Versions Compared

Old Version 2

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 3

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See Set Command Parameters for parameter descriptions.

Code Block
languagetitlenoneAccount Management
% set system admin <SYSTEM NAME> 
	accountManagement
		accountAging
			accountAgingPeriod <30-180>
			state <disabled | enabled>
		bruteForceAttack
			allowAutoUnlock <disabled | enabled>
			consecutiveFailedAttemptAllowed <1-10>
			state <disabled | enabled>
			unlockTime <30-3600 seconds>
		maxSessions <1-5>
		passwordAging
			passwordAgingPeriod <30-180>
			passwordExpiryWarningPeriod <3-14> 
			state <disabled | enabled>
		sessionIdleTimeout 
			idleTimeout <1-120>
			state <disabled | enabled>
Code Block
titleAudit Log State
% set system admin <SYSTEM NAME> auditLogState <disabled | enabled>
	banner <system
Code Block
titleBanner
% set system admin <SYSTEM NAME> banner <system name>
name>
		ackBanner <disable | enable>
		bannerText <text>
Code Block
titleCLI Set Warning Support 
% set system admin <SYSTEM NAME> 	cliSetWarningSupport <disabled | enabled>
Code Block
titleContact
% set system admin <SYSTEM NAME> contact <contact_info>
Code Block
titleDOD
% set system admin <SYSTEM NAME> 	dod
		cliAccess <disabled | enabled>
		mode <disabled | enabled>
		pmAccess <disabled | enabled>
Code Block
titleDSP Mismatch Action
% set system admin <SYSTEM NAME> dspMismatchAction <preserveCapacity | preserveRedundancy>
Code Block
titleExternal Authentication
% set system admin <SYSTEM NAME> externalAuthenticationEnabled <false | true>
Code Block
titleFIPS-140-2 Mode
% set system admin <SYSTEM NAME> 	externalAuthenticationEnabled <false | true>
	fips-140-2 mode <disabled | enabled>
Code Block
titleLocal Authentication
% set system admin <SYSTEM NAME> localAuthenticationEnabled <false | true>
Code Block
titleLocation
% set system admin <SYSTEM NAME> location <location_info>
Code Block
titlePassword Rules
% set system admin <SYSTEM NAME> 
	passwordRules 
		maximumRepeatingCharsCount <#>
		minimumDiffWithOldPassword <#>
		minimumLength <#>
		minimumNumberOfDigits <#>
		minimumNumberOfLowercaseChars <#>
		minimumNumberOfOtherChars <#>
		minimumNumberOfUppercaseChars <#>
		passwordHistoryDepth <#>
Code Block
titleREST State
% set system admin <SYSTEM NAME> rest state	rest state <disabled | enabled>
	standbyServerState <disabled | enabled>
	utilMonitorStatsInterval <#>
	utilMonitorStatsNumOfPastInterval <#>

Request Command Syntax

See Request Command Parameters for parameter descriptions.

adminRequestSyntax
Multiexcerpt
MultiExcerptName
languagenone
 Code Block
title
Standby Server State
% 
request
set system admin <SYSTEM NAME>

	identify
 
duration
standbyServerState 
<0-255 seconds>
	loadConfig
		allowOldVersion <no 
<disabled | 
yes>
		filename 
	reGenerateSshRsaKeys
	reKeyConfdEncryptionKeys
	removeSavedConfig fileName <filename>
	restart
	revertSoftwareUpgrade revertMode <forced | normal>
	saveConfig fileNameSuffix <suffix>
	softReset
	switchover
	zeroizePersistenKeys
Command Parameters
...
enabled>

 Code Block
titleResource Monitor Stats Interval
% set system admin <SYSTEM NAME> utilMonitorStatsInterval <#>

 Code Block
titleNumber of Past Resource Monitor Stats
% set system admin <SYSTEM NAME> utilMonitorStatsNumOfPastInterval <#> 
Request Command Syntax
See Request Command Parameters for parameter descriptions.
 Multiexcerpt
MultiExcerptNameadminRequestSyntax
 Code Block
languagenone
% request system admin <SYSTEM NAME>
	identify duration <0-255 seconds>
	loadConfig
		allowOldVersion <no | yes>
		filename 
	reGenerateSshRsaKeys
	reKeyConfdEncryptionKeys
	removeSavedConfig fileName <filename>
	restart
	revertSoftwareUpgrade revertMode <forced | normal>
	saveConfig fileNameSuffix <suffix>
	softReset
	switchover
	zeroizePersistenKeys
Command Parameters
 Anchor
set
set
Set Command Parameters
 
