Uses the listed authentication methods that follow this keyword as the default list of methods for authentication.

list-name

Character string used to name the authentication method list.

method-list

Method used to enable AAA system accounting. Method list types are entered in the preferred sequence. The value is one of the following options:

• group tacacs+ — Specifies a method list that uses the list of all configured TACACS+ servers for authentication.

• group radius — Specifies a method list that uses the list of all configured RADIUS servers for authentication.

• group named-group — Specifies a named subset of TACACS+ or RADIUS servers for authentication.

• local — Specifies a local username or password database for authentication.

• line — Specifies a line password or user group for authentication.

Enables the NACM (NETCONF Access Control Model) functionality.

Uses the listed authorization methods that follow this keyword as the default list of methods for authorization.

list-name

Character string used to name the list of authorization methods.

none

Uses no authorization. If you specify none, no subsequent authorization method is attempted.

local

Uses local authorization. This method of authorization is not available for command authorization.

group tacacs+

Uses the list of all configured TACACS+ servers for authorization.

group radius

Uses the list of all configured RADIUS servers for authorization. This method of authorization is not available for command authorization.

group group-name

Specifies a named subset of TACACS+ or RADIUS servers for authorization.

Configures command rules.

Specifies the command rule number.

Specifies the range of the command rules or data rules to be configured.

Specifies whether users are permitted or not allowed to perform the operation specified for the action-type keyword.

The action-type specifies the action type for the command rule or data rule.

Available options are: accept , accept_log and reject .

Specifies the command to which the command rule applies. The command must be entered within double-quotes.

Example, get .

Specifies to which type of connection the command rule or data rule applies. The connection type can be netconf, cli, or xml.

Specifies the group to which the command rule or data rule applies.

Example, admin-r .

Specifies whether the user has read, execute, or read and execute permissions for the command.

Available options for command rules are: r , rx , and x .

To know the available options for data rules, use a ? after the ops keyword.

commands group

Sets the command authorization lists for server groups.

Available options are none that specifies no authorization and tacacs that specifies use of the list of all tacacs+ hosts.

This command has no keywords or arguments.

IP address of the peer node.

Subnet mask address.

Specifies the AINS configuration in hours and minutes.

R/S/I/P

Rack/Slot/Instance/Port of the optics controller.

Specifies the AINS configuration in hours and minutes.

Specifies RSA signature as the authentication method.

Encryption algorithm type. AES-GCM-256 is used.

Rack/Slot/Instance/Port of the coherent DSP controller.

Description of the coherent DSP controller.

fec fec-value

Configures the FEC on the controller. The supported options on the 1.2T line card are StandardSD15 and StandardSD27.

From Release 7.2.1 onwards, the supported options on the OTN XP card are EnhancedSD15 and EnhancedSD27.

From Release 7.3.1 onwards, OFEC is supported on the OTN XP card.

pm { 30-sec |15-min | 24-hour} { fec | otn} { report | threshold} value

Configures performance monitoring parameters for 30 second, 15 minute, or 24-hour intervals.

The fec keyword configures FEC PM data in 30 second, 15 minute, or 24-hour intervals.

The otn keyword configures OTN PM data in 30 second, 15 minute, or 24-hour intervals.

The report keyword configures TCA reporting status.

The threshold keyword configures threshold values on PM parameters.

perf-mon { enable | disable }

Enables or disables performance monitoring.

loopback internal

Configures the internal loopback mode on the controller.

For the 1.2T line card, internal and line loopbacks are supported on the Ethernet controllers whereas only internal loopback is supported on the CoherentDSP controllers.

secondary-admin-state

Configures the administrative state of the controller. The values are maintenance or normal.

shutdown

Disables the configuration of the controller.

tti sent {ascii | hex} tti-string

Configures the Trail Trace Identifier (TTI) ASCII or hex string to be sent. From Release 7.3.2 onwards, TTI strings such as SAPI, DAPI, and operator inputs are supported.

tti expected {ascii | hex} tti-string

Configures the expected TTI ASCII or hex string. The OTUK-TIM alarm is raised if the received TTI string does not match the expected TTI string. From Release 7.3.2 onwards, TTI strings such as SAPI, DAPI, and operator inputs are supported.

gcc0

Enables the GCC0 interface.

flexo{ gidgid-no | iidiid-no}]

Configures FlexO group identification (GID) and FlexO instance identification (IID) on the controller. The range of the gid gid-no is 1–1,048,576. The range of the iid iid-no is 1–254.

