policy for TDF traffic */ c( "uplink" arg /* Maximum bit rate uplink */, "downlink" arg /* Maximum bit rate downlink */ ) ), "burst-size" ( /* Default Subscriber Burst Size for TDF traffic */ c( "uplink" arg /* Subscriber burst size uplink */, "downlink" arg /* Subscriber burst size downlink */ ) ), "charging-profile" arg /* Charging profile for the domain */, "service-mode" ( /* Service mode */ ("maintenance") ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "ip-subscriber" ( /* Configure ip subscriber */ c( "access-interfaces" arg /* Access facing interfaces */, "subscriber-attach-method" ( /* Specify subscriber attach method */ ("radius-accounting" | "packet-triggered" | "pcrf-initiated") ), "subscription-id" ( /* Specify subscription id options */ c( "subscription-id-options" ( /* Subscription id options sets */ subscription_id_set /* Subscription id options sets */ ), "constant" ( /* Constant string for subscription-id */ sc( arg ) ).as(:oneline), "use-class-regular-expression" arg /* Regular expression for Class attribute parsing */, "use-class" ( c( "regex" arg /* Regular expression for Class attribute parsing */, "pattern" arg /* Substitution template to use with regular expression */, "subscription-id-type" ( /* Subscription id type */ ("imsi" | "msisdn" | "nai" | "sip-uri" | "private") ) ) ) ) ), "immediate-accounting-response" ( /* Enable/disable immediate RADIUS response message */ ("enable" | "disable") ), "subscriber-address" ( /* Specify the subscriber address information */ c( "inet" ( /* Specify address pool name for IPv4 */ c( "pool" arg ) ), "inet6" ( /* Specify address pool name for IPv6 */ c( "pool" arg ) ) ) ), "maximum-subscribers" arg /* Maximum TDF subscribers */, "idle-timeout" arg /* Session idle timeout value */, "default-local-policy" ( /* Default local policy for TDF traffic */ c( "flow-action" ( /* Flow action */ ("forward" | "drop") ), "maximum-bit-rate" ( /* Maximum bit rate */ sc( "uplink" arg /* Maximum bit rate uplink */, "downlink" arg /* Maximum bit rate downlink */ ) ).as(:oneline), "burst-size" ( /* Burst Size for TDF traffic */ c( "uplink" arg /* Burst size uplink */, "downlink" arg /* Burst size downlink */ ) ) ) ) ) ), "ifl-subscriber" ( /* IFL subscriber configuration */ c( tdf_ifl_subscriber ) ) ) ) end rule(:subscription_id_set) do arg.as(:arg) ( c( "id-components" ( /* Subscription id components */ ("use-imsi" | "use-msisdn" | "use-nai" | "use-username" | "use-realm" | "use-nas-port" | "use-nas-port-id" | "use-class") ) ) ) end rule(:tdf_ifl_subscriber) do arg.as(:arg) ( c( "access-interfaces" arg /* Access facing interfaces */ ) ) end rule(:unified_edge_tdf_system) do c( "session-pics" ( /* Multiservice PICs used for anchoring control sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "service-pics" ( /* Multiservice PICs used for anchoring service related data sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ) ) end rule(:upgrade_group_fpcs) do arg.as(:arg) ( c( "fpcs" arg /* FPCs to be upgraded as a group in this member */ ) ) end rule(:upgrade_group_type) do arg.as(:arg) ( c( "satellite" arg /* Satellite slot-id or range or all */ ) ) end rule(:urlf_profile_object) do arg.as(:arg) ( c( "url-filter-database" arg /* Full path of the file */, "template" ( /* URL filter template */ urlf_template_object /* URL filter template */ ) ) ) end rule(:urlf_template_object) do arg.as(:arg) ( c( "client-interfaces" ( /* Client facing interfaces on which the url filtering is applied */ interface_unit /* Client facing interfaces on which the url filtering is applied */ ), "server-interfaces" ( /* Server facing interfaces to which traffic destined to */ interface_unit /* Server facing interfaces to which traffic destined to */ ), "dns-source-interface" ( /* Interface on which the DNS queries are originated */ interface_unit /* Interface on which the DNS queries are originated */ ), "dns-routing-instance" ( /* Routing instance for DNS queries */ (arg | "inet.0") ), "routing-instance" ( /* Routing instance name */ (arg | "inet.0") ), "dns-server" ( /* One or more DNS servers addresses */ ipaddr /* One or more DNS servers addresses */ ), "dns-resolution-interval" arg /* DNS resolution timer in minutes */, "dns-retries" arg /* DNS resolution attempts */, "dns-resolution-rate" arg /* DNS resolution rate per chunk interval */, "url-filter-database" arg /* Full path of the file */, "term" arg ( /* Define a url filtering term */ c( "from" ( /* Define match criteria */ urlf_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "redirect-url" arg /* Redirect URL */, "custom-page" arg /* Custome page string */, "http-status-code" arg /* HTTP status code value */, "tcp-reset" /* TCP Reset */, "accept" /* Accept */ ) ) ) ) ) ) ) end rule(:urlf_match_object) do c( "src-ip-prefix" ( /* Source IP Prefix list specification */ ipprefix /* Source IP Prefix list specification */ ), "dest-ports" arg /* Destination port list specification */ ) end rule(:urlf_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("normal" | "config" | "dns" | "timer" | "connect" | "parse" | "statistics" | "system" | "operational-commands" | "filter" | "gencfg" | "routing" | "snmp" | "all")) /* Tracing flag parameters */.as(:oneline) ) end rule(:v3_user_config) do arg.as(:arg) ( c( c( "authentication-md5" ( /* Configure MD5 authentication */ auth_object /* Configure MD5 authentication */ ), "authentication-sha" ( /* Configure SHA authentication */ auth_object /* Configure SHA authentication */ ), "authentication-none" /* Set no authentication for the user */ ), c( "privacy-des" ( /* Configure DES privacy */ priv_object /* Configure DES privacy */ ), "privacy-3des" ( /* Configure Triple DES privacy */ priv_object /* Configure Triple DES privacy */ ), "privacy-aes128" ( /* Configure AES128 privacy */ priv_object /* Configure AES128 privacy */ ), "privacy-none" /* Set no privacy for the user */ ) ) ) end rule(:auth_object) do c( "authentication-password" arg /* User's authentication password */, "authentication-key" ( /* Encrypted key used for user authentication */ unreadable /* Encrypted key used for user authentication */ ) ) end rule(:priv_object) do c( "privacy-password" arg /* User's privacy password */, "privacy-key" ( /* Encrypted key used for user privacy */ unreadable /* Encrypted key used for user privacy */ ) ) end rule(:v6_relay_option_interface_id_type) do c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "use-option-82" ( /* Use option-82 circuit-id for interface-id */ v6_relay_option_cid_rid_action /* Use option-82 circuit-id for interface-id */ ), "keep-incoming-interface-id" /* Keep incoming interface identifier */ ) end rule(:v6_relay_option_cid_rid_action) do c( "strict" /* Drop packet if id not present */ ) end rule(:v6_relay_option_remote_id_type) do c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "use-option-82" ( /* Use option-82 remote-id for v6 remote-id */ v6_relay_option_cid_rid_action /* Use option-82 remote-id for v6 remote-id */ ), "keep-incoming-remote-id" /* Keep incoming remote identifier */ ) end rule(:v6_server_group_type) do c( c( arg /* IP Address of one or more DHCP servers */ ) ) end rule(:v6rd_object) do arg.as(:arg) ( c( "softwire-address" ( /* Softwire concentrator IPV4 prefix */ ipv4addr /* Softwire concentrator IPV4 prefix */ ), "ipv4-prefix" ( /* 6rd customer edge IPV4 prefix */ ipv4prefix /* 6rd customer edge IPV4 prefix */ ), "v6rd-prefix" ( /* 6rd domain's IPV6 prefix */ ipv6prefix /* 6rd domain's IPV6 prefix */ ), "mtu-v4" arg /* MTU for the softwire tunnel */ ) ) end rule(:vchassis_trace_file_type) do c( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ).as(:oneline) end rule(:version_ipfix_template) do arg.as(:arg) ( c( "flow-active-timeout" arg /* Interval after which active flow is exported */, "flow-inactive-timeout" arg /* Period of inactivity that marks a flow inactive */, "template-id" arg /* Template id */, "option-template-id" arg /* Options template id */, "observation-domain-id" arg /* Observation Domain Id */, "nexthop-learning" ( /* Nexthop learning parameter. Valid ONLY for INLINE-JFLOW */ c( ("enable" | "disable") ) ), "template-refresh-rate" ( /* Template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), "option-refresh-rate" ( /* Option template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), c( "ipv4-template" /* IPv4 template configuration */, "ipv6-template" /* IPv6 template configuration */, "vpls-template" /* VPLS template configuration */, "mpls-template" ( /* MPLS template configuration */ c( "label-position" arg /* One or more MPLS label positions */ ) ), "mpls-ipv4-template" ( /* MPLS IPV4 template configuration */ c( "label-position" arg /* One or more MPLS label positions */ ) ) ), "flow-key" ( /* Flow key for the template. Valid ONLY for INLINE-JFLOW */ c( "flow-direction" /* Include flow direction */, "vlan-id" /* Include vlan ID */ ) ) ) ) end rule(:version9_template) do arg.as(:arg) ( c( "flow-active-timeout" arg /* Interval after which active flow is exported */, "flow-inactive-timeout" arg /* Period of inactivity that marks a flow inactive */, "template-id" arg /* Template id */, "option-template-id" arg /* Options template id */, "source-id" arg /* Source Id */, "nexthop-learning" ( /* Nexthop learning parameter. Valid ONLY for INLINE-JFLOW */ c( ("enable" | "disable") ) ), "template-refresh-rate" ( /* Template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), "option-refresh-rate" ( /* Option template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), c( "mpls-ipv4-template" ( /* MPLS-IPv4 template configuration */ c( "label-position" arg /* One or more MPLS label positions */ ) ), "mpls-template" ( /* MPLS template configuration */ c( "label-position" arg /* One or more MPLS label positions */ ) ), "ipv6-template" ( /* IPv6 template configuration */ c( "nexthop-options" ( /* Additional information retrieved from nexthop */ c( c( "mpls" ( /* MPLS information retrieved from nexthop */ c( "label-position" arg /* One or more MPLS label positions */ ) ) ) ) ) ) ), "peer-as-billing-template" /* Peer AS billing template configuration */, "ipv4-template" ( /* IPv4 template configuration */ c( "nexthop-options" ( /* Additional information retrieved from nexthop */ c( c( "mpls" ( /* MPLS information retrieved from nexthop */ c( "label-position" arg /* One or more MPLS label positions */ ) ) ) ) ) ) ) ), "flow-key" ( /* Flow key for the template. Valid ONLY for INLINE-JFLOW */ c( "flow-direction" /* Include flow direction */, "vlan-id" /* Include vlan ID */ ) ) ) ) end rule(:virtual_interface_indications_object) do c( "virtual-interface-up" ( pgcp_virtual_interface_up_object ), "virtual-interface-down" ( pgcp_virtual_interface_down_object ) ) end rule(:pgcp_virtual_interface_down_object) do c( "graceful" ( /* Configure graceful service change */ ("none" | "graceful-905") ), "administrative" ( /* Configure administrative service change */ ("forced-905" | "forced-906" | "none") ), "failure" ( /* Configure failure service change */ ("forced-904" | "forced-906" | "none") ), "link-loss" ( /* Configure link-loss service change */ ("forced-906" | "none") ) ) end rule(:pgcp_virtual_interface_up_object) do c( "warm" ( /* Configure warm-boot service change */ ("restart-900" | "none") ), "cancel-graceful" ( /* Configure cancel-graceful service change */ ("none" | "restart-918") ) ) end rule(:vlan_policy) do (arg | "all").as(:arg) ( c( "policy" ( /* Attach policy */ c( arg /* Router Advertisement Guard policy name */, c( "stateful" /* Stateful router advertisement guard */, "stateless" /* Stateless router advertisement guard */ ) ) ) ) ) end rule(:vlan_types) do arg.as(:arg) ( c( "description" arg /* Text description of VLANs */, c( "vlan-id" ( /* IEEE 802.1q VLAN identifier for VLAN */ ("all" | "none" | arg) ), "vlan-id-list" arg /* Create VLAN for each of the vlan-id specified in the vlan-id-list */, "vlan-tags" ( /* IEEE 802.1q VLAN tags for VLANs */ sc( "outer" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */, "inner" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ) ).as(:oneline) ), "interface" ("$junos-interface-name" | arg) /* Interface name for this VLAN */, "l3-interface" ( /* L3 interface name for this vlans */ interface_unit /* L3 interface name for this vlans */ ), "no-local-switching" /* Disable local switching within CE-facing interfaces */, "forwarding-options" ( /* Forwarding options configuration */ juniper_ethernet_switching_forwarding_options /* Forwarding options configuration */ ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "switch-options" ( /* VLANs switch-options configuration */ juniper_protocols_vlan /* VLANs switch-options configuration */ ), "domain-type" ( /* Type of VLANs SVLAN/DVLAN */ ("bridge") ), "no-irb-layer-2-copy" /* Disable transmission of layer-2 copy of packets of IRB routing-interface */, "service-id" arg /* Service id required if VLAN is of type MC-AE, and vlan-id all or vlan-id none or vlan-tags is configured */, "domain-id" arg /* Domain-id for auto derived Route Target */, "mcae-mac-synchronize" /* Enable IRB MAC synchronization in this VLAN */, "no-arp-suppression" /* Disable suppression of ARP/NDP for EVPN */, "mcae-mac-flush" /* Enable IRB MAC flush in a/s mode for this VLAN on MCAE link up */, "private-vlan" ( /* Type of secondary vlan for private vlan */ ("isolated" | "community") ), "isolated-vlan" arg /* VLAN id or name */, "community-vlans" arg /* List of VLAN id or name */, "vxlan" ( c( "ovsdb-managed" /* Bridge-domain is managed remotely via VXLAN OVSDB Controller */, "vni" arg /* VXLAN identifier */, "multicast-group" ( /* Multicast group registered for VXLAN