 Caption
0Table
1System Admin Parameters (set)
 
admin
 Div
classpdf8pttext
Parameter
Length/Range
Description
admin
N/A
Use this object to specify system name.
accountManagementN/A
Use this feature to manage system level account and password related settings. See Account Management Parameters table below for details.
auditLogState
N/A
Use this flag to specify the management audit log state.
  • disabled 
  • enabled (default)
banner
1-23
Use this parameter to customize the post-login banner from EMA and CLI applications.
  • ackBanner – Enable flag to require user to acknowledge (accept) the banner before gaining access to the system each time the user logs into the system.
    • disabled (default)
    • enabled 
  • bannerText  – Use this parameter to specify the banner text to display when users login to EMA and CLI applications.
 
 Note
"Field Service" and "Operator" user types are not allowed to change the Login Banner configuration.
cliSetWarningSupport
N/A
When this flag is enabled, warning prompts are configured for the "set" command.
  • disabled 
  • enabled (default)
contact
N/A
Use parameter to specify system contact information. (default is "Unknown")
dod
 Div
classpdf6pttext
 Caption
0Table
1System Admin Parameters (set)
Parameter
Length/Range
Description
N/A
Use this object 
 to specify system name.accountManagementN/A
Use this feature to manage system level account and password related settings.
  • accountAging – Use this parameter to enable account aging, and to specify the account expiration duration.
    • accountAgingPeriod – The number of days to elapse, after which the account is locked if left unused (range: 30-180 / default = 30).
    • state – Set flag to "enabled" to enable account aging system-wide.
      • disabled
      • enabled (default)
  • bruteForceAttack – Configuration for defense against brute force OAM password guessing attempts.
    • allowAutoUnlock – Enable Auto Unlock of an account blocked due to consecutive wrong password attempts.
      • disabled (default)
      • enabled 
    • consecutiveFailedAttemptAllowed – Number of consecutive failed login attempts allowed before account is locked. As a safety measure, the system will not lock out the last/only active Administrator user on 
       Spacevars
      0product
       platform. (range: 1-10 / default = 3)
       Note
      You must first set state to 'disabled' before changing the value of consecutiveFailedAttemptAllowed.
    • state – Enable/disable defense against brute force OAM password guessing attempts
      • disabled (default) 
      • enabled 
    • unlockTime – If allowAutoUnlock flag is enabled, this parameter specifies the time (in seconds) to elapse before a locked account automatically unlocks. (range: 30-3600 / default = 30)
  • maxSessions – Maximum number of simultaneous sessions allowed per user (range: 1-5 / default = 2).
  • passwordAging – password expiration related configuration.
    • passwordAgingPeriod – The number of days to elapse, after which a password expires (range: 30-180 / default = 90).
    •  passwordExpiryWarningPeriod – The number of days prior to the password expiry date on which the user receives a warning to change the password (range: 3-14 / default = 12).
    • state – Use this flag to enable/disable password aging feature.
      • disabled
      • enabled (default)
  • sessionIdleTimeout – Session idle timeout related configuration.
    • idleTimeout – The amount of idle time, in minutes, to elapse before ending a session due to inactivity (range: 1-120 / default = 10).
    • state – To use this feature, set this flag to "enabled".
      • disabled 
      • enabled (default)
auditLogState
N/A
Use this flag to specify the management audit log state.
  • disabled 
  • enabled (default)
banner
1-23
Use this parameter to customize the post-login banner from EMA and CLI applications.
  • ackBanner – Enable flag to require user to acknowledge (accept) the banner before gaining access to the system each time the user logs into the system.
    • disabled (default)
    • enabled 
  • bannerText  – Use this parameter to specify the banner text to display when users login to EMA and CLI applications.
 Note
"Field Service" and "Operator" user types are not allowed to change the Login Banner configuration.
cliSetWarningSupport
N/A
When this flag is enabled, warning prompts are configured for the "set" command.
  • disabled 
  • enabled (default)
contact
N/A
Use parameter to specify system contact information. (default is "Unknown")
dodN/A
Use this object to enable DoD mode, and to enable/disable CLI and/or EMA access for temporary troubleshooting and diagnostics.
  • cliAccess – Use this flag to temporarily enable CLI for troubleshooting and diagnostic while the SBC is in DoD mode.
    • disabled (default)
    • enabled 
  • mode – Use this flag to enable/disable DoD Mode.
    • disabled (default)
    • enabled 
  • pmAccess – Use this flag to temporarily enable EMA's Platform Mode for troubleshooting and diagnostic while the SBC is in DoD mode.
    • disabled (default)
    • enabled
 Warning
Enabling CLI and/or EMA for DoD mode lowers the security posture of the SBC. Remember to disable CLI and PM access once troubleshooting and/or diagnostics is completed.
dspMismatchActionN/A
Use this parameter to specify the action to take if a DSP mismatch is detected between the active and standby servers. 
  • preserveCapacity – The Active 
     Spacevars
    0product
     continues to use the extra DSP capacity, as needed, assuming appropriate session licenses are in place; partial redundancy is in effect.
     Note
    If a switchover occurs, calls using the extra, non-matching DSP capacity on Active are not protected during switchover (i.e. partial redundancy).
  • preserveRedundancy (default) – The Active automatically triggers a graceful dry-up in an attempt to align DSP hardware capabilities. Once dry-up completes, the Active SBC uses the protected, matching DSP capacity to preserve redundancy.
     Note
    During the dry-up period, active calls using the extra, non-matching DSP capacity are not protected in the event that a switchover occurs before the dry up completes.
externalAuthenticationEnabled
N/A
The confd CLI user information stored on remote RADIUS server is available for authentication.
  • false (default) 
  • true
fips-140-2 modeN/A
 Use this object to enable FIPS-140-2 mode.
  • disabled (default)
  • enabled 
 Note
Once fips-140-2 mode is enabled, it cannot be 'disabled' through the configuration. A fresh software installation is required to set the FIPS-140-2 mode back to 'disabled'.