Rack/Slot/Instance/Port of the Ethernet controller.

pm { 30-sec | 15-min | 24-hour }

Configures performance monitoring parameters for 30 second, 15 minutes, or 24 hour intervals.

ether

Configures Ethernet PM data in 30 second, 15 minute or 24 hour intervals.

report

Configures TCA reporting status.

threshold

Configures threshold on Ethernet controller parameters.

perf-mon disable

Disables performance monitoring.

loopback [ internal | line ]

Configures the internal or line loopback mode on the Ethernet controller.

For the 1.2T line card, internal and line loopbacks are supported on the ethernet controllers whereas only internal loopbacks are supported on the CoherentDSP controllers.

sec-admin-state maintenance

Configures the administrative state of the controller indicating that the controller is under maintenance.

shutdown

Disables the configuration of the controller.

laser-squelch

Enables laser squelching so that laser is brought down in the event of trunk faults (LOF, LOS) and a SQUELCHED alarm is raised.

fec { none | standard }

Disables FEC or enables standard (Reed-Solomon) FEC.

holdoff-time trunk-fault timevalue

When a fault occurs on the trunk port, the user can hold the propagation of Local Fault using this parameter. The range of timevalue is 0 to 3000 ms.

insert-idle ingress

Enables idle frames insertion in the ingress direction.

insert-idle egress

Enables idle frames insertion in the egress direction.

Rack/Slot/Instance/Port of the Ethernet controller.

pm { 30-sec | 15-min | 24-hour }

Configures performance monitoring parameters for 30 second, 15 minutes, or 24 hour intervals.

ether

Configures Ethernet PM data in 30 second, 15 minute or 24 hour intervals.

report

Configures TCA reporting status.

threshold

Configures threshold on Ethernet controller parameters.

perf-mon disable

Disables performance monitoring.

loopback [ internal | line ]

Configures the internal or line loopback mode on the Ethernet controller.

For the 1.2T line card, internal and line loopbacks are supported on the ethernet controllers whereas only internal loopbacks are supported on the CoherentDSP controllers.

sec-admin-state maintenance

Configures the administrative state of the controller indicating that the controller is under maintenance.

shutdown

Disables the configuration of the controller.

laser-squelch

Enables laser squelching so that laser is brought down in the event of trunk faults (LOF, LOS) and a SQUELCHED alarm is raised.

fec { none | standard }

Disables FEC or enables standard (Reed-Solomon) FEC.

holdoff-time trunk-fault timevalue

When a fault occurs on the trunk port, the user can hold the propagation of Local Fault using this parameter. The range of timevalue is 0 to 3000 ms.

insert-idle ingress

Enables idle frames insertion in the ingress direction.

insert-idle egress

Enables idle frames insertion in the egress direction.

Rack/Slot/Instance/Port/Lane of the Ethernet controller.

pm { 30-sec | 15-min | 24-hour }

Configures performance monitoring parameters for 30 second, 15 minutes, or 24 hour intervals.

perf-mon disable

Disables performance monitoring.

loopback [ internal | line ]

Configures the internal or line loopback mode on the Ethernet controller.

sec-admin-state maintenance

Configures the administrative state of the controller indicating that the controller is under maintenance.

shutdown

Disables the configuration of the controller.

laser-squelch

Enables laser squelching so that laser is brought down in the event of trunk faults and a SQUELCHED alarm is raised.

holdoff-time trunk-fault timevalue

When a fault occurs on the trunk port, the user can hold the propagation of Local Fault using this parameter. The range of timevalue is 0 to 3000 ms.