segment */ ipv4addr /* Multicast group registered for VXLAN segment */ ), "encapsulate-inner-vlan" /* Retain inner VLAN in the packet */, "decapsulate-accept-inner-vlan" /* Accept VXLAN packets with inner VLAN */, "unreachable-vtep-aging-timer" arg /* Unreachable VXLAN tunnel endpoint removal timer */, "ingress-node-replication" /* Enable ingress node replication */ ) ) ) ) end rule(:juniper_ethernet_switching_forwarding_options) do c( "filter" ( /* Filtering for ethernet switching forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for ethernet switching flood table */ c( "input" arg /* Name of input filter to apply for ethernet switching flood packets */ ) ), "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "dhcp-security" ( /* DHCP access security configuration */ jdhcp_security_type /* DHCP access security configuration */ ) ) end rule(:juniper_protocols_vlan) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "mac-move-limit" ( /* Number of MAC movements allowed on this VLAN */ c( arg, "packet-action" ( /* Action to be taken in case the MAC movement limit is exceeded */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log" | "vlan-member-shutdown") ), "interface" arg ( /* Interface that connect this site to the VPN */ c( "action-priority" arg /* Blocking priority of this interface on mac move detection */ ) ) ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-statistics" /* Enable MAC address statistics */, "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "vpws-service-id" ( /* Service-id for EVPN VPWS routing instance */ c( "local" arg /* Local EVPN VPWS service id */, "remote" arg /* Remote EVPN VPWS service id */ ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "remote-site-id" arg /* Site identifier associated with this interface */, "target-attachment-identifier" arg /* FEC 129 VPWS target attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to push Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this interface */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "description" arg /* Text description */ ) ), "static-rvtep-mac" ( /* Configure Static MAC and remote VxLAN tunnel endpoint entries */ c( "mac" ( /* Unicast MAC address */ s( arg, "remote-vtep" arg /* Configure static remote VXLAN tunnel endpoints */ ) ).as(:oneline) ) ) ) end rule(:vlan_map) do c( c( "push" /* Push a VLAN tag */, "swap" /* Swap a VLAN tag */, "pop" /* Pop a VLAN tag */, "push-push" /* Push two VLAN tags */, "swap-push" /* Swap VLAN tag and push a new VLAN tag */, "swap-swap" /* Swap both outer and inner VLAN tags */, "pop-swap" /* Pop outer VLAN tag and swap inner VLAN tag */, "pop-pop" /* Pop both outer and inner VLAN tags */ ), "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier to rewrite */, "inner-tag-protocol-id" arg /* IEEE 802.1q Tag Protocol ID to rewrite for inner tag */, "vlan-id" ( /* VLAN ID to rewrite */ ("$junos-vlan-map-id" | arg) ), "inner-vlan-id" ( /* VLAN ID to rewrite for inner tag */ ("$junos-inner-vlan-map-id" | arg) ) ) end rule(:vpls_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "instance-shared" /* Filter is routing-instance shared */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "vlan-ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "vlan-ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), "destination-mac-address" ( /* Destination MAC address */ firewall_mac_addr_object /* Destination MAC address */ ), "source-mac-address" ( /* Source MAC address */ firewall_mac_addr_object /* Source MAC address */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), c( "learn-vlan-dei" arg, "learn-vlan-dei-except" arg ), c( "traffic-type" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ), "traffic-type-except" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ) ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "ip-address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags */, c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), "ipv6-destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "ipv6-source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "ipv6-address" ( /* Match IPv6 address */ firewall_addr6_object /* Match IPv6 address */ ), c( "ipv6-next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "ipv6-traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ipv6-source-prefix-list" ( /* Match IPV6 source prefixes in named list */ firewall_prefix_list /* Match IPV6 source prefixes in named list */ ), "ipv6-destination-prefix-list" ( /* Match IPV6 destination prefixes in named list */ firewall_prefix_list /* Match IPV6 destination prefixes in named list */ ), "ipv6-prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ), "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "next-hop-group" arg /* Use specified next-hop group */, "sample" /* Sample the packet */, "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */ ) ) ) ) ) ) end rule(:vrrp_group) do arg.as(:arg) ( c( c( "virtual-address" ( /* One or more virtual IPv4 addresses */ ipv4addr /* One or more virtual IPv4 addresses */ ), "virtual-inet6-address" ( /* One or more virtual inet6 addresses */ ipv6addr /* One or more virtual inet6 addresses */ ) ), "virtual-link-local-address" ( /* Virtual link-local addresses */ ipv6addr /* Virtual link-local addresses */ ), "priority" arg /* Virtual router election priority */, "preferred" /* Preferred group on subnet */, c( "advertise-interval" arg /* Advertisement interval */, "fast-interval" arg /* Fast advertisement interval */, "inet6-advertise-interval" arg /* Inet6 advertisement interval */ ), c( "preempt" ( /* Allow preemption */ c( "hold-time" arg /* Preemption hold time */ ) ), "no-preempt" /* Don't allow preemption */ ), c( "accept-data" /* Accept packets destined for virtual IP address */, "no-accept-data" /* Don't accept packets destined for virtual IP address */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "authentication-key" ( /* Authentication key */ unreadable /* Authentication key */ ), "track" ( /* Interfaces to track for VRRP group */ c( "priority-hold-time" arg /* Priority hold time */, "interface" arg ( /* Interface to track in VRRP group */ c( "bandwidth-threshold" arg ( /* Track bandwidth of interface */ sc( "priority-cost" arg /* Value subtracted from priority when bandwidth is below threshold */ ) ).as(:oneline), "priority-cost" arg /* Value to subtract from priority when interface is down */ ) ), "route" ( /* Route to track in VRRP group */ s( arg, "routing-instance" arg /* Routing instance to which route belongs, or 'default' */, c( "priority-cost" arg /* Value to subtract from priority when route is down */ ) ) ).as(:oneline) ) ), "vrrp-inherit-from" ( /* VRRP group to follow for this VRRP group */ c( "active-interface" ( /* Interface name of VRRP active group */ interface_unit /* Interface name of VRRP active group */ ), "active-group" arg /* Identifier for VRRP active group */ ) ), "advertisements-threshold" arg /* Number of vrrp advertisements missed before declaring master down */ ) ) end rule(:write_option_82_type) do end rule(:juniper_ethernet_options) do c( "traceoptions" ( /* Global tracing options for access security */ c( "file" ( /* Trace file options */ esp_trace_file_type /* Trace file options */ ), "flag" ("parse" | "regex-parse" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "krt" | "vlan" | "forwarding-database" | "nexthop" | "interface" | "lib" | "stp" | "filter" | "access-security" | "rtg" | "ip-source-guard" | "analyzer" | "layer2-protocol-tunneling" | "unknown-unicast-forwarding" | "all") ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "voip" ( /* Voice-over-IP configuration */ c( "interface" ("name" | "access-ports") ( /* Enable voice over IP on this port */ c( "vlan" arg /* VLAN for voice over IP */, "forwarding-class" arg /* Forwarding class */ ) ) ) ), "unknown-unicast-forwarding" ( /* Set interface for forwarding of unknown unicast packets */ c( "vlan" arg ( /* VLAN for the unknown unicast packets */ c( "interface" ( /* Interface to send unknown unicast packets for the VLAN */ interface_name /* Interface to send unknown unicast packets for the VLAN */ ) ) ) ) ), "dot1q-tunneling" ( /* Dot1q tunneling global options */ c( "ether-type" ( /* Dot1q Ether-type value */ ("0x8100" | "0x9100" | "0x88a8") ) ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "interfaces" ( /* Ethernet switching family interface names */ c( "esw-interface" ( /* Interface name */ esw_interface_type /* Interface name */ ) ) ), "mac-table-aging-time" ( /* MAC aging time configuration */ mac_aging_time_config /* MAC aging time configuration */ ), "nonstop-bridging" /* Enable Non stop operation */, "static" ( /* Static forwarding entries */ c( "vlan" arg ( /* VLAN static MAC entries */ c( "mac" arg ( /* Static MAC */ sc( "next-hop" ( /* Logical next-hop interface */ interface_name /* Logical next-hop interface */ ) ) ).as(:oneline) ) ) ) ), "secure-access-port" ( /* Access port security options */ c( "interface" arg ( /* Configure access port security for this interface */ c( "mac-limit" ( /* Number of MAC addresses allowed on this interface */ sc( "limit" arg /* Number of MAC addresses allowed on this interface */, "action" ( /* Action to take if limit is exceeded */ ("none" | "drop" | "log" | "shutdown") ) ) ).as(:oneline), "static-ip" ( /* Static IP address configuration */ juniper_ip_mac_static /* Static IP address configuration */ ), "allowed-mac" ( /* Allowed MAC address on this interface */ mac_addr /* Allowed MAC address on this interface */ ), "no-allowed-mac-log" /* Do not log violation of allowed MAC on this interface */, "dhcp-trusted" /* Make this interface trusted for DHCP */, "no-dhcp-trusted" /* Don't make this interface trusted for DHCP */, "fcoe-trusted" /* Make this interface trusted for FCoE */, "no-fcoe-trusted" /* Don't make this interface trusted for FCoE */, "persistent-learning" /* Enable persistent MAC learning on this interface */ ) ), "vlan" ("all" | "vlan-name") ( /* Configure access port security for this VLAN */ c( c( "arp-inspection" ( /* Enable Dynamic ARP inspection on this VLAN */ sc( "forwarding-class" arg /* Forwarding class assigned to re-injected ARP packets */ ) ).as(:oneline), "no-arp-inspection" /* Disable Dynamic ARP inspection on this VLAN */ ), c( "examine-dhcp" ( /* Enable DHCP snooping on this VLAN */ sc( "forwarding-class" arg /* Forwarding class assigned to re-injected DHCP packets */ ) ).as(:oneline), "no-examine-dhcp" /* Disable DHCP snooping on this VLAN */ ), "examine-fip" /* Enable FIP snooping on this VLAN */, "mac-move-limit" ( /* Number of MAC movements allowed on this VLAN */ sc( "limit" arg /* Number of MAC movements allowed on this VLAN */, "action" ( /* Action to be taken in case the MAC movement limit is exceeded */ ("none" | "drop" | "log" | "shutdown") ) ) ).as(:oneline), "ip-source-guard" /* Enable IP source guard on this VLAN */, "no-ip-source-guard" /* Don't enable IP source guard on this VLAN */, "dhcp-option82" ( /* Configure DHCP option 82 on this VLAN */ dhcp_option82_type /* Configure DHCP option 82 on this VLAN */ ) ) ), "dhcp-snooping-file" ( /* Configure DHCP snooping persistence file, write-interval and timeout */ c( "location" ( /* Location of DHCP snooping entries file */ filename /* Location of DHCP snooping entries file */ ), "write-interval" arg /* Time interval for writing DHCP snooping entries */, "timeout" arg /* Timeout for remote read and write operations */ ) ) ) ), "authentication-whitelist" arg ( /* MAC authentication-whitelist configuration needed to bypass Authentication */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ), "analyzer" ( /* Analyzer options */ analyzer_type /* Analyzer options */ ), "port-error-disable" ( /* Port error disable options */ c( "disable-timeout" arg /* Timeout for which the port is disabled */ ) ), "bpdu-block" ( /* Block BPDU on interface (BPDU Protect) */ c( "interface" ("all" | "name") /* Interface name to block BPDU on */, "disable-timeout" arg /* Disable timeout for BPDU Protect */ ) ), "redundant-trunk-group" ( /* Redundant trunk group */ c( "group" arg ( /* Name of Redundant trunk group */ c( "preempt-cutover-timer" arg /* Hold timer for primary interface before preempting secondary interface */, "description" arg /* Text description of the RTG */, "interface" arg ( /* Interfaces that are part of this redundant trunk group */ c( "primary" /* Set Primary Redundant Trunk Group interface */ ) ) ) ) ) ), "storm-control" ( /* Storm control configuration */ c( "action-shutdown" /* Port is disabled for excessive storm control errors */, "interface" ("all" | "name") ( /* Configure storm control for this interface */ c( "bandwidth" arg /* Link bandwidth */, "no-broadcast" /* Disable broadcast storm control */, "no-unknown-unicast" /* Disable unknown unicast storm control */, "level" arg, c( "multicast" /* Enable multicast storm control */, "no-multicast" /* Don't enable multicast storm control */, "no-registered-multicast" /* Disable registered multicast storm control */, "no-unregistered-multicast" /* Disable unregistered multicast storm control */ ) ) ) ) ) ) end rule(:analyzer_type) do arg.as(:arg) ( c( "ratio" arg /* Packet ratio */, "loss-priority" ( /* Loss priority of mirrored packets */ ("low" | "high") ), "input" ( /* Ports and VLANs to monitor */ analyzer_input_type /* Ports and VLANs to monitor */ ), "output" ( /* Outgoing port or VLAN for mirrored packets */ analyzer_output_type /* Outgoing port or VLAN for mirrored packets */ ) ) ) end rule(:analyzer_input_type) do c( "ingress" ( /* Ports and VLANs to monitor incoming traffic */ analyzer_ingress_type /* Ports and VLANs to