For complete details of configuring the 
 Spacevars
0product
 for FIPS 140-2 compliance, see Enabling SBC for FIPS 140-2 Compliance page.
localAuthenticationEnabled
N/A
The confd CLI user information stored locally is available for authentication.
  • false 
  • true (default)
location
N/A
Specifies the physical location of the system.
passwordRules
N/A
The rules implementing confd user password policy.
  • maximumRepeatingCharsCount – Maximum number of consecutive repeating characters in the password. (range: 3-16 / default = 3).
  • minimumDiffWithOldPassword  – The minimum differences between the old and the new passwords (range 1-8 / default - 4).
  • minimumLength – Minimum number of characters that should be present in the password. (range: 8-24 / default = 8)
  • minimumNumberOfDigits – Minimum number of digits that should be present in the password. (range: 0-16 / default = 1)
  • minimumNumberOfLowercaseChars – Minimum number of lower case characters that should be present in the password. (range: 0-16 / default = 1)
  • minimumNumberOfOtherChars –-Minimum number of non-alpha-numeric characters that should be present in the password. (range: 0-16 / default = 1)
  • minimumNumberOfUppercaseChars – Minimum number of upper case characters that should be present in the password. (range: 0-16 / default = 1)
  • passwordHistoryDepth –The number of latest passwords that should be prevented from re-use. (range: 0-10 / default = 4)
restN/A
Enable this flag to allow 
 Spacevars
0series4
 to support REST API. For REST API details, see REST API User's Guide.
  • disabled (default)
  • enabled
standbyServerState
N/A
Use this flag to manually enable or disable standby server if the active server fails.
  • disabled 
  • enabled (default)
utilMonitorStatsInterval
5-60
Specifies time interval for system resource monitoring statistics. This parameter defines the range of timer interval in minutes used by configuration management for measuring the statistics of certain resources. (default = 15).
 Include PageIntervalStatsMustMatchEMSIntervalStatsMustMatchEMS
utilMonitorStatsNumOfPastInterval
1-12
The number of past intervals that can be configured for retrieving the statistics data. (default = 4).
to enable DoD mode, and to enable/disable CLI and/or EMA access for temporary troubleshooting and diagnostics.
  • cliAccess – Use this flag to temporarily enable CLI for troubleshooting and diagnostic while the SBC is in DoD mode.
    • disabled (default)
    • enabled 
  • mode – Use this flag to enable/disable DoD Mode.
    • disabled (default)
    • enabled 
  • pmAccess – Use this flag to temporarily enable EMA's Platform Mode for troubleshooting and diagnostic while the SBC is in DoD mode.
    • disabled (default)
    • enabled
 Warning
Enabling CLI and/or EMA for DoD mode lowers the security posture of the SBC. Remember to disable CLI and PM access once troubleshooting and/or diagnostics is completed.
dspMismatchActionN/A
Use this parameter to specify the action to take if a DSP mismatch is detected between the active and standby servers. 
  • preserveCapacity – The Active 
     Spacevars
    0product
     continues to use the extra DSP capacity, as needed, assuming appropriate session licenses are in place; partial redundancy is in effect.
     Note
    If a switchover occurs, calls using the extra, non-matching DSP capacity on Active are not protected during switchover (i.e. partial redundancy).
  • preserveRedundancy (default) – The Active automatically triggers a graceful dry-up in an attempt to align DSP hardware capabilities. Once dry-up completes, the Active SBC uses the protected, matching DSP capacity to preserve redundancy.
     Note
    During the dry-up period, active calls using the extra, non-matching DSP capacity are not protected in the event that a switchover occurs before the dry up completes.
externalAuthenticationEnabled
N/A
The confd CLI user information stored on remote RADIUS server is available for authentication.
  • false (default) 
  • true
fips-140-2 modeN/A
 Use this object to enable FIPS-140-2 mode.
  • disabled (default)
  • enabled 
 Note
Once fips-140-2 mode is enabled, it cannot be 'disabled' through the configuration. A fresh software installation is required to set the FIPS-140-2 mode back to 'disabled'.
For complete details of configuring the 
 Spacevars
0product
 for FIPS 140-2 compliance, see Enabling SBC for FIPS 140-2 Compliance page.
localAuthenticationEnabled
N/A
The confd CLI user information stored locally is available for authentication.
  • false 
  • true (default)
location
N/A
Specifies the physical location of the system.
passwordRules
N/A
The rules implementing confd user password policy.
  • maximumRepeatingCharsCount – Maximum number of consecutive repeating characters in the password. (range: 3-16 / default = 3).
  • minimumDiffWithOldPassword  – The minimum differences between the old and the new passwords (range 1-8 / default - 4).
  • minimumLength – Minimum number of characters that should be present in the password. (range: 8-24 / default = 8)
  • minimumNumberOfDigits – Minimum number of digits that should be present in the password. (range: 0-16 / default = 1)
  • minimumNumberOfLowercaseChars – Minimum number of lower case characters that should be present in the password. (range: 0-16 / default = 1)
  • minimumNumberOfOtherChars –-Minimum number of non-alpha-numeric characters that should be present in the password. (range: 0-16 / default = 1)
  • minimumNumberOfUppercaseChars – Minimum number of upper case characters that should be present in the password. (range: 0-16 / default = 1)
  • passwordHistoryDepth –The number of latest passwords that should be prevented from re-use. (range: 0-10 / default = 4)
restN/A
Enable this flag to allow 
 Spacevars
0series4
 to support REST API. For REST API details, see REST API User's Guide.
  • disabled (default)
  • enabled
standbyServerState
N/A
Use this flag to manually enable or disable standby server if the active server fails.
  • disabled 
  • enabled (default)
utilMonitorStatsInterval
5-60
Specifies time interval for system resource monitoring statistics. This parameter defines the range of timer interval in minutes used by configuration management for measuring the statistics of certain resources. (default = 15).
 Include Page
IntervalStatsMustMatchEMS
IntervalStatsMustMatchEMS
utilMonitorStatsNumOfPastInterval
1-12
The number of past intervals that can be configured for retrieving the statistics data. (default = 4).
 Caption
0Table
1Account Management Parameters
3Account Management Parameters
 