Rack/Slot/Instance/Port/Client-port/Lane-number of the ODU2e controller.

opu

Configures Optical Channel Payload Unit (OPU) on the ODU2e controller.

prbs mode { source| sink| source-sink}

Configures Pseudo Random Binary Sequence (PRBS) mode as source, sink, or source sink.

patterninvertedpn31

Configures PRBS pattern as inverted pattern. Sequence length is from 2^31 -1 bits.

Rack/Slot/Instance/Port/Lane of the ODU4 controller.

gcc2

Enables the GCC2 interface.

Rack/Slot/Instance/Port/Lane of the ODUC4 controller.

Identifier of the ODU group controller. The valid range is from 1 to 65535.

Configures the type of the client signal to be added in the ODU group controller.

Configures the odu-type of the signal selected for the ODU group controller.

The odu-type of the signal selected for the ODU group controller.

Rack/Slot/Instance/Port/Lanenumber of the OTU2, OTU2e, and OTU4 controller.

sec-admin-state

loopback [ internal | line ]

Configures the internal or line loopback mode on the OTU2, OTU2e, and OTU4 controller.

Rack/Slot/Instance/Port of the optics controller.

baud-rate rate

Sets baud-rate for this controller in GBd.

bits-per-symbol value

Sets bits-per-symbol for this controller.

(Only for trunk optics controllers) Maximum chromatic dispersion.

The range is –350000 to +350000 ps/nm.

(Only for trunk optics controllers) Minimum chromatic dispersion.

The range is –350000 to +350000 ps/nm.

(Only for trunk optics controllers) Minimum acceptable chromatic dispersion. The CD alarm is raised if the chromatic dispersion goes below this value.

The range is –350000 to +350000 ps/nm.

(Only for trunk optics controllers) Maximum acceptable chromatic dispersion. The CD alarm is raised if the chromatic dispersion exceeds this value.

The range is –350000 to +350000 ps/nm.

(Only for trunk optics controllers) Configures the maximum acceptable Differential Group Delay (DGD) value. The DGD alarm is raised if DGD exceeds this value.

The range is 0–18000 (in the units of 0.01 ps).

Configures the high laser bias current threshold.

The range is 0 to 100%.

(Only for trunk optics controllers) Configures the minimum acceptable Optical Signal to Noise ratio (OSNR) value. The OSNR alarm is raised if OSNR goes below this value.

The range is 0–4000 (in units of 0.01db).

Description of the optics controller.

rx-high-threshold rx-high

Configures high receive power threshold. The range is –400 to 300 (in the units of 0.1 dBm).

rx-low-threshold rx-low

Configures low receive power threshold. The range is –400 to 300 (in the units of 0.1 dBm).

tx-high-threshold tx-high

Configures high transmit power threshold. The range is –400 to 300 dBm (in the units of 0.1 dBm).

tx-low-threshold tx-low

Configures low transmit power threshold. The range is –400 to 300 dBm (in the units of 0.1 dBm).

sec-admin-state

Configures the administrative state of the controller. The values are maintenance or normal.

shutdown

Disables the configuration of the controller.

pm

Configures performance monitoring parameters for 30 second, 15 minute, and 24-hour intervals.

transmit-power transmit-power

(Only for trunk optics controllers) Configures the transmit power. The range is –190 to 30 dBm (in the units of 0.1 dBm).

From Release 7.3.1 onwards, transmit power is supported on the CFP2 DCO optics for the OTN-XP card. The transmit power value is –10 to +1 dBm.

transmit-shutdown

Shuts down the transmit laser.

perf-mon { enable | disable }

Enables or disables performance monitoring.

cd

Configures the chromatic dispersion threshold.

dgd

Configures the differential group delay threshold.

lbc

Configures the laser bias current threshold.

lbc-pc

Configures the laser bias current threshold in percentage.

opr

Configures the optical Rx power threshold in uW.

opr-dbm

Configures the optical Rx power threshold in dBm. The unit is 0.01 dBm. For example, if you want to configure 30.00 dBm, enter 3000.

opt

Configures the optical Tx power threshold in uW.

opt-dbm

Configures the optical Tx power threshold in dBm. The unit is 0.01 dBm.

osnr

Configures the OSNR threshold.

pcr

Configures the Polarization Change Rate (PCR) threshold.