monitor incoming traffic */ ), "egress" ( /* Ports and VLANs to monitor outgoing traffic */ analyzer_egress_type /* Ports and VLANs to monitor outgoing traffic */ ) ) end rule(:analyzer_egress_type) do c( "interface" ( /* Port to monitor outgoing traffic */ analyzer_egress_interface_type /* Port to monitor outgoing traffic */ ), "vlan" ( /* VLAN to monitor outgoing traffic */ analyzer_vlan_type /* VLAN to monitor outgoing traffic */ ) ) end rule(:analyzer_ingress_type) do c( "interface" ( /* Port to monitor incoming traffic */ analyzer_ingress_interface_type /* Port to monitor incoming traffic */ ), "vlan" ( /* VLAN to monitor incoming traffic */ analyzer_vlan_type /* VLAN to monitor incoming traffic */ ) ) end rule(:analyzer_output_type) do c( "interface" arg /* Outgoing port for mirrored packets */, "vlan" arg ( /* Outgoing VLAN for mirrored packets */ c( "no-tag" /* Removes extra RSAPN tag from mirrored packets */ ) ) ) end rule(:analyzer_vlan_type) do arg.as(:arg) end rule(:esw_interface_type) do arg.as(:arg) ( c( "no-mac-learning" /* Disable mac learning for this interface */ ) ) end rule(:mac_aging_time_config) do c( c( "time" arg /* Time in seconds */, "unlimited" /* Disable MAC-aging */ ) ) end rule(:juniper_ip_mac_static) do arg.as(:arg) ( c( "vlan" arg /* VLAN name or VLAN Tag (1..4095) */, "mac" ( /* MAC address */ mac_addr /* MAC address */ ) ) ).as(:oneline) end rule(:esp_trace_file_type) do c( "filename" arg /* Name of file in which to write trace information */, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ).as(:oneline) end # Ported from vSRX 18.3R1.9 rule(:alg_object) do c( "traceoptions" ( /* ALG trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Set level of tracing output */ ("brief" | "detail" | "extensive" | "verbose") ) ) ), "alg-manager" ( /* Configure ALG-MANAGER */ sc( "traceoptions" ( /* ALG-MANAGER trace options */ c( "flag" enum(("all")) ( /* ALG-MANAGER trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "alg-support-lib" ( /* Configure ALG-SUPPORT-LIB */ sc( "traceoptions" ( /* ALG-SUPPORT-LIB trace options */ c( "flag" enum(("all")) ( /* ALG-SUPPORT-LIB trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "dns" ( /* Configure DNS ALG */ c( "disable" /* Disable DNS ALG */, "maximum-message-length" arg /* Set maximum message length */, "oversize-message-drop" /* Drop oversized DNS packets */, "doctoring" ( /* Configure DNS ALG doctoring */ c( c( "none" /* Disable all DNS ALG Doctoring */, "sanity-check" /* Perform only DNS ALG sanity checks */ ) ) ), "traceoptions" ( /* DNS ALG trace options */ c( "flag" enum(("all")) ( /* DNS ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "ftp" ( /* Configure FTP ALG */ sc( "disable" /* Disable FTP ALG */, "ftps-extension" /* Enable secure FTP and FTP-ssl protocols */, "line-break-extension" /* Enable CR+LF line termination */, "allow-mismatch-ip-address" /* Pass FTP packets with mismatched ip address headers and payload */, "traceoptions" ( /* FTP ALG trace options */ c( "flag" enum(("all")) ( /* FTP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "h323" ( /* Configure H.323 ALG */ c( "disable" /* Disable H.323 ALG */, "endpoint-registration-timeout" arg /* Timeout for endpoints */, "media-source-port-any" /* Permit media from any source port on the endpoint */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "message-flood" ( /* Configure Message flood ALG options */ c( "gatekeeper" ( /* Set options for gatekeeper messages */ sc( "threshold" arg /* Message flood gatekeeper threshold */ ) ).as(:oneline) ) ) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* H.323 ALG trace options */ c( "flag" enum(("q931" | "h245" | "ras" | "h225-asn1" | "h245-asn1" | "ras-asn1" | "chassis-cluster" | "all")) ( /* H.323 ALG trace flags */ sc( c( "terse" /* Set trace verbosity level to terse */, "detail" /* Set trace verbosity level to detail */, "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "mgcp" ( /* Configure MGCP ALG */ c( "disable" /* Disable MGCP ALG */, "inactive-media-timeout" arg /* Set inactive media timeout */, "transaction-timeout" arg /* Set transaction timeout */, "maximum-call-duration" arg /* Set maximum call duration */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "message-flood" ( /* Set message flood ALG options */ sc( "threshold" arg /* Message flood threshold */ ) ).as(:oneline), "connection-flood" ( /* Set connection flood options */ sc( "threshold" arg /* Connection flood threshold */ ) ).as(:oneline) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* MGCP ALG trace options */ c( "flag" enum(("call" | "decode" | "error" | "chassis-cluster" | "nat" | "packet" | "rm" | "all")) ( /* MGCP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "msrpc" ( /* Configure MSRPC ALG */ sc( "disable" /* Disable MSRPC ALG */, "group-max-usage" arg /* Set maximum group usage percentage, default 80 */, "map-entry-timeout" arg /* Set entry timeout, default 8hour */, "traceoptions" ( /* MSRPC ALG trace options */ c( "flag" enum(("all")) ( /* MSRPC ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "sunrpc" ( /* Configure SUNRPC ALG */ sc( "disable" /* Disable SUNRPC ALG */, "group-max-usage" arg /* Set maximum group usage percentage, default 80 */, "map-entry-timeout" arg /* Set entry timeout, default 8hour */, "traceoptions" ( /* SUNRPC ALG trace options */ c( "flag" enum(("all")) ( /* SUNRPC ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "rsh" ( /* Configure RSH ALG */ c( "disable" /* Disable RSH ALG */, "traceoptions" ( /* RSH ALG trace options */ c( "flag" enum(("all")) ( /* RSH ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "rtsp" ( /* Configure RTSP ALG */ sc( "disable" /* Disable RTSP ALG */, "traceoptions" ( /* RTSP ALG trace options */ c( "flag" enum(("all")) ( /* RTSP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "sccp" ( /* Configure SCCP ALG */ c( "disable" /* Disable SCCP ALG */, "inactive-media-timeout" arg /* Set inactive media timeout */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "call-flood" ( /* Configure call flood thresholds */ sc( "threshold" arg /* Calls per second per client */ ) ).as(:oneline) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* SCCP ALG trace options */ c( "flag" enum(("call" | "cli" | "decode" | "error" | "chassis-cluster" | "init" | "nat" | "rm" | "all")) ( /* SCCP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "sip" ( /* Configure SIP ALG */ c( "disable" /* Disable SIP ALG */, "inactive-media-timeout" arg /* Set inactive media timeout */, "maximum-call-duration" arg /* Set maximum call duration */, "t1-interval" arg /* Set T1 interval */, "t4-interval" arg /* Set T4 interval */, "c-timeout" arg /* Set C timeout */, "disable-call-id-hiding" /* Disable translation of host IP in Call-ID header */, "retain-hold-resource" /* Retain SDP resources during call hold */, "hide-via-headers" ( /* Hide via headers options */ c( "disable" /* Disable hide via headers function */ ) ), "distribution-ip" /* Configure SIP distribute server IPV6 or IPV4 ip */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "protect" ( /* Configure Protect options */ c( "deny" ( /* Protect deny options */ c( c( "destination-ip" arg /* List of protected destination server IP */, "all" /* Enable attack protection for all servers */ ), "timeout" arg /* Timeout value for SIP INVITE attack table entry */ ) ) ) ) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* SIP ALG trace options */ c( "flag" enum(("call" | "chassis-cluster" | "nat" | "parser" | "rm" | "all")) ( /* SIP ALG trace flags */ sc( c( "terse" /* Set trace verbosity level to terse */, "detail" /* Set trace verbosity level to detail */, "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "sql" ( /* Configure SQL ALG */ sc( "disable" /* Disable SQL ALG */, "traceoptions" ( /* SQL ALG trace options */ c( "flag" enum(("all")) ( /* SQL ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "talk" ( /* Configure Talk ALG */ sc( "disable" /* Disable Talk ALG */, "traceoptions" ( /* TALK ALG trace options */ c( "flag" enum(("all")) ( /* TALK ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "tftp" ( /* Configure TFTP ALG */ sc( "disable" /* Disable TFTP ALG */, "traceoptions" ( /* TFTP ALG trace options */ c( "flag" enum(("all")) ( /* TFTP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "pptp" ( /* Configure PPTP ALG */ sc( "disable" /* Disable PPTP ALG */, "traceoptions" ( /* PPTP ALG trace options */ c( "flag" enum(("all")) ( /* PPTP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "ike-esp-nat" ( /* Configure IKE-ESP ALG with NAT */ c( "enable" /* Enable IKE-ESP ALG */, "esp-gate-timeout" arg /* Set ESP gate timeout */, "esp-session-timeout" arg /* Set ESP session timeout */, "state-timeout" arg /* Set ALG state timeout */, "traceoptions" ( /* IKE-ESP ALG trace options */ c( "flag" enum(("all")) ( /* IKE-ESP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "twamp" ( /* Configure TWAMP ALG */ c( "traceoptions" ( /* TWAMP ALG trace options */ c( "flag" enum(("all")) ( /* TWAMP ALG trace flags */ sc( c( "extensive" /* Trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ) ) end rule(:anti_spam_feature) do c( "sbl" ( /* SBL settings */ sbl_type /* SBL settings */ ) ) end rule(:anti_virus_feature) do c( "sophos-engine" ( /* Anti-virus sophos-engine */ c( "profile" arg ( /* Anti-virus sophos-engine profile */ c( "fallback-options" ( /* Anti-virus sophos-engine fallback options */ sophos_fallback_settings /* Anti-virus sophos-engine fallback options */ ), "scan-options" ( /* Anti-virus sophos-engine scan options */ sophos_scan_options /* Anti-virus sophos-engine scan options */ ), "trickling" ( /* Anti-virus trickling */ anti_virus_trickling /* Anti-virus trickling */ ), "notification-options" ( /* Anti-virus notification options */ anti_virus_notification_options /* Anti-virus notification options */ ), "mime-whitelist" ( /* Anti-virus MIME whitelist */ c( "list" arg /* MIME list */, "exception" arg /* Exception settings for MIME white list */ ) ), "url-whitelist" arg /* Anti-virus URL white list */ ) ) ) ) ) end rule(:anti_virus_notification_options) do c( "virus-detection" ( /* Virus detection notification */ c( "type" ( /* Virus detection notification type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notify mail sender */, "no-notify-mail-sender" /* Don't notify mail sender */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ), "fallback-block" ( /* Fallback block notification */ c( "type" ( /* Fallback block notification type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notify mail sender */, "no-notify-mail-sender" /* Don't notify mail sender */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ), "fallback-non-block" ( /* Fallback non block notification */ c( "notify-mail-recipient" /* Notify mail recipient */, "no-notify-mail-recipient" /* Don't notify mail recipient */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ) ) end rule(:anti_virus_trickling) do c( "timeout" arg /* Trickling timeout */ ).as(:oneline) end rule(:apbr_rule_type) do arg.as(:arg) ( c( "match" ( /* Specify security rule match-criteria */ c( "dynamic-application" ( (arg | "junos:UNKNOWN") ), "dynamic-application-group" ( (arg | "junos:unassigned") ), "category" ( (arg | arg) ) ) ), "then" ( /* Specify rule action to take when packet match criteria */ c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline), "sla-rule" ( /* SLA Rule */ c( arg /* SLA rule name */ ) ) ) ) ) ) end rule(:appfw_rule_type) do arg.as(:arg) ( c( "match" ( /* Specify security rule match-criteria */ c( "dynamic-application" ( (arg | "junos:UNKNOWN") ), "dynamic-application-group" ( (arg | "junos:unassigned") ), "ssl-encryption" ( /* Select SSL encryption rules */ ("any" | "yes" | "no") ) ) ), "then" ( /* Specify rule action to take when packet match criteria */ c( c( "permit" /* Permit packets */, "deny" ( /* Deny packets */ c( "block-message" /* Redirect sessions */ ) ), "reject" ( /* Reject packets */ c( "block-message" /* Redirect sessions */ ) ) ) ) ) ) ) end rule(:appqoe_probe_params) do c( "data-fill" ( /* Probe Data Payload content */ c( arg ) ), "data-size" ( /* Probe data size */ c( arg ) ), "probe-interval" ( /* Time interval between 2 consecutive probes */ c( arg ) ), "probe-count" ( /* Minimum number of samples to be collected to evaluate SLA measurement */ c( arg ) ), "burst-size" ( /* Number of probes out of probe count to be sent as a burst */ c( arg ) ), "sla-export-interval" ( /* Enabled time based SLA exporting */ c( arg ) ), "dscp-code-points" ( /* Mapping of code point aliases to bit strings */ c( arg /* DSCP */ ) ) ) end rule(:appqoe_probe_path) do c( "local" ( /* Local node's info */ appqoe_node /* Local node's info */ ), "remote" ( /* Remote node's info */ appqoe_node /* Remote node's info */ ) ) end rule(:appqoe_node) do c( "ip-address" ( /* Set IP address */ c( ipv4addr /* IP address */ ) ) ) end rule(:appqoe_sla_metric_profile) do c( "delay-round-trip" ( /* Maximum acceptable delay */ c( arg ) ), "jitter" ( /* Maximum acceptable jitter */ c( arg ) ), "jitter-type" ( /* Type of Jitter */ c( c( "two-way-jitter" /* Two-way-jitter-type */, "egress-jitter" /* Egress-jitter-type */, "ingress-jitter" /* Ingress-jitter-type */ ) ) ), "packet-loss" ( /* Maximum acceptable packet-loss */ c( arg ) ), "match" ( /* Type of SLA match */ c( c( "any-one" /* Match any one strings */, "all" /* Match all metrics */ ) ) ) ) end rule(:authentication_source_type) do ("local-authentication-table" | "unified-access-control" | "firewall-authentication" | "active-directory-authentication-table" | "aruba-clearpass").as(:arg) ( c( c( "priority" arg /* Larger number means lower priority, 0 for disable */ ) ) ) end rule(:category_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of category-list object */ ) ) end rule(:command_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of command-list object */ ) ) end rule(:content_filtering_feature) do c( "profile" arg ( /* Content filtering profile */ c( "permit-command" arg /* Permit command list */, "block-command" arg /* Block command list */, "block-extension" arg /* Block extension list */, "block-mime" ( /* Content-filtering feature block MIME */ c( "list" arg /* Block MIME list */, "exception" arg /* Exception of block MIME list */ ) ), "block-content-type" ( /* Content-filtering feature block content type */ c( "activex" /* Block activex */, "java-applet" /* Block Java-applet */, "exe" /* Block Windows/dos exe file */, "zip" /* Block zip file */, "http-cookie" /* Block HTTP cookie */ ) ), "notification-options" ( /* Notification options */ c( "type" ( /* Notification options type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notifiy mail sender */, "no-notify-mail-sender" /* Don't notifiy mail sender */, "custom-message" arg /* Custom notification message */ ) ) ) ) ) end rule(:custom_message_type) do arg.as(:arg) ( c( "type" ( /* Type of custom message */ ("redirect-url" | "user-message") ), "content" arg /* Content of custom message */ ) ) end rule(:default_anti_spam_feature) do c( "type" ( /* Anti-spam type */ ("sbl" | "anti-spam-none") ), "address-whitelist" arg /* Anti-spam whitelist */, "address-blacklist" arg /* Anti-spam blacklist */, "traceoptions" ( /* Trace options for anti-spam feature */ anti_spam_traceoptions /* Trace options for anti-spam feature */ ), "sbl" ( /* SBL settings */ default_sbl_type /* SBL settings */ ) ) end rule(:anti_spam_traceoptions) do c( "flag" enum(("manager" | "sbl" | "all")) /* Trace options for anti-spam feature flag */.as(:oneline) ) end rule(:default_anti_virus_feature) do c( "mime-whitelist" ( /* Anti-virus MIME whitelist */ c( "list" arg /* MIME list */, "exception" arg /* Exception settings for MIME white list */ ) ), "url-whitelist" arg /* Anti-virus URL white list */, "type" ( /* Anti-virus engine type */ ("sophos-engine" | "anti-virus-none") ), "traceoptions" ( /* Trace options for anti-virus feature */ anti_virus_traceoptions /* Trace options for anti-virus feature */ ), "sophos-engine" ( /* Anti-virus sophos-engine */ c( "server" ( /* SAV and Anti-Spam first hop DNS server */ c( ipaddr /* SAV and Anti-Spam first hop DNS server ip */, "routing-instance" arg /* Routing instance name */ ) ), "sxl-timeout" arg /* Sxl sophos anti-virus engine timeout */, "sxl-retry" arg /* Sxl sophos anti-virus engine query retry (number of times) */, "pattern-update" ( /* Anti-virus sophos-engine pattern update */ anti_virus_pattern_update /* Anti-virus sophos-engine pattern update */ ), "fallback-options" ( /* Anti-virus sophos-engine fallback options */ sophos_fallback_settings /* Anti-virus sophos-engine fallback options */ ), "scan-options" ( /* Anti-virus sophos-engine scan options */ default_sophos_scan_options /* Anti-virus sophos-engine scan options */ ), "trickling" ( /* Anti-virus trickling */ anti_virus_trickling /* Anti-virus trickling */ ), "notification-options" ( /* Anti-virus notification options */ anti_virus_notification_options /* Anti-virus notification options */ ) ) ) ) end rule(:anti_virus_pattern_update) do c( "email-notify" ( /* Virus pattern file updated notification */ c( "admin-email" arg /* Admin emails to be notified about pattern file update */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ), "url" arg /* Server URL */, "proxy-profile" arg /* Proxy profile */, "routing-instance" arg /* Routing instance name */, "interval" arg /* Interval to check the update */, "no-autoupdate" /* Don't automatically update anti-virus pattern */ ) end rule(:anti_virus_traceoptions) do c( "flag" enum(("basic" | "detail" | "engine" | "pattern" | "updater" | "manager" | "worker" | "sendmail" | "ipc" | "event" | "statistics" | "all")) /* Trace options for anti-virus feature flag */.as(:oneline) ) end rule(:default_content_filtering_feature) do c( "type" ( /* Content-filtering type */ ("local" | "content-filtering-none") ), "traceoptions" ( /* Trace options for content-filtering feature */ content_filtering_traceoptions /* Trace options for content-filtering feature */ ), "permit-command" arg /* Permit command list */, "block-command" arg /* Block command list */, "block-extension" arg /* Block extension list */, "block-mime" ( /* Content-filtering feature block MIME */ c( "list" arg /* Block MIME list */, "exception" arg /* Exception of block MIME list */ ) ), "block-content-type" ( /* Content-filtering feature block content type */ c( "activex" /* Block activex */, "java-applet" /* Block Java-applet */, "exe" /* Block Windows/dos exe file */, "zip" /* Block zip file */, "http-cookie" /* Block HTTP cookie */ ) ), "notification-options" ( /* Notification options */ c( "type" ( /* Notification options type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notifiy mail sender */, "no-notify-mail-sender" /* Don't notifiy mail sender */, "custom-message" arg /* Custom notification message */ ) ) ) end rule(:content_filtering_traceoptions) do c( "flag" enum(("basic" | "detail" | "all")) /* Trace options for content-filtering feature flag */.as(:oneline) ) end rule(:default_sbl_type) do c( "sbl-default-server" /* Default SBL server */, "no-sbl-default-server" /* Don't default SBL server */, "spam-action" ( /* Anti-spam actions */ ("block" | "tag-header" | "tag-subject") ), "custom-tag-string" arg /* Custom tag string */ ) end rule(:default_sophos_scan_options) do c( "uri-check" /* Anti-virus uri-check */, "no-uri-check" /* Don't anti-virus uri-check */, "content-size-limit" arg /* Content size limit */, "timeout" arg /* Scan engine timeout */ ) end rule(:default_webfilter_feature) do c( "url-whitelist" arg /* Configure custom URL for whitelist category */, "url-blacklist" arg /* Configure custom URL for blacklist category */, "http-reassemble" /* Reassemble HTTP request segments */, "http-persist" /* Check all HTTP request in a connection */, "type" ( /* Configure web-filtering engine type */ ("websense-redirect" | "juniper-local" | "juniper-enhanced" | "web-filtering-none") ), "traceoptions" ( /* Trace options for web-filtering feature */ web_filtering_traceoptions /* Trace options for web-filtering feature */ ), "websense-redirect" ( /* Configure web-filtering websense redirect engine */ default_websense_type /* Configure web-filtering websense redirect engine */ ), "juniper-local" ( /* Configure web-filtering juniper local engine */ default_juniper_local_type /* Configure web-filtering juniper local engine */ ), "juniper-enhanced" ( /* Configure web-filtering juniper enhanced engine */ default_juniper_enhanced_type /* Configure web-filtering juniper enhanced engine */ ) ) end rule(:default_juniper_enhanced_type) do c( "cache" ( c( "timeout" arg /* Juniper enhanced cache timeout */, "size" arg /* Juniper enhanced cache size */ ) ), "server" ( /* Juniper enhanced server */ juniper_enhanced_server /* Juniper enhanced server */ ), "reputation" ( /* Customize reputation level */ c( "reputation-very-safe" arg /* Base-reputation-value */, "reputation-moderately-safe" arg /* Base-reputation-value */, "reputation-fairly-safe" arg /* Base-reputation-value */, "reputation-suspicious" arg /* Base-reputation-value */ ) ), "base-filter" arg /* Juniper base filter */, "category" ( /* Juniper enhanced category */ juniper_enhanced_category_type /* Juniper enhanced category */ ), "site-reputation-action" ( /* Juniper enhanced site reputation action */ juniper_enhanced_site_reputation_setting /* Juniper enhanced site reputation action */ ), "default" ( /* Juniper enhanced profile default */ ("permit" | "block" | "log-and-permit" | "quarantine") ), "custom-block-message" arg /* Juniper enhanced custom block message sent to HTTP client */, "quarantine-custom-message" arg /* Juniper enhanced quarantine custom message */, "fallback-settings" ( /* Juniper enhanced fallback settings */ web_filtering_fallback_setting /* Juniper enhanced fallback settings */ ), "timeout" arg /* Juniper enhanced timeout */, "no-safe-search" /* Do not perform safe-search for Juniper enhanced protocol */, "block-message" ( /* Juniper enhanced block message settings */ web_filtering_block_message /* Juniper enhanced block message settings */ ), "quarantine-message" ( /* Juniper enhanced quarantine message settings */ web_filtering_quarantine_message /* Juniper enhanced quarantine message settings */ ) ) end rule(:default_juniper_local_type) do c( "default" ( /* Juniper local profile default */ ("permit" | "block" | "log-and-permit") ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Juniper local custom block message */, "quarantine-custom-message" arg /* Juniper local quarantine custom message */, "block-message" ( /* Juniper local block message settings */ web_filtering_block_message /* Juniper local block message settings */ ), "quarantine-message" ( /* Juniper local quarantine message settings */ web_filtering_quarantine_message /* Juniper local quarantine message settings */ ), "fallback-settings" ( /* Juniper local fallback settings */ web_filtering_fallback_setting /* Juniper local fallback settings */ ), "timeout" arg /* Juniper local timeout */ ) end rule(:custom_category_type) do arg.as(:arg) ( c( "action" ( /* Action to perform when web traffic matches category */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "custom-message" arg /* Custom message */ ) ) end rule(:default_websense_type) do c( "server" ( /* Websense redirect server */ server /* Websense redirect server */ ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Websense redirect custom block message */, "quarantine-custom-message" arg /* Websense redirect quarantine custom message */, "block-message" ( /* Websense redirect block message settings */ web_filtering_block_message /* Websense redirect block message settings */ ), "quarantine-message" ( /* Websense redirect quarantine message settings */ web_filtering_quarantine_message /* Websense redirect quarantine message settings */ ), "fallback-settings" ( /* Websense redirect fallback settings */ web_filtering_fallback_setting /* Websense redirect fallback settings */ ), "timeout" arg /* Websense redirect timeout */, "sockets" arg /* Websense redirect sockets number */, "account" arg /* Websense redirect account */ ) end rule(:e2e_action_profile) do arg.as(:arg) ( c( "preserve-trace-order" /* Preserve trace order (has performance overhead) */, "record-pic-history" /* Record the PIC(s) in which the packet has been processed */, "event" ( e2e_event ), "module" ( e2e_module ) ) ) end rule(:e2e_event) do ("np-ingress" | "np-egress" | "mac-ingress" | "mac-egress" | "lbt" | "pot" | "jexec" | "lt-enter" | "lt-leave").as(:arg) ( c( "trace" /* Trace action */, "count" /* Count action */, "packet-summary" /* Packet summary action */, "packet-dump" /* Packet dump action */ ) ) end rule(:e2e_module) do ("flow").as(:arg) ( c( "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline) ) ) end rule(:end_to_end_debug_filter) do arg.as(:arg) ( c( "action-profile" ( /* Actions to take with this filter */ ("default" | arg) ), "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-prefix" ( /* Source IPv4/IPv6 address prefix */ ipprefix /* Source IPv4/IPv6 address prefix */ ), "destination-prefix" ( /* Destination IPv4/IPv6 address prefix */ ipprefix /* Destination IPv4/IPv6 address prefix */ ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "interface" ( /* Logical interface */ interface_name /* Logical interface */ ) ) ) end rule(:extension_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of extension-list object */ ) ) end rule(:flow_filter_type) do arg.as(:arg) ( c( "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-prefix" ( /* Source IP address prefix */ ipprefix /* Source IP address prefix */ ), "destination-prefix" ( /* Destination IP address prefix */ ipprefix /* Destination IP address prefix */ ), "conn-tag" arg /* Session connection tag */, "logical-system" arg /* Logical system */, "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "interface" ( /* Source logical interface */ interface_name /* Source logical interface */ ) ) ) end rule(:host_object) do c( ipaddr /* IP address */, "port" arg /* Host port number */, "routing-instance" arg /* Routing-instance name */ ) end rule(:ids_option_type) do arg.as(:arg) ( c( "description" arg /* Text description of screen */, "alarm-without-drop" /* Do not drop packet, only generate alarm */, "match-direction" ( /* Match direction */ ("input" | "output" | "input-output") ), "icmp" ( /* Configure ICMP ids options */ c( "ip-sweep" ( /* Configure ip sweep ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "fragment" /* Enable ICMP fragment ids option */, "large" /* Enable large ICMP packet (size > 1024) ids option */, "flood" ( /* Configure icmp flood ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "ping-death" /* Enable ping of death ids option */, "icmpv6-malformed" /* Enable icmpv6 malformed ids option */ ) ), "ip" ( /* Configure IP layer ids options */ c( "bad-option" /* Enable ip with bad option ids option */, "record-route-option" /* Enable ip with record route option ids option */, "timestamp-option" /* Enable ip with timestamp option ids option */, "security-option" /* Enable ip with security option ids option */, "stream-option" /* Enable ip with stream option ids option */, "spoofing" /* Enable IP address spoofing ids option */, "source-route-option" /* Enable ip source route ids option */, "loose-source-route-option" /* Enable ip with loose source route ids option */, "strict-source-route-option" /* Enable ip with strict source route ids option */, "unknown-protocol" /* Enable ip unknown protocol ids option */, "block-frag" /* Enable ip fragment blocking ids option */, "tear-drop" /* Enable tear drop ids option */, "ipv6-extension-header" ( /* Configure ipv6 extension header ids option */ c( "hop-by-hop-header" ( /* Enable ipv6 hop by hop option header ids option */ c( "jumbo-payload-option" /* Enable jumbo payload option ids option */, "router-alert-option" /* Enable router alert option ids option */, "quick-start-option" /* Enable quick start option ids option */, "CALIPSO-option" /* Enable Common Architecture Label ipv6 Security Option ids option */, "SMF-DPD-option" /* Enable Simplified Multicast Forwarding ipv6 Duplicate Packet Detection option ids option */, "RPL-option" /* Enable Routing Protocol for Low-power and Lossy networks option ids option */, "user-defined-option-type" arg ( /* User-defined option type range */ sc( "to" ( /* Upper limit of option type range */ c( arg ) ) ) ).as(:oneline) ) ), "routing-header" /* Enable ipv6 routing header ids option */, "fragment-header" /* Enable ipv6 fragment header ids option */, "ESP-header" /* Enable ipv6 Encapsulating Security Payload header ids option */, "AH-header" /* Enable ipv6 Authentication Header ids option */, "no-next-header" /* Enable ipv6 no next header ids option */, "destination-header" ( /* Enable ipv6 destination option header ids option */ c( "tunnel-encapsulation-limit-option" /* Enable tunnel encapsulation limit option ids option */, "home-address-option" /* Enable home address option ids option */, "ILNP-nonce-option" /* Enable Identifier-Locator Network Protocol Nonce option ids option */, "line-identification-option" /* Enable line identification option ids option */, "user-defined-option-type" arg ( /* User-defined option type range */ sc( "to" ( /* Upper limit of option type range */ c( arg ) ) ) ).as(:oneline) ) ), "shim6-header" /* Enable ipv6 shim header ids option */, "mobility-header" /* Enable ipv6 mobility header ids option */, "HIP-header" /* Enable ipv6 Host Identify Protocol header ids option */, "user-defined-header-type" arg ( /* User-defined header type range */ sc( "to" ( /* Upper limit of header type range */ c( arg ) ) ) ).as(:oneline) ) ), "ipv6-extension-header-limit" arg /* Enable ipv6 extension header limit ids option */, "ipv6-malformed-header" /* Enable ipv6 malformed header ids option */, "tunnel" ( /* Configure IP tunnel ids options */ c( "bad-inner-header" /* Enable IP tunnel bad inner header ids option */, "gre" ( /* Configure IP tunnel GRE ids option */ c( "gre-6in4" /* Enable IP tunnel GRE 6in4 ids option */, "gre-4in6" /* Enable IP tunnel GRE 4in6 ids option */, "gre-6in6" /* Enable IP tunnel GRE 6in6 ids option */, "gre-4in4" /* Enable IP tunnel GRE 4in4 ids option */ ) ), "ip-in-udp" ( /* Configure IP tunnel IPinUDP ids option */ c( "teredo" /* Enable IP tunnel IPinUDP Teredo ids option */ ) ), "ipip" ( /* Configure IP tunnel IPIP ids option */ c( "ipip-6to4relay" /* Enable IP tunnel IPIP 6to4 Relay ids option */, "ipip-6in4" /* Enable IP tunnel IPIP 6in4 ids option */, "ipip-4in6" /* Enable IP tunnel IPIP 4in6 ids option */, "ipip-4in4" /* Enable IP tunnel IPIP 4in4 ids option */, "ipip-6in6" /* Enable IP tunnel IPIP 6in6 ids option */, "ipip-6over4" /* Enable IP tunnel IPIP 6over4 ids option */, "isatap" /* Enable IP tunnel IPIP ISATAP ids option */, "dslite" /* Enable IP tunnel IPIP DS-Lite ids option */ ) ) ) ) ) ), "tcp" ( /* Configure TCP Layer ids options */ c( "syn-fin" /* Enable SYN and FIN bits set attack ids option */, "fin-no-ack" /* Enable Fin bit with no ACK bit ids option */, "tcp-no-flag" /* Enable TCP packet without flag ids option */, "syn-frag" /* Enable SYN fragment ids option */, "port-scan" ( /* Configure TCP port scan ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "syn-ack-ack-proxy" ( /* Configure syn-ack-ack proxy ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "syn-flood" ( /* Configure SYN flood ids option */ c( "alarm-threshold" arg /* Alarm threshold */, "attack-threshold" arg /* Attack threshold */, "source-threshold" arg /* Source threshold */, "destination-threshold" arg /* Destination threshold */, "queue-size" arg /* Queue size */, "timeout" arg /* SYN flood ager timeout */, "white-list" arg ( /* Set of IP addresses that will not trigger a screen */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "destination-address" ( /* Destination address */ ipprefix /* Destination address */ ) ) ) ) ), "land" /* Enable land attack ids option */, "winnuke" /* Enable winnuke attack ids option */, "tcp-sweep" ( /* Configure TCP sweep ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline) ) ), "udp" ( /* Configure UDP layer ids options */ c( "flood" ( /* Configure UDP flood ids option */ c( "threshold" arg /* Threshold */, "white-list" arg /* Configure UDP flood white list group name */ ) ), "udp-sweep" ( /* Configure UDP sweep ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "port-scan" ( /* Configure UDP port scan ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline) ) ), "limit-session" ( /* Limit sessions */ c( "source-ip-based" arg /* Limit sessions from the same source IP */, "destination-ip-based" arg /* Limit sessions to the same destination IP */, "by-source" ( /* Limit sessions from the same source IP or subnet */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */, "by-protocol" ( /* Limit sessions on the basis of protocol */ by_protocol_object_type /* Limit sessions on the basis of protocol */ ) ) ), "by-destination" ( /* Limit sessions to the same destination IP or subnet */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */, "by-protocol" ( /* Limit sessions on the basis of protocol */ by_protocol_object_type /* Limit sessions on the basis of protocol */ ) ) ) ) ) ) ) end rule(:by_protocol_object_type) do c( "tcp" ( /* Configure limit-session on the basis of TCP */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */ ) ), "udp" ( /* Configure limit-session on the basis of UDP */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */ ) ), "icmp" ( /* Configure limit-session on the basis of ICMP */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */ ) ) ) end rule(:ids_wlist_type) do arg.as(:arg) ( c( "address" ( /* Address */ ipprefix /* Address */ ) ) ) end rule(:jsf_application_traffic_control_rule_set_type) do c( "rule-set" arg /* Service rule-set name */ ) end rule(:juniper_enhanced_category_type) do arg.as(:arg) ( c( "action" ( /* Action to perform when web traffic matches category */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "custom-message" arg /* Custom message */ ) ) end rule(:juniper_enhanced_server) do c( "host" arg /* Server host IP address or string host name */, "port" arg /* Server port */, "proxy-profile" arg /* Proxy profile */, "routing-instance" arg /* Routing instance name */ ) end rule(:juniper_enhanced_site_reputation_setting) do c( "very-safe" ( /* Action when site reputation is very safe */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "moderately-safe" ( /* Action when site reputation is moderately safe */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "fairly-safe" ( /* Action when site reputation is fairly safe */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "suspicious" ( /* Action when site reputation is suspicious */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "harmful" ( /* Action when site reputation is harmful */ ("permit" | "log-and-permit" | "block" | "quarantine") ) ) end rule(:logical_system_type) do arg.as(:arg) ( c( "max-sessions" arg /* Max number of IDP sessions */ ) ) end rule(:mime_list_type) do arg.as(:arg) ( c( "value" arg /* Configure MIME value */ ) ) end rule(:mirror_filter_type) do arg.as(:arg) ( c( "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-prefix" ( /* Source IP address prefix */ ipprefix /* Source IP address prefix */ ), "destination-prefix" ( /* Destination IP address prefix */ ipprefix /* Destination IP address prefix */ ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "interface-in" ( /* Incoming Logical interface */ interface_name /* Incoming Logical interface */ ), "interface-out" ( /* Outgoing Logical interface */ interface_name /* Outgoing Logical interface */ ), "output" ( /* Configure output interface and MAC address */ c( "interface" ( /* Outgoing Logical interface */ interface_name /* Outgoing Logical interface */ ), "destination-mac" arg /* MAC address to match */ ) ) ) ) end rule(:named_address_book_type) do ("global" | arg).as(:arg) ( c( "description" arg /* Text description of address book */, "address" ( /* Define a security address */ address_type /* Define a security address */ ), "address-set" ( /* Define a security address set */ address_set_type /* Define a security address set */ ), "attach" ( /* Attach this address book to interface, zone or routing-instance */ c( "zone" arg /* Define a zone to be attached */ ) ) ) ) end rule(:address_set_type) do arg.as(:arg) ( c( "description" arg /* Text description of address set */, "address" arg /* Address to be included in this set */, "address-set" arg /* Define an address-set name */ ) ) end rule(:address_type) do arg.as(:arg) ( c( "description" arg /* Text description of address */, c( ipprefix /* Numeric IPv4 or IPv6 address with prefix */, "dns-name" ( /* DNS address name */ dns_name_type /* DNS address name */ ), "wildcard-address" ( /* Numeric IPv4 wildcard address with in the form of a.d.d.r/netmask */ wildcard_address_type /* Numeric IPv4 wildcard address with in the form of a.d.d.r/netmask */ ), "range-address" ( /* Address range */ range_address_type /* Address range */ ) ) ) ) end rule(:dns_name_type) do arg.as(:arg) ( c( "ipv4-only" /* IPv4 dns address */, "ipv6-only" /* IPv6 dns address */ ) ) end rule(:nat_object) do c( "source" ( /* Configure Source NAT */ ssg_source_nat_object /* Configure Source NAT */ ), "destination" ( /* Configure Destination NAT */ ssg_destination_nat_object /* Configure Destination NAT */ ), "static" ( /* Configure Static NAT */ ssg_static_nat_object /* Configure Static NAT */ ), "proxy-arp" ( /* Configure Proxy ARP */ ssg_proxy_arp_object /* Configure Proxy ARP */ ), "proxy-ndp" ( /* Configure Proxy NDP */ ssg_proxy_ndp_object /* Configure Proxy NDP */ ), "natv6v4" ( /* Configure NAT between IPv6 and IPv4 options */ c( "no-v6-frag-header" /* V6 packet does not always add fragment header when performing nat translation from v4 side to v6 side */ ) ), "allow-overlapping-pools" /* IP addresses of NAT pools can overlap with other pool */, "traceoptions" ( /* NAT trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "routing-socket" | "routing-protocol" | "all" | "source-nat-re" | "source-nat-rt" | "source-nat-pfe" | "destination-nat-re" | "destination-nat-rt" | "destination-nat-pfe" | "static-nat-re" | "static-nat-rt" | "static-nat-pfe" | "nat-svc-set-re")) ( /* Tracing parameters */ sc( "syslog" /* Write NAT flow traces to system log also */ ) ).as(:oneline) ) ), "pool" ( /* Define a NAT pool */ nat_pool_object /* Define a NAT pool */ ), "ipv6-multicast-interfaces" /* Enable IPv6 multicast filter for IPv6 NAT */, "allow-overlapping-nat-pools" /* Allow usage of overlapping and same nat pools in multiple service sets */, "rule" ( /* Define a NAT rule */ nat_rule_object /* Define a NAT rule */ ), "port-forwarding" ( /* Define a port-forwarding pool */ pf_mapping /* Define a port-forwarding pool */ ), "rule-set" /* Defines a set of NAT rules */ ) end rule(:policy_object_type) do c( "traceoptions" ( /* Network Security Policy Tracing Options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "compilation" | "ipc" | "rules" | "lookup" | "all")) /* Tracing parameters */.as(:oneline) ) ), "policy" ( /* Define a policy context from this zone */ s( arg, "to-zone-name" arg /* Destination zone */, c( "policy" ( /* Define security policy in specified zone-to-zone direction */ policy_type /* Define security policy in specified zone-to-zone direction */ ) ) ) ), "global" ( /* Define a global policy context */ c( "policy" ( /* Define security policy in global context */ policy_type /* Define security policy in global context */ ) ) ), "default-policy" ( /* Configure default action when no user-defined policy match */ c( c( "permit-all" /* Permit all traffic if no policy match */, "deny-all" /* Deny all traffic if no policy match */ ) ) ), "policy-rematch" ( /* Re-evaluate the policy when changed */ sc( "extensive" /* Perform policy extensive rematch */ ) ).as(:oneline), "policy-stats" ( /* Parameters for policy statistics */ c( "system-wide" ( /* Enable/Disable system-wide policy statistics */ ("enable" | "disable") ) ) ), "pre-id-default-policy" ( /* Configure default policy action before dynamic application is finally identified */ c( "then" ( /* Specify policy action to take when packet match criteria */ c( "log" ( /* Enable log */ log_type /* Enable log */ ), "session-timeout" ( /* Session timeout */ session_timeout_type /* Session timeout */ ) ) ) ) ), "stateful-firewall-rule" arg ( /* Define a stateful-firewall-rule */ c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "policy" ( /* Define a stateful-firewall policy */ policy_type /* Define a stateful-firewall policy */ ) ) ), "stateful-firewall-rule-set" arg ( /* Defines a set of stateful firewall rules */ c( "stateful-firewall-rule" arg /* Rule to be included in this stateful firewall rule set */ ) ) ) end rule(:log_type) do