 Div
classpdf8pttext
Parameter
Length/Range
Description
accountAgingN/A
Use this parameter to enable account aging, and to specify the account expiration duration.
  • accountAgingPeriod – The number of days to elapse, after which the account is locked if left unused (range: 30-180 / default = 30).
  • state – Set flag to "enabled" to enable account aging system-wide.
    • disabled
    • enabled (default)
bruteForceAttackN/A
 Configuration for defense against brute force OAM password guessing attempts.
  • allowAutoUnlock – Enable Auto Unlock of an account blocked due to consecutive wrong password attempts.
    • disabled (default)
    • enabled 
  • consecutiveFailedAttemptAllowed – Number of consecutive failed login attempts allowed before account is locked. As a safety measure, the system will not lock out the last/only active Administrator user on 
     Spacevars
    0product
     platform. (range: 1-10 / default = 3)
     Note
    You must first set state to 'disabled' before changing the value of consecutiveFailedAttemptAllowed.
  • state – Enable/disable defense against brute force OAM password guessing attempts
    • disabled (default) 
    • enabled 
  • unlockTime – If allowAutoUnlock flag is enabled, this parameter specifies the time (in seconds) to elapse before a locked account automatically unlocks. (range: 30-3600 / default = 30)
bruteForceAttackOSN/A
Use this configuration to defend against brute force attacks to Linux OS.
  • OSstate – Enable this flag to defend the Linux OS against brute force attacks.
    • enabled
    • disabled (default)
  • allowOSAutoUnlock – Enable this flag to automatically unlock the Linux OS account after a configurable number of seconds set by unlockOSTime parameter. 
    • enabled
    • disabled (default)
  • consecutiveFailedOSAttemptAllowed – Number of consecutive failed login attempts allowed before account is locked. (range: 1-10 / default = 3)
  • unlockOSTime – Time interval after which the disabled Linux OS account will automatically unlock. (range: 30-5400 seconds  / default = 30 seconds)
maxSessions1-5
Maximum number of simultaneous sessions allowed per user (default = 2).
passwordAgingN/A
Password expiration related configuration.
  • passwordAgingPeriod – The number of days to elapse, after which a password expires (range: 30-180 / default = 90).
  • passwordExpiryWarningPeriod – The number of days prior to the password expiry date on which the user receives a warning to change the password (range: 3-14 / default = 12).
  • state – Use this flag to enable/disable password aging feature.
    • disabled
    • enabled (default)
sessionIdleTimeoutN/A
Session idle timeout related configuration.
    • idleTimeout – The amount of idle time, in minutes, to elapse before ending a session due to inactivity (range: 1-120 / default = 10).
    • state – To use this feature, set this flag to "enabled".
      • disabled 
      • enabled (default)
 