pdl

Configures the Polarization-Dependent Loss (PDL) threshold.

pn

Configures the Phase Noise (PN) threshold.

sopmd

Configures the Second Order Polarization Mode Dispersion (SOPMD) threshold.

rx-sig-pow

Configures the Rx signal power threshold in uW.

rx-sig-pow-dbm

Configures the Rx signal power threshold in dBm. The unit is 0.01 dBm.

filter-roll-off-factor value

Configures the RRC filter roll-off factor. The range is 0 to 1.

rx-voa target-power value

Configures the receive target power. The range is –190 to +30.

rx-voa fixed-ratio value

Configures the receive ratio of optical attenuation. The range is +100 to +1700.

enh-colorless-mode value

Configures the enhanced colorless mode. The range is 1–3.

enh-sop-tol-mode value

Configures the enhanced SOP tolerance mode. The range is 1–3.

nleq-comp-mode value

Configures the non-linear compensation. The range is 1–4.

cross-pol-gain-mode value

Configures the carrier phase recovery cross polarization gain mode. The range is 0–15.

cross-pol-weight-mode value

Configures the carrier phase recovery cross polarization weight mode. The range is 0–15.

cpr-win-mode value

Configures the carrier phase recovery window mode. The range is 1–4.

cpr-ext-win-mode value

Configures the carrier phase recovery extended window mode. The range is 1–9.

submarine-params type value

Configures the proprietary submarine parameters. The range for the type is 1–10 and the range for the value is 1–1000.

fastpoll { enable | disable }

Enables or disables fast polling of SOP data.

ca-name

Name of the CA Server.

system-trustpoint

Generates self-signed root certificate.

ca-name

Name of the CA Server.

system-trustpoint

Generates the leaf certificate.

ca-name

Name of the CA.

Specifies the default system trustpoint.

Specifies key pair generation for the leaf certificate.

Note: Crypto key generation in Config Mode does not support this option.

Specifies key pair generation for the root certificate.

Note: Crypto key generation in Config Mode does not support this option.

Generates an ECDSA key of curve type nistp256, with key size 256 bits.

Generates an ECDSA key of curve type nistp384, with key size 384 bits.

Generates an ECDSA key of curve type nistp521, with key size 521 bits.

Specifies key pair generation for the leaf certificate.

Note: Crypto key generation in Config Mode does not support this option.

Specifies key pair generation for the root certificate.

Note: Crypto key generation in Config Mode does not support this option.

Specifies key pair generation for the leaf certificate.

Note: Crypto key generation in Config mode does not support this option.

Specifies key pair generation for the root certificate.

Note: Crypto key generation in Config mode does not support this option.

usage-keys

(Optional) Generates separate RSA key pairs for signing and encryption.

general-keys

(Optional) Generates a general-purpose RSA key pair for signing and encryption.

keypair-label

(Optional) RSA key pair label that names the RSA key pairs.

Specifies key pair generation for the leaf certificate.

Note: Crypto key generation in Config mode does not support this option.

Specifies key pair generation for the root certificate.

Note: Crypto key generation in Config mode does not support this option.

path

(Optional) This denotes the path to the RSA public key file.

keypair-label

(Optional) Names the RSA key pair to be removed.

address

Specifies the destination address for Smart Call Home.

The format is {http|https}://{FQDN}/its/service/oddce/services/DDCEService

FQDN must be either Cisco Smart Software Manager FQDN (tools.cisco.com) or Smart Licensing satellite server FQDN.

Specifies the tunnel destination (IPv4 address).

email

Enables an e-mail address for the profile.

http

Enables an HTTP URL for the profile.

DH group identifier. The possible values are 19, 20, and 21.

Configures the wavelength in 50GHz grid and 100MHz (0.1GHz) grid spacing respectively in accordance with ITU definition.

Specifies the frequency for the optics controller.

Encrytion algorithm. The possible values are aes-gcm-256, aes-gcm-128, aes-cbc-256, aes-cbc-192, and aes-cbc-128.

number

Number of times NCS 1004 resends a certificate request when NCS 1004 does not receive a certificate from the previous request. The range is from 1 to 100.

minutes

Period (in minutes) between certificate requests issued to a certification authority (CA) from NCS 1004. The range is from 1 to 60 minutes.