c( "session-init" /* Log at session init time */, "session-close" /* Log at session close time */ ) end rule(:policy_type) do arg.as(:arg) ( c( "description" arg /* Text description of policy */, "match" ( /* Specify security policy match-criteria */ c( c( "source-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), c( "destination-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), "source-address-excluded" /* Exclude source addresses */, "destination-address-excluded" /* Exclude destination addresses */, c( "application" ( (arg | "junos-defaults") ) ), c( "source-identity" ( ("any" | "authenticated-user" | "unauthenticated-user" | "unknown-user" | arg) ) ), c( "source-end-user-profile" ( /* Match source end user profile */ match_source_end_user_profile_value /* Match source end user profile */ ) ), c( "dynamic-application" ( (arg | "junos:UNKNOWN" | "junos:unassigned" | "any" | "none") ) ), c( "from-zone" ( ("any" | arg) ) ), c( "to-zone" ( ("any" | arg) ) ) ) ), "then" ( /* Specify policy action to take when packet match criteria */ c( c( "deny" /* Deny packets */, "reject" ( /* Reject packets */ c( "profile" arg /* Profile for redirect HTTP/S traffic */, "ssl-proxy" ( /* SSL proxy services */ c( "profile-name" arg /* Specify SSL proxy service profile name */ ) ) ) ), "permit" ( /* Permit packets */ c( "tunnel" ( /* Tunnel packets */ tunnel_type /* Tunnel packets */ ), "firewall-authentication" ( /* Enable authentication for this policy if permit or tunnel */ firewall_authentication_type /* Enable authentication for this policy if permit or tunnel */ ), "destination-address" ( /* Enable destination address translation */ destination_nat_enable_type /* Enable destination address translation */ ), "application-services" ( /* Application Services */ application_services_type /* Application Services */ ), "tcp-options" ( /* Transmission Control Protocol session configuration */ c( "syn-check-required" /* Enable per policy SYN-flag check */, "sequence-check-required" /* Enable per policy sequence-number checking */, "initial-tcp-mss" arg /* Override MSS value for initial direction */, "reverse-tcp-mss" arg /* Override MSS value for reverse direction */, "window-scale" /* Enable per policy window-scale */ ) ), "services-offload" /* Enable services offloading */ ) ) ), "log" ( /* Enable log */ log_type /* Enable log */ ), "count" ( /* Enable count */ count_type /* Enable count */ ) ) ), "scheduler-name" arg /* Name of scheduler */ ) ) end rule(:application_services_type) do c( "gprs-gtp-profile" arg /* Specify GPRS Tunneling Protocol profile name */, "gprs-sctp-profile" arg /* Specify GPRS stream control protocol profile name */, "idp" /* Intrusion detection and prevention */, "idp-policy" arg /* Specify idp policy name */, "ssl-proxy" ( /* SSL proxy services */ c( "profile-name" arg /* Specify SSL proxy service profile name */ ) ), "uac-policy" ( /* Enable unified access control enforcement of policy */ c( "captive-portal" arg ) ), "utm-policy" arg /* Specify utm policy name */, "icap-redirect" arg /* Specify icap redirect profile name */, "application-firewall" ( /* Application firewall services */ jsf_service_rule_set_type /* Application firewall services */ ), "application-traffic-control" ( /* Application traffic control services */ jsf_application_traffic_control_rule_set_type /* Application traffic control services */ ), c( "redirect-wx" /* Set WX redirection */, "reverse-redirect-wx" /* Set WX reverse redirection */ ), "security-intelligence-policy" arg /* Specify security-intelligence policy name */, "advanced-anti-malware-policy" arg /* Specify advanced-anti-malware policy name */ ) end rule(:count_type) do end rule(:destination_nat_enable_type) do c( c( "drop-translated" /* Drop the policy if NAT translated */, "drop-untranslated" /* Drop the policy if NAT untranslated */ ) ) end rule(:firewall_authentication_type) do c( c( "pass-through" ( /* Pass-through firewall authentication settings */ c( "access-profile" arg /* Specify access profile name */, "client-match" arg, "web-redirect" /* Redirect unauthenticated HTTP requests to the device's internal web server */, "web-redirect-to-https" /* Redirect unauthenticated HTTP requests to the device's internal HTTPS web server */, "ssl-termination-profile" arg /* Specify SSL termination profile used to the SSL offload */, "auth-only-browser" /* Authenticate only browser traffic */, "auth-user-agent" arg /* Authenticate HTTP traffic with specified user agent */ ) ), "web-authentication" ( /* Web-authentication settings */ c( "client-match" arg ) ), "user-firewall" ( /* User-firewall firewall authentication settings */ c( "access-profile" arg /* Specify access profile name */, "web-redirect" /* Redirect unauthenticated HTTP req to web server */, "web-redirect-to-https" /* Redirect unauthenticated HTTP req to HTTPS web server */, "ssl-termination-profile" arg /* Specify SSL termination profile used to the SSL offload */, "auth-only-browser" /* Authenticate only browser traffic */, "auth-user-agent" arg /* Authenticate HTTP traffic with specified user agent */, "domain" arg /* Specify domain name */ ) ) ), "push-to-identity-management" /* Push auth entry to identity management server */ ) end rule(:jsf_service_rule_set_type) do c( "rule-set" arg /* Service rule set name */ ) end rule(:match_source_end_user_profile_value) do c( arg /* Specify source-end-user-profile name from list to match */ ) end rule(:profile_setting) do arg.as(:arg) ( c( "anti-virus" ( /* UTM policy anti-virus profile */ c( "http-profile" arg /* Anti-virus profile */, "ftp" ( /* FTP profile */ c( "upload-profile" arg /* Anti-virus profile */, "download-profile" arg /* Anti-virus profile */ ) ), "smtp-profile" arg /* Anti-virus profile */, "pop3-profile" arg /* Anti-virus profile */, "imap-profile" arg /* Anti-virus profile */ ) ), "content-filtering" ( /* Content-filtering profile */ c( "http-profile" arg /* Content-filtering profile */, "ftp" ( /* FTP profile */ c( "upload-profile" arg /* Content-filtering FTP upload profile */, "download-profile" arg /* Content-filtering FTP download profile */ ) ), "smtp-profile" arg /* Content-filtering SMTP profile */, "pop3-profile" arg /* Content-filtering POP3 profile */, "imap-profile" arg /* Content-filtering IMAP profile */ ) ), "web-filtering" ( /* Web-filtering profile */ c( "http-profile" arg /* Web-filtering HTTP profile */ ) ), "anti-spam" ( /* Anti-spam profile */ c( "smtp-profile" arg /* Anti-spam profile */ ) ), "traffic-options" ( /* Traffic options */ c( "sessions-per-client" ( /* Sessions per client */ c( "limit" arg /* Sessions limit */, "over-limit" ( /* Over limit number */ ("log-and-permit" | "block") ) ) ) ) ) ) ) end rule(:ragw_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("brief" | "detail" | "extensive" | "verbose") ), "flag" enum(("configuration" | "tunnel" | "session" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:range_address_type) do arg.as(:arg) ( c( "to" ( /* Port range upper limit */ c( ipv4addr /* Upper limit of address range */ ) ) ) ) end rule(:sbl_type) do c( "profile" arg ( /* SBL profile */ c( "sbl-default-server" /* Default SBL server */, "no-sbl-default-server" /* Don't default SBL server */, "spam-action" ( /* Anti-spam actions */ ("block" | "tag-header" | "tag-subject") ), "custom-tag-string" arg /* Custom tag string */, "address-whitelist" arg /* Anti-spam whitelist */, "address-blacklist" arg /* Anti-spam blacklist */ ) ) ) end rule(:secure_wire_type) do arg.as(:arg) ( c( "interface" ( /* Secure-wire logical interface */ interface_unit /* Secure-wire logical interface */ ) ) ) end rule(:security_ipsec_policies) do c( "from-zone" ( /* Define ipsec policy context */ security_ipsec_policy /* Define ipsec policy context */ ) ) end rule(:security_ipsec_policy) do s( arg, "to-zone" arg /* Outgoing zone */, c( "ipsec-group-vpn" arg /* Group VPN name */ ) ) end rule(:security_ipsec_vpn) do c( "internal" ( /* Define an IPSec SA for internal RE-RE communication */ c( "security-association" ( /* Define an IPsec security association */ ipsec_internal_sa /* Define an IPsec security association */ ) ) ), "traceoptions" ( /* Trace options for IPSec data-plane debug */ ipsec_traceoptions /* Trace options for IPSec data-plane debug */ ), "vpn-monitor-options" ( /* Global options for VPN liveliness monitoring */ ipsec_vpn_monitor /* Global options for VPN liveliness monitoring */ ), "proposal" ( /* Define an IPSec proposal */ ipsec_proposal /* Define an IPSec proposal */ ), "policy" ( /* Define an IPSec policy */ ipsec_policy /* Define an IPSec policy */ ), "vpn" ( /* Define an IPSec VPN */ ipsec_vpn_template /* Define an IPSec VPN */ ), "security-association" ( /* Define a manual control plane SA */ ipsec_sa /* Define a manual control plane SA */ ) ) end rule(:ipsec_traceoptions) do c( "flag" enum(("packet-processing" | "packet-drops" | "security-associations" | "next-hop-tunnel-binding" | "all")) /* Events to include in data-plane IPSec trace output */.as(:oneline) ) end rule(:ipsec_vpn_monitor) do c( "interval" arg /* Monitor interval in seconds */, "threshold" arg /* Number of consecutive failures to determine connectivity */ ) end rule(:ipsec_vpn_template) do arg.as(:arg) ( c( "bind-interface" ( /* Bind to tunnel interface (route-based VPN) */ interface_name /* Bind to tunnel interface (route-based VPN) */ ), "df-bit" ( /* Specifies how to handle the Don't Fragment bit */ ("clear" | "set" | "copy") ), "multi-sa" ( /* Negotiate multiple SAs based on configuration choice */ c( c( "forwarding-class" arg ) ) ), "copy-outer-dscp" /* Enable copying outer IP header DSCP and ECN to inner IP header */, "vpn-monitor" ( /* Monitor VPN liveliness */ ipsec_template_monitor /* Monitor VPN liveliness */ ), c( "manual" ( /* Define a manual security association */ c( "gateway" ( /* Define the IPSec peer */ hostname /* Define the IPSec peer */ ), "external-interface" ( /* External interface for the security association */ interface_unit /* External interface for the security association */ ), "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp") ), "spi" arg /* Define security parameter index */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha-256-128" | "hmac-sha-256-96") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc" | "aes-128-gcm" | "aes-256-gcm") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ), "ike" ( /* Define an IKE-keyed IPSec vpn */ c( "gateway" arg /* Name of remote gateway */, "idle-time" arg /* Idle time to delete SA */, "no-anti-replay" /* Disable the anti-replay check */, "proxy-identity" ( /* IPSec proxy-id to use in IKE negotiations */ ipsec_template_proxy_id /* IPSec proxy-id to use in IKE negotiations */ ), "ipsec-policy" arg /* Name of the IPSec policy */, "install-interval" arg /* Delay installation of rekeyed outbound SAs on initiator */ ) ) ), "traffic-selector" arg ( /* Traffic selector */ c( "local-ip" ( /* IP address of local traffic-selector */ ipprefix_mandatory /* IP address of local traffic-selector */ ), "remote-ip" ( /* IP address of remote traffic-selector */ ipprefix_mandatory /* IP address of remote traffic-selector */ ) ) ), "establish-tunnels" ( /* Define the criteria to establish tunnels */ ("immediately" | "on-traffic") ), "passive-mode-tunneling" /* No active IP packet checks before IPSec encapsulation */, "match-direction" arg /* Direction for which the rule match is applied */, "tunnel-mtu" arg /* Maximum transmit packet size */, "udp-encapsulate" ( /* UDP encapsulation of IPsec data traffic */ sc( "dest-port" arg /* UDP destination port */ ) ).as(:oneline) ) ) end rule(:ipsec_template_monitor) do c( "optimized" /* Optimize for scalability */, "source-interface" ( /* Source interface for monitor message */ interface_unit /* Source interface for monitor message */ ), "destination-ip" ( /* Destination IP addres for monitor message */ ipaddr /* Destination IP addres for monitor message */ ), "verify-path" ( /* Verify IPSec path using vpn-monitor before bring up st0 state */ c( "destination-ip" ( /* Destination IP addres for verify IPSec path */ ipaddr /* Destination IP addres for verify IPSec path */ ), "packet-size" arg /* Size of the packet */ ) ) ) end rule(:ipsec_template_proxy_id) do c( "local" ( /* Local IP address/prefix length */ ipprefix_mandatory /* Local IP address/prefix length */ ), "remote" ( /* Remote IP address/prefix length */ ipprefix_mandatory /* Remote IP address/prefix length */ ), "service" arg /* Name of serivce that passes through, any enables all services */ ) end rule(:security_zone_type) do arg.as(:arg) ( c( "description" arg /* Text description of zone */, "tcp-rst" /* Send RST for NON-SYN packet not matching TCP session */, "address-book" ( /* Address book entries */ address_book_type /* Address book entries */ ), "screen" arg /* Name of ids option object applied to the zone */, "host-inbound-traffic" ( /* Allowed system services & protocols */ zone_host_inbound_traffic_t /* Allowed system services & protocols */ ), "interfaces" ( /* Interfaces that are part of this zone */ zone_interface_list_type /* Interfaces that are part of this zone */ ), "application-tracking" /* Enable Application tracking support for this zone */, "source-identity-log" /* Show user and group info in session log for this zone */, "advance-policy-based-routing-profile" ( /* Enable Advance Policy Based Routing on this zone */ c( arg ) ), "enable-reverse-reroute" /* Enable Reverse route lookup when there is change in ingress interface */ ) ) end rule(:address_book_type) do c( "address" ( /* Define a security address */ address_type /* Define a security address */ ), "address-set" ( /* Define