 Anchor
request
request
Request Command Parameters
pdf6pttext
 Multiexcerpt
MultiExcerptNameadminRequestParameters
 Div
class
 Caption
0Table
1System Admin Parameters (request)
 
 Div
classpdf8pttext
Parameter
Length/Range
Description
identify
0-255
Turn on/off the locator LED of the specified server for the amount of time set with the duration sub-parameter below.
  • duration – The duration (in seconds) to illuminate the locator LED of specified server. The LED illuminates for the specified number of seconds and then extinguishes. A duration of "0" turns off the locator LED and a duration of "255" turns on the locator LED indefinitely. If the duration is not specified, 15 seconds is set as the default value.
loadConfig
N/A
Load saved configuration and restart the system without rebooting the servers.
  • allowOldVersion – This option is only intended for use to override checks for older releases which do not identify their version. In this case, the follow error results. Follow the instructions given: 

    "There is no version identifier on the saved file. Use the allowOldVersion parameter only if you are sure the version of the saved configuration file is compatible with the running software version."
    • no 
    • yes 
  • filename – Enter the configuration file to load.
 Note
In a redundant system, using loadConfig restarts both CEs.
 Note
If "reason Configuration file version not compatible with current software version. matrixFileNotAvailable" error is returned, the lswuMatrixSBX5000.bin/lswuMatrixSBX5000.txt file is missing from the/opt/sonus directory. You must must restore these files from the release package of the currently running software with the name pattern of "sbc-V0X.YY.ZZRQQQ.x86_64.tar.gz". Unzip and untar the current release's tar.gz file in that directory, return to the CLI and perform the command again.
reGenerateSshRsaKeysN/AUse this control to regenerate all SSH keys.
reKeyConfdEncryptionKeysN/A
Use this control to regenerate system configuration database encryption keys.
 Note
 Spacevars
0company
 recommends backing up current encrypted parameters in plaintext, if possible. 
 Spacevars
0company
 further recommends performing a full configuration backup immediately after this activity has successfully completed.
removeSavedConfig
N/A
Remove the saved configuration from the system.
  • fileName – Specify filename of configuration to remove from the system.
restart
N/A
Restart system (all CEs).
revertSoftwareUpgrade
N/A
Use this control to revert the last live software upgrade using one of the following selectable revert modes:
  • revertMode 
  • forced 
  • normal
saveConfig
N/A
Save the current configuration.
  • fileNameSuffix – Use this parameter to specify the filename suffix to use when saving the configuration.
softReset
N/A
Restart the applications on the system without rebooting the server(s).
switchover
N/A
Perform a switchover of the management applications and restart all applications on currently active server.
zeroizePersistenKeysN/A
Use this control to securely erase all persistent CSPs from the system. The 
 Spacevars
0product
 server reboots after confirmation.
Command Examples
The following example displays system administrative information:
...