CA-URL

URL of the CA server. The URL string must start with http://CA_name, where CA_name is the host Domain Name System (DNS) name or IP address of the CA (for example, http://ca-server).

If the CA cgi-bin script location is not /cgi-bin/pkiclient.exe at the CA (the default CA cgi-bin script location), you must also include the nonstandard script location in the URL, in the form of http://CA-name/script-location, where script-location is the full path to the CA scripts.

Name of the fault profile.

Supports the XR sub-system.

The component the fault profile is applicable to. The available options are:

• ethernet

• sdh_controller

• sonet

• OPTICS

• G709

Sets the severity level for:

• sas (service affecting; impacts traffic)

• nsas (non-service affecting; does not impact traffic)

The available options are:

• Critical

• Major

• Minor

• Non-faulted

• Non-reported

Name of the fault profile.

Sets the profile at the node level or line card levelport level or node level.

retry count

Specifies how many times HTTP Client resends a connection request. Range is from 1 to 5. The default value is 0.

timeout seconds

The time interval (in seconds) that HTTP client waits for a server connection to establish before giving up. Range is from 1 to 60 seconds. The default value is 10 seconds.

timeout seconds

The time interval (in seconds) that HTTP client waits for a response from the server before giving up. Range is from 1 to 300 seconds. The default value is 30 seconds.

ssl version

Specify the SSL version to be used for HTTPS requests. Select one of the following versions:

• tls1.0 - Forces TLSv1.0 to be used for HTTPS requests.

• tls1.1 - Forces TLSv1.1 to be used for HTTPS requests.

• tls1.2 - Forces TLSv1.2 to be used for HTTPS requests.

By default libcurl does not force the TLS version.

secure-verify-host

Verifies the host in peer's certificate. This is enabled by default. To disable, use the command http client secure-verify-host disable

secure-verify-peer

Verifies authenticity of the peer certificate. This is enabled by default. To disable, use the command http client secure-verify-peer disable

ipv4 ip-address

Enter ipv4 address from interface.

ipv6 ip-address

Enter ipv6 address from interface.

scale

Specify the TCP window scale for HTTP requests. Range is 1 to 14.

versionversion

Specify the HTTP version to be used for HTTP requests. Select one of the following versions:

• 1.0 - Forces HTTP1.0 to be used for all HTTP requests.

• 1.1 - Forces HTTP1.1 to be used for all HTTP requests.

• default - libcurl picks up HTTP version automatically.

vrf-name

Specifies the name of the VRF to be used by the HTTP client.

proxy-server-name

Specifies the name of the proxy server.

port-number

Specifies the port for the specified HTTP proxy server.

Specifies the location of the optics controller.

Configures the card in muxponder mode.

Configures the card in muxponder slice configuration. Slice numbers can be 0 or 1.

Specifies the trunk mode when using a Bright ZR+ pluggable module as the trunk pluggable on a QXP card. Use ZR for ethernet and OR for OTN datapath.

Specifies the traffic rate on the client ports. The supported client rates are 100GE and OTU4.

Specifies the traffic rate on the trunk ports. The supported trunk rates are 150G, 200G, 250G, 300G, 350G, 400G, 450G, 500G, 550G, and 600G.

From R7.2.1, you can configure trunk rates of 50G, 100G, and 150G to support Binary Phase-Shift Keying (BPSK) modulation.

drop-lldp

Enables LLDP drop on a muxponder or muxponder slice.

Specifies the AINS configuration in hours and minutes.

Configures the card in Regen mode. The supported trunk rates are 100G to 600G in multiples of 100G.

regen-slice slice-number

Specify the slice number on which you want to enable regen mode. The supported trunk rates are 100G to 400G in multiples of 100G.

Valid values:

• QXP Card: 0 to 5 (Only alternate slices can be configured.)

Configures MAC address or ARP snoop on the client ports.

Turns on the attention LED on all the ports or on a specific port of the line card.

trunk-rate

Specifies the traffic rate on the trunk ports. The supported trunk rates is 100G, 200G, 300G, and 400G.