a security address set */ address_set_type /* Define a security address set */ ) ) end rule(:server) do c( "host" arg /* Server host IP address or string host name */, "port" arg /* Server port */, "routing-instance" arg /* Routing instance name */ ) end rule(:session_timeout_type) do c( "tcp" arg /* Timeout value for tcp sessions */, "udp" arg /* Timeout value for udp sessions */, "ospf" arg /* Timeout value for ospf sessions */, "icmp" arg /* Timeout value for icmp sessions */, "icmp6" arg /* Timeout value for icmp6 sessions */, "others" arg /* Timeout value for other sessions */ ) end rule(:sla_policy_type) do arg.as(:arg) ( c( "description" arg /* Text description of policy */, "match" ( /* Specify sla policy match-criteria */ c( c( "source-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), c( "destination-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), "source-address-excluded" /* Exclude source addresses */, "destination-address-excluded" /* Exclude destination addresses */, c( "application" arg ) ) ), "then" ( /* Specify policy action to take when packet match criteria */ c( c( "application-services" ( /* Application Services */ sla_application_services_type /* Application Services */ ) ) ) ) ) ) end rule(:sla_application_services_type) do c( "advance-policy-based-routing-profile" arg /* Specify APBR profile name */ ) end rule(:softwires_object) do c( "softwire-name" ( /* Configure softwire object */ softwire_option_type /* Configure softwire object */ ), "traceoptions" ( /* Trace options for Network Security DS-Lite */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "all")) /* Tracing parameters */.as(:oneline) ) ), "rule-set" ( /* Define a softwire rule set */ sw_rule_set_object /* Define a softwire rule set */ ) ) end rule(:softwire_option_type) do arg.as(:arg) ( c( "softwire-concentrator" ( /* Concentrator address */ ipaddr /* Concentrator address */ ), "softwire-type" ( /* Softwire-type */ ("IPv4-in-IPv6" | "v6rd") ), "ipv4-prefix" ( /* 6rd customer edge IPV4 prefix */ ipv4prefix /* 6rd customer edge IPV4 prefix */ ), "v6rd-prefix" ( /* 6rd domain's IPV6 prefix */ ipv6prefix /* 6rd domain's IPV6 prefix */ ), "mtu-v4" arg /* MTU for the softwire tunnel */ ) ) end rule(:sophos_fallback_settings) do c( "default" ( /* Default action */ ("permit" | "log-and-permit" | "block") ), "content-size" ( /* Fallback action for over content size */ ("permit" | "log-and-permit" | "block") ), "engine-not-ready" ( /* Fallback action for engine not ready */ ("permit" | "log-and-permit" | "block") ), "timeout" ( /* Fallback action for engine scan timeout */ ("permit" | "log-and-permit" | "block") ), "out-of-resources" ( /* Fallback action for out of resources */ ("permit" | "log-and-permit" | "block") ), "too-many-requests" ( /* Fallback action for requests exceed engine limit */ ("permit" | "log-and-permit" | "block") ) ) end rule(:sophos_scan_options) do c( "uri-check" /* Anti-virus uri-check */, "no-uri-check" /* Don't anti-virus uri-check */, "content-size-limit" arg /* Content size limit */, "timeout" arg /* Scan engine timeout */ ) end rule(:ssg_destination_nat_object) do c( "pool" arg ( /* Define a destination address pool */ c( "description" arg /* Text description of pool */, "routing-instance" ( /* Routing instance */ c( c( "default" /* Default routing-instance */, arg ) ) ), "address" ( /* Add address or address range to pool */ sc( ipprefix /* IPv4 or IPv6 address or address range */, c( "to" ( /* Upper limit of address range */ c( ipprefix /* IPv4 or IPv6 upper limit of address range */ ) ), "port" arg /* Specify the port value */ ) ) ).as(:oneline) ) ), "port-forwarding" arg ( /* Define a port-forwarding mapping pool */ c( "description" arg /* Text description of port forwarding mapping */, "destined-port" ( /* Port forwarding mappings */ s( arg, "translated-port" arg /* Translated port */ ) ).as(:oneline) ) ), "rule-set" arg ( /* Configurate a set of rules */ c( "description" arg /* Text description of rule set */, "from" ( /* Where is the traffic from */ sc( c( "routing-instance" ( /* Source routing instance list */ ("default" | arg) ), "zone" arg /* Source zone list */, "interface" ( /* Source interface list */ interface_name /* Source interface list */ ) ) ) ).as(:oneline), "rule" ( /* Destination NAT rule */ dest_nat_rule_object /* Destination NAT rule */ ), "match-direction" ( /* Match direction */ ("input" | "output") ) ) ) ) end rule(:dest_nat_rule_object) do arg.as(:arg) ( c( "description" arg /* Text description of rule */, "dest-nat-rule-match" ( /* Specify Destination NAT rule match criteria */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "source-address-name" arg /* Address/address-set from address book */, c( "destination-address" ( /* Destination address */ sc( ipprefix /* IPv4 or IPv6 destination address */ ) ).as(:oneline), "destination-address-name" ( /* Address from address book */ sc( arg ) ).as(:oneline) ), "destination-port" arg ( /* Destination port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), "protocol" ( /* IP Protocol */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "application" arg ) ), "then" ( /* Then action */ c( "destination-nat" ( /* Destination NAT action */ c( c( "off" /* No action */, "pool" ( /* Use Destination NAT pool */ c( arg ) ), "destination-prefix" ( /* Destination prefix to be used for NAT64 and 464 translation type */ ipprefix_only /* Destination prefix to be used for NAT64 and 464 translation type */ ) ), "port-forwarding-mappings" ( /* Use Destination NAT port forwarding mapping pool */ c( arg ) ), "rule-session-count-alarm" ( /* Config rule-session-count-alarm to destination rule */ nat_rule_session_count_alarm_object /* Config rule-session-count-alarm to destination rule */ ).as(:oneline) ) ) ) ) ) ) end rule(:nat_rule_session_count_alarm_object) do c( "raise-threshold" arg /* Raise threshold for rule session count alarm */, "clear-threshold" arg /* Clear threshold for session count hit alarm */ ).as(:oneline) end rule(:ssg_proxy_arp_object) do c( "interface" ( /* Interface with proxy arp configured */ ssg_interface_object /* Interface with proxy arp configured */ ) ) end rule(:ssg_interface_object) do arg.as(:arg) ( c( "address" arg ( /* Proxy ARP address */ sc( "to" ( /* Upper limit of address range */ c( ipv4prefix /* Upper limit of address range */ ) ) ) ).as(:oneline) ) ) end rule(:ssg_proxy_ndp_object) do c( "interface" ( /* Interface with proxy arp configured */ ssg_proxy_ndp_interface_object /* Interface with proxy arp configured */ ) ) end rule(:ssg_proxy_ndp_interface_object) do arg.as(:arg) ( c( "address" arg ( /* Proxy ndp address */ sc( "to" ( /* Upper limit of address range */ c( ipv6addr /* Upper limit of address range */ ) ) ) ).as(:oneline) ) ) end rule(:ssg_source_nat_object) do c( "pool" arg ( /* Define a source address pool */ c( "description" arg /* Text description of pool */, "routing-instance" ( /* Routing instance */ c( arg ) ), "address" arg ( /* Add address to pool */ sc( "to" ( /* Upper limit of address range */ c( ipprefix /* IPv4 or IPv6 upper limit of address range */ ) ) ) ).as(:oneline), "host-address-base" ( /* The base of host address */ sc( ipprefix /* IPv4 or IPv6 base address */ ) ).as(:oneline), "port" ( /* Config port attribute to pool */ c( c( "no-translation" /* Do not perform port translation */, "range" ( /* Port range */ c( arg, "to" ( /* Port range upper limit */ c( arg ) ), "twin-port" ( /* Twin port range */ c( arg, "to" ( /* Twin port range upper limit */ c( arg ) ) ) ) ) ) ), "port-overloading-factor" arg /* Port overloading factor for each IP */, "block-allocation" ( /* Port block allocation */ block_allocation_object /* Port block allocation */ ), "deterministic" ( /* Deterministic nat allocation */ deterministic_object /* Deterministic nat allocation */ ), "preserve-parity" /* Allocate port as the same parity as incoming port */, "preserve-range" /* Allocate port from the same port range as incoming port */, "automatic" ( /* Port assignment */ c( c( "random-allocation" /* Allocate port randomly */, "round-robin" /* Allocate port by round-robin */ ) ) ) ) ), "overflow-pool" ( /* Specify an overflow pool */ sc( c( arg, "interface" /* Allow interface pool to support overflow */ ) ) ).as(:oneline), "address-shared" /* Allow multiple hosts to share an externel address */, "address-pooling" ( /* Specify the address-pooling behavior */ sc( c( "paired" /* Allow address-pooling paired for a source pool with port translation */, "no-paired" /* Allow address-pooling no-paired for a source pool without port translation */ ) ) ).as(:oneline), "address-persistent" ( /* Specify the address-persistent behavior */ sc( "subscriber" ( /* Configure address persistent for subscriber */ sc( "ipv6-prefix-length" arg /* Ipv6 prefix length for address persistent */ ) ).as(:oneline) ) ).as(:oneline), "pool-utilization-alarm" ( /* Config pool-utilization-alarm to pool */ source_nat_pool_utilization_alarm_object /* Config pool-utilization-alarm to pool */ ).as(:oneline), "ei-mapping-timeout" arg /* Endpoint-independent mapping timeout */, "mapping-timeout" arg /* Address-pooling paired and endpoint-independent mapping timeout */, "limit-ports-per-host" arg /* Number of ports allocated per host */ ) ), "address-persistent" /* Allow source address to maintain same translation */, "session-persistence-scan" /* Allow source to maintain session when session scan */, "session-drop-hold-down" arg /* Session drop hold down time */, "pool-utilization-alarm" ( /* Configure pool utilization alarm */ source_nat_pool_utilization_alarm_object /* Configure pool utilization alarm */ ).as(:oneline), "port-randomization" ( /* Configure Source NAT port randomization */ sc( ("disable") ) ).as(:oneline), "port-round-robin" /* Configure Source NAT port randomization */.as(:oneline), "port-scaling-enlargement" /* Configure source port scaling to 2.4G only for NGSPC */, "pool-distribution" /* Configure Source pool distribution, the APPCP bottleneck of NAT CPS can be alleviated. */, "pool-default-port-range" ( /* Configure Source NAT default port range */ sc( arg, "to" ( /* Port range upper limit */ c( arg ) ) ) ).as(:oneline), "pool-default-twin-port-range" ( /* Configure Source NAT default twin port range */ sc( arg, "to" ( /* Twin port range upper limit */ c( arg ) ) ) ).as(:oneline), "interface" ( /* Configure interface port overloading for persistent NAT */ c( c( "port-overloading" ( /* Configure port overloading */ sc( "off" /* Turn off interface port over-loading */ ) ).as(:oneline), "port-overloading-factor" arg /* Port overloading factor for interface NAT */ ) ) ), "rule-set" arg ( /* Configurate a set of rules */ c( "description" arg /* Text description of rule set */, "from" ( /* Where is the traffic from */ sc( c( "routing-instance" ( /* Source routing instance list */ ("default" | arg) ), "zone" arg /* Source zone list */, "interface" ( /* Source interface list */ interface_name /* Source interface list */ ) ) ) ).as(:oneline), "to" ( /* Where is the traffic to */ sc( c( "routing-instance" ( /* Destination routing instance list */ ("default" | arg) ), "zone" arg /* Destination zone list */, "interface" ( /* Destination interface list */ interface_name /* Destination interface list */ ) ) ) ).as(:oneline), "rule" ( /* Source NAT rule */ src_nat_rule_object /* Source NAT rule */ ), "match-direction" ( /* Match direction */ ("input" | "output") ) ) ) ) end rule(:block_allocation_object) do c( "block-size" arg /* Block size */, "maximum-blocks-per-host" arg /* Maximum block number per host */, "active-block-timeout" arg /* Active block timeout interval */, "interim-logging-interval" arg /* Interim Logging interval */, "last-block-recycle-timeout" arg /* Last Block recycle timeout interval */, "log" ( /* Configure port block log */ sc( ("disable") ) ).as(:oneline) ) end rule(:deterministic_object) do c( "block-size" arg /* Block size */, "det-nat-configuration-log-interval" arg /* Deterministic nat configuration logging interval */, "host" ( /* Host address */ sc( "address" ( /* Host ip address */ ipprefix /* Host ip address */ ), "address-name" arg /* Host address/address-set from address book */ ) ).as(:oneline), "include-boundary-addresses" /* Include network and broadcast in 'match' source address */ ) end rule(:source_nat_pool_utilization_alarm_object) do c( "raise-threshold" arg /* Raise threshold for pool utilization alarm */, "clear-threshold" arg /* Clear threshold for pool utilization alarm */ ).as(:oneline) end rule(:src_nat_rule_object) do arg.as(:arg) ( c( "description" arg /* Text description of rule */, "src-nat-rule-match" ( /* Specify Source NAT rule match criteria */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "source-address-name" arg /* Address/address-set from address book */, "source-port" arg ( /* Source port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), "destination-address" ( /* Destination address */ ipprefix /* Destination address */ ), "destination-address-name" arg /* Address/address-set from address book */, "destination-port" arg ( /* Destination port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), "protocol" ( /* IP Protocol */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "application" arg ) ), "then" ( /* Then action */ c( "source-nat" ( /* Source NAT action */ c( c( "off" /* No action */, "pool" ( /* Use Source NAT pool */ c( arg, "persistent-nat" ( /* Persistent NAT info */ persistent_nat_object /* Persistent NAT info */ ) ) ), "interface" ( /* Use egress interface address */ c( "persistent-nat" ( /* Persistent NAT info */ persistent_nat_object /* Persistent