Specifies client port number.

• Mxponder-slice 0—Client ports 2, 3, 4, and 5 are mapped to the trunk port 0.

• Mxponder-slice 1—Client ports 6, 7, 8, and 9 are mapped to the trunk port 1.

client-type [100GE | OTU4]

Specifies the traffic type on the client ports. The supported client types are 100GE and OTU4.

Specifies the location of the optics controller.

Configures the card in muxponder mode. The muxponder configuration supports two slices, 0 and 1.

Enables the Automatic Protection System on the OTN XP card.

trunk-rate

Specifies the traffic rate on the trunk ports. The supported trunk rates is 100G, 200G, 300G, and 400G.

Specifies client port number.

• Mxponder-slice 0—Client ports 4, 5, and 2 are mapped to the trunk port 0.

• Mxponder-slice 1—Client ports 7, 6, and 11 are mapped to the trunk port 1.

lane lane-number

Specifies client port lane number.

client-type [10GE | OTU2 | OTU2e | 400GE | FC16 | FC32 | oc192 | stm64]

Specifies the traffic type on the client ports. The supported client types are 10GE, OTU2, OTU2e, FC16, FC32, OC192, STM64, and 400GE.

Turns on the attention LED on all the ports or on a specific port of the line card.

IKEv2 policy name upto 32 characters.

Name of the IKEv2 profile.

It specifies that ppk needs to be used and which keyring has the ppk configuration.

name of the keyring configured.

Name of IKEv2 proposal upto 32 characters.

Integrity algorithm type. The possible values are: sha-1, sha-256, sha-384, and sha-512.

Rack/Slot/Instance/Port of the GCC0 interface.

Rack/Slot/Instance/Port/Lane of the GCC2 interface.

Access list name. Names cannot contain a space or quotation marks.

Specifies an inbound interface.

egress

Specifies an outbound interface.

Access list name. Names cannot contain a space or quotation marks.

Specifies an inbound interface.

egress

Specifies an outbound interface.

(Optional) Deletes the primary key for Type 6 password encryption.

Name of the keyring upto 32 characters.

Specifies the name of the peer interface

Specifies whether the Postquantum Preshared Keys (PPK) is dynamic or manual.

Specifies the ip address of the peer interface along with the mask.

Configures the preshared keys for authentication.

Specifies that the preshared key is in cleartext format.

Specifies that the preshared key is a local passphrase.

Specifies that the preshared key is an encrypted string in hexadecimal format.

Specifies that the preshared key is an encrypted string in hexadecimal format. The preshared keystring will be stored in an encoded format when password6 is enabled.

Specifies whether dynamic or manual ppk configuration is mandatory or not.

Specifies the location of the optics controller.

Configures the line card mode.

The LC modes supported on the OTN-XP card are:

• 10G-GREY-MXP

• 40x10G-4x100G-MXP

• 4x100G-MXP-400G-TXP

• FC-MXP

• OTUCn-REGEN

token_id

Specifies the token generated in smart manager.

force

If the registration fails due to communication failure between the device and the portal or satellite, the system waits for 24 hours before attempting to register the device again. Use this option to force the registration.

ID

ID certificates are renewed automatically after six months. In case, the renewal fails, the product instance goes into unidentified state. You can manually renew the ID certificate using this option.

auth

Authorization periods are renewed by the Smart Licensing system every 30 days. As long as the license is in an 'Authorized' or 'Out-of-compliance' (OOC), the authorization period is renewed. Use this command to make an on-demand manual update of your registration. Thus, instead of waiting 30 days for the next registration renewal cycle, you can use this option to instantly find out the status of your license.

After 90 days, the authorization period expires and the status of the associated licenses display "AUTH EXPIRED". Use this option to retry the authorization period renewal. If the retry is successful, a new authorization period begins.

Specifies the lifetime in seconds. The range is from 120 to 86400 seconds.

Specifies the optical unicast IPv4 address.

IP address of the local node.

IP address of the remote node.

Subnet mask address.

Specifies the optical interface ID of the neighbor.