NAT info */ ) ) ) ), "clat-prefix" ( /* An IPv6 prefix to be used for XLAT464 and prefix length can only be 32/40/48/56/64/96 */ ipprefix_only /* An IPv6 prefix to be used for XLAT464 and prefix length can only be 32/40/48/56/64/96 */ ), "rule-session-count-alarm" ( /* Config rule-session-count-alarm to source rule */ nat_rule_session_count_alarm_object /* Config rule-session-count-alarm to source rule */ ).as(:oneline), "mapping-type" ( /* Source nat mapping type */ sc( "endpoint-independent" /* Endpoint independent mapping */ ) ).as(:oneline), "secure-nat-mapping" ( /* Mapping options for enhanced security */ sc( "eif-flow-limit" arg /* Number of inbound flows to be allowed for a EIF mapping */, "mapping-refresh" ( /* Enable timer refresh option */ sc( c( "inbound" /* Enable timer refresh for inbound connections only */, "outbound" /* Enable timer refresh for outbound connections only */, "inbound-outbound" /* Enable timer refresh for inbound & outbound connections */ ) ) ).as(:oneline) ) ).as(:oneline), "filtering-type" ( /* Source NAT filtering type */ c( "endpoint-independent" ( /* Endpoint independent filtering */ c( "prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline) ) ) ) ) ) ) ) ) ) ) end rule(:persistent_nat_object) do c( "permit" ( /* Persistent NAT permit configure */ sc( c( "any-remote-host" /* Permit any remote host */, "target-host" /* Permit target host */, "target-host-port" /* Permit target host port */ ) ) ).as(:oneline), "address-mapping" /* Address-to-address mapping */, "inactivity-timeout" arg /* Inactivity timeout value */, "max-session-number" arg /* The maximum session number value */ ) end rule(:ssg_static_nat_object) do c( "rule-set" arg ( /* Configurate a set of rules */ c( "description" arg /* Text description of rule set */, "from" ( /* Where is the traffic from */ sc( c( "routing-instance" ( /* Source routing instance list */ ("default" | arg) ), "zone" arg /* Source zone list */, "interface" ( /* Source interface list */ interface_name /* Source interface list */ ) ) ) ).as(:oneline), "rule" ( /* Static NAT rule */ static_nat_rule_object /* Static NAT rule */ ) ) ) ) end rule(:static_nat_rule_object) do arg.as(:arg) ( c( "description" arg /* Text description of rule */, "static-nat-rule-match" ( /* Specify Static NAT rule match criteria */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "source-address-name" arg /* Address from address book */, "source-port" arg ( /* Source port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), c( "destination-address" ( /* Destination address */ sc( ipprefix /* IPv4 or IPv6 Destination address prefix */ ) ).as(:oneline), "destination-address-name" ( /* Address from address book */ sc( arg ) ).as(:oneline) ), "destination-port" ( /* Destination port */ sc( arg /* Port or lower limit of port range */, "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline) ) ), "then" ( /* Then action */ c( "static-nat" ( /* Static NAT action */ c( c( "inet" ( /* Translated to IPv4 address */ c( "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ), "prefix" ( /* Address prefix */ c( ipprefix /* IPv4 or IPv6 address prefix value */, "mapped-port" ( /* Mapped port */ static_nat_rule_mapped_port_object /* Mapped port */ ).as(:oneline), "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ), "prefix-name" ( /* Address from address book */ c( arg, "mapped-port" ( /* Mapped port */ static_nat_rule_mapped_port_object /* Mapped port */ ).as(:oneline), "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ), "nptv6-prefix" ( /* NPTv6 address prefix, the longest prefix will be supported is /64 */ c( ipprefix /* IPv6 address prefix value, the longest prefix will be supported is /64 */, "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ), "nptv6-prefix-name" ( /* NPTv6 address from address book */ c( arg, "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ) ), "rule-session-count-alarm" ( /* Config rule-session-count-alarm to static rule */ nat_rule_session_count_alarm_object /* Config rule-session-count-alarm to static rule */ ).as(:oneline) ) ) ) ) ) ) end rule(:static_nat_rule_mapped_port_object) do c( arg /* Port or lower limit of port range */, "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ).as(:oneline) end rule(:sw_rule_set_object) do arg.as(:arg) ( c( "rule" arg ( /* Define a rule term */ c( "then" ( /* Action to take if the condition is matched */ c( c( "v6rd" arg /* Apply 6rd softwire */ ) ) ) ) ), "match-direction" ( /* Match direction */ ("input" | "output") ) ) ) end rule(:tunnel_type) do c( c( "ipsec-vpn" arg /* Enable VPN with name */, "ipsec-group-vpn" arg /* Enable dynamic IPSEC group with name */ ), "pair-policy" arg /* Policy in the reverse direction, to form a pair */ ) end rule(:url_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of url-list object */ ) ) end rule(:utm_apppxy_traceoptions) do c( "flag" enum(("abort" | "application-objects" | "utm-realtime" | "anti-virus" | "basic" | "buffer" | "detail" | "ftp-data" | "ftp-control" | "http" | "imap" | "memory" | "parser" | "pfe" | "pop3" | "queue" | "smtp" | "tcp" | "timer" | "connection-rating" | "mime" | "regex-engine" | "sophos-anti-virus" | "all")) /* Tracing parameters for utm application proxy */.as(:oneline) ) end rule(:utm_ipc_traceoptions) do c( "flag" enum(("basic" | "detail" | "connection-manager" | "connection-status" | "pfe" | "utm-realtime" | "all")) /* Traceoptions for utm IPC flag */.as(:oneline) ) end rule(:utm_traceoptions) do c( "flag" enum(("cli" | "daemon" | "ipc" | "pfe" | "all")) /* Tracing UTM information */.as(:oneline) ) end rule(:web_filtering_block_message) do c( "type" ( /* Type of block message desired */ ("custom-redirect-url") ), "url" arg /* URL of block message */ ) end rule(:web_filtering_fallback_setting) do c( "default" ( /* Fallback default settings */ ("log-and-permit" | "block") ), "server-connectivity" ( /* Fallback action when device cannot connect to server */ ("log-and-permit" | "block") ), "timeout" ( /* Fallback action when connection to server timeout */ ("log-and-permit" | "block") ), "too-many-requests" ( /* Fallback action when requests exceed the limit of engine */ ("log-and-permit" | "block") ) ) end rule(:web_filtering_quarantine_message) do c( "type" ( /* Type of quarantine message desired */ ("custom-redirect-url") ), "url" arg /* URL of quarantine message */ ) end rule(:web_filtering_traceoptions) do c( "flag" enum(("basic" | "session-manager" | "heartbeat" | "packet" | "profile" | "requests" | "response" | "socket" | "timer" | "ipc" | "cache" | "enhanced" | "all")) /* Trace options for web-filtering feature trace flag */.as(:oneline) ) end rule(:webfilter_feature) do c( "surf-control-integrated" ( /* Configure web-filtering surf-control integrated engine */ surf_control_integrated_type /* Configure web-filtering surf-control integrated engine */ ), "websense-redirect" ( /* Configure web-filtering websense redirect engine */ websense_type /* Configure web-filtering websense redirect engine */ ), "juniper-local" ( /* Configure web-filtering juniper local engine */ juniper_local_type /* Configure web-filtering juniper local engine */ ), "juniper-enhanced" ( /* Configure web-filtering juniper enhanced engine */ juniper_enhanced_type /* Configure web-filtering juniper enhanced engine */ ) ) end rule(:juniper_enhanced_type) do c( "profile" arg ( /* Juniper enhanced profile */ c( "base-filter" arg /* Juniper base filter */, "category" ( /* Juniper enhanced category */ juniper_enhanced_category_type /* Juniper enhanced category */ ), "site-reputation-action" ( /* Juniper enhanced site reputation action */ juniper_enhanced_site_reputation_setting /* Juniper enhanced site reputation action */ ), "default" ( /* Juniper enhanced profile default */ ("permit" | "block" | "log-and-permit" | "quarantine") ), "custom-block-message" arg /* Juniper enhanced custom block message sent to HTTP client */, "quarantine-custom-message" arg /* Juniper enhanced quarantine custom message */, "fallback-settings" ( /* Juniper enhanced fallback settings */ web_filtering_fallback_setting /* Juniper enhanced fallback settings */ ), "timeout" arg /* Juniper enhanced timeout */, "no-safe-search" /* Do not perform safe-search for Juniper enhanced protocol */, "block-message" ( /* Juniper enhanced block message settings */ web_filtering_block_message /* Juniper enhanced block message settings */ ), "quarantine-message" ( /* Juniper enhanced quarantine message settings */ web_filtering_quarantine_message /* Juniper enhanced quarantine message settings */ ) ) ) ) end rule(:juniper_local_type) do c( "profile" arg ( /* Juniper local profile */ c( "default" ( /* Juniper local profile default */ ("permit" | "block" | "log-and-permit") ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Juniper local custom block message */, "quarantine-custom-message" arg /* Juniper local quarantine custom message */, "block-message" ( /* Juniper local block message settings */ web_filtering_block_message /* Juniper local block message settings */ ), "quarantine-message" ( /* Juniper local quarantine message settings */ web_filtering_quarantine_message /* Juniper local quarantine message settings */ ), "fallback-settings" ( /* Juniper local fallback settings */ web_filtering_fallback_setting /* Juniper local fallback settings */ ), "timeout" arg /* Juniper local timeout */ ) ) ) end rule(:surf_control_integrated_type) do c( "cache" ( c( "timeout" arg /* Surf control integrated cache timeout */, "size" arg /* Surf control integrated cache size */ ) ), "server" ( /* Surf control server */ server /* Surf control server */ ), "profile" arg ( /* Surf control integrated profile */ c( "category" ( /* Surf control integrated category */ surf_control_integrated_category_type /* Surf control integrated category */ ), "default" ( /* Surf control integrated profile default */ ("permit" | "block" | "log-and-permit") ), "custom-block-message" arg /* Surf control integrated custom block message */, "fallback-settings" ( /* Surf control integrated fallback settings */ web_filtering_fallback_setting /* Surf control integrated fallback settings */ ), "timeout" arg /* Surf control integrated timeout */ ) ) ) end rule(:surf_control_integrated_category_type) do arg.as(:arg) ( c( "action" ( /* Surf control integrated category type action */ ("permit" | "block" | "log-and-permit") ) ) ) end rule(:websense_type) do c( "profile" arg ( /* Websense redirect profile */ c( "server" ( /* Websense redirect server */ server /* Websense redirect server */ ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Websense redirect custom block message */, "quarantine-custom-message" arg /* Websense redirect quarantine custom message */, "block-message" ( /* Websense redirect block message settings */ web_filtering_block_message /* Websense redirect block message settings */ ), "quarantine-message" ( /* Websense redirect quarantine message settings */ web_filtering_quarantine_message /* Websense redirect quarantine message settings */ ), "fallback-settings" ( /* Websense redirect fallback settings */ web_filtering_fallback_setting /* Websense redirect fallback settings */ ), "timeout" arg /* Websense redirect timeout */, "sockets" arg /* Websense redirect sockets number */, "account" arg /* Websense redirect account */ ) ) ) end rule(:wildcard_address_type) do arg.as(:arg) end rule(:zone_interface_list_type) do arg.as(:arg) ( c( "host-inbound-traffic" ( interface_host_inbound_traffic_t ) ) ) end rule(:interface_host_inbound_traffic_t) do c( "system-services" ( /* Type of incoming system-service traffic to accept */ interface_system_services_object_type /* Type of incoming system-service traffic to accept */ ), "protocols" ( /* Protocol type of incoming traffic to accept */ host_inbound_protocols_object_type /* Protocol type of incoming traffic to accept */ ) ) end rule(:host_inbound_protocols_object_type) do enum(("all" | "bfd" | "bgp" | "dvmrp" | "igmp" | "ldp" | "msdp" | "ndp" | "nhrp" | "ospf" | "ospf3" | "pgm" | "pim" | "rip" | "ripng" | "router-discovery" | "rsvp" | "sap" | "vrrp")).as(:arg) ( c( "except" /* Protocol type of incoming traffic to disallow */ ) ) end rule(:interface_system_services_object_type) do enum(("all" | "bootp" | "dhcp" | "dhcpv6" | "dns" | "finger" | "ftp" | "ident-reset" | "http" | "https" | "ike" | "netconf" | "ping" | "rlogin" | "reverse-telnet" | "reverse-ssh" | "rpm" | "rsh" | "snmp" | "snmp-trap" | "ssh" | "telnet" | "traceroute" | "xnm-ssl" | "xnm-clear-text" | "tftp" | "lsping" | "ntp" | "sip" | "r2cp" | "webapi-clear-text" | "webapi-ssl" | "tcp-encap" | "appqoe" | "any-service")).as(:arg) ( c( "except" /* Type of incoming system-service traffic to disallow */ ) ) end rule(:zone_host_inbound_traffic_t) do c( "system-services" ( /* Type of incoming system-service traffic to accept */ zone_system_services_object_type /* Type of incoming system-service traffic to accept */ ), "protocols" ( /* Protocol type of incoming traffic to accept */ host_inbound_protocols_object_type /* Protocol type of incoming traffic to accept */ ) ) end rule(:zone_system_services_object_type) do enum(("all" | "bootp" | "dhcp" | "dhcpv6" | "dns" | "finger" | "ftp" | "ident-reset" | "http" | "https" | "ike" | "netconf" | "ping" | "rlogin" | "reverse-telnet" | "reverse-ssh" | "rpm" | "rsh" | "snmp" | "snmp-trap" | "ssh" | "telnet" | "traceroute" | "xnm-ssl" | "xnm-clear-text" | "tftp" | "lsping" | "ntp" | "sip" | "r2cp" | "webapi-clear-text" | "webapi-ssl" | "tcp-encap" | "appqoe" | "any-service")).as(:arg) ( c( "except" /* Type of incoming system-service traffic to disallow */ ) ) end # End of vSRX 18.3R1.9