...
Noprint | |||||||||
---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
Use the admin
object to configure the following system administration-related parameters in object on the
Spacevars | ||
---|---|---|
|
Command syntax for the set
command is shown below.
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement
accountAging
accountAgingPeriod <30-180>
state <disabled | enabled>
bruteForceAttack
allowAutoUnlock <disabled | enabled>
consecutiveFailedAttemptAllowed <1-10>
state <disabled | enabled>
unlockTime <30-3600 seconds>
maxSessions <1-5>
passwordAging
passwordAgingPeriod <30-180>
passwordExpiryWarningPeriod <3-14>
state <disabled | enabled>
sessionIdleTimeout
idleTimeout <1-120>
state <disabled | enabled> |
...
title | Audit Log State |
---|
...
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> banner <system name>
ackBanner <disable | enable>
bannerText <text>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> cliSetWarningSupport <disabled | enabled>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> contact <contact_info>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> dod
cliAccess <disabled | enabled>
mode <disabled | enabled>
pmAccess <disabled | enabled>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> dspMismatchAction <preserveCapacity | preserveRedundancy>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> externalAuthenticationEnabled <false | true>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> fips-140-2 mode <disabled | enabled>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> localAuthenticationEnabled <false | true>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> location <location_info> |
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> passwordRules
maximumRepeatingCharsCount <#>
minimumDiffWithOldPassword <#>
minimumLength <#>
minimumNumberOfDigits <#>
minimumNumberOfLowercaseChars <#>
minimumNumberOfOtherChars <#>
minimumNumberOfUppercaseChars <#>
passwordHistoryDepth <#>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> rest state <disabled | enabled>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> standbyServerState <disabled | enabled>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> utilMonitorStatsInterval <#>
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> utilMonitorStatsNumOfPastInterval <#> |
...
0 | Table |
---|---|
1 | System Admin Parameters (set) |
Div | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Parameter | Length/Range | Description | ||||||||
| N/A | Use this object to specify system name. | ||||||||
accountManagement | N/A | Use this feature to manage system level account and password related settings. See Account Management Parameters table below for details. | ||||||||
| N/A | Use this flag to specify the management audit log state.
| ||||||||
| 1-23 | Use this parameter to customize the post-login banner from EMA and CLI applications.
| ||||||||
| N/A | When this flag is enabled, warning prompts are configured for the "set" command.
| ||||||||
| N/A | Use parameter to specify system contact information. (default is "Unknown") | ||||||||
dod | N/A | Use this object to enable DoD mode, and to enable/disable CLI and/or EMA access for temporary troubleshooting and diagnostics.
| ||||||||
dspMismatchAction | N/A | Use this parameter to specify the action to take if a DSP mismatch is detected between the active and standby servers.
| ||||||||
| N/A | The confd CLI user information stored on remote RADIUS server is available for authentication.
| ||||||||
fips-140-2 mode | N/A | Use this object to enable FIPS-140-2 mode.
For complete details of configuring the
| ||||||||
| N/A | The confd CLI user information stored locally is available for authentication.
| ||||||||
| N/A | Specifies the physical location of the system. | ||||||||
| N/A | The rules implementing confd user password policy.
| ||||||||
rest | N/A | Enable this flag to allow
| ||||||||
| N/A | Use this flag to manually enable or disable standby server if the active server fails.
|
| 5-60 | ||||||
Include Page | IntervalStatsMustMatchEMS | IntervalStatsMustMatchEMS | ||||||||
| 1-12 | The number of past intervals that can be configured for retrieving the statistics data. (default = 4). |
Caption | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Div | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||
|
Command syntax for the request
command is shown below.
Multiexcerpt | |||||
---|---|---|---|---|---|
| |||||
|
...
MultiExcerptName | adminRequestParameters |
---|
Caption | ||||
---|---|---|---|---|
| ||||
|
...
class | pdf8pttext |
---|
...
Parameter
...
Description
...
identify
...
Turn on/off the locator LED of the specified server for the amount of time set with the duration
sub-parameter below.
duration
– The duration (in seconds) to illuminate the locator LED of specified server (range: 0-255). The LED illuminates for the specified number of seconds and then extinguishes. A duration of "0" turns off the locator LED and a duration of "255" turns on the locator LED indefinitely. If the duration is not specified, 15 seconds is set as the default value....
loadConfig
Load saved configuration and restart the system without rebooting the servers.
...
no
yes
| ||||
|
...
filename
– Enter the configuration file to load.
Note |
---|
In a redundant system, using loadConfig restarts both CEs. |
Note |
---|
If " |
...
Use this control to regenerate system configuration database encryption keys.
Note | ||||||||
---|---|---|---|---|---|---|---|---|
|
...
removeSavedConfig
...
Remove the saved configuration from the system.
fileName
– Specify filename of configuration to remove from the system....
restart
...
Restart system (all CEs).
...
saveConfig
...
Save the current configuration.
fileNameSuffix
– Use this parameter to specify the filename suffix to use when saving the configuration....
Use this action command to configure SBC for Geographical Redundancy High Availability (GRHA) mode when active and standby servers are located in two different data centers to protect SBCs against data center and network failures. To configure/change just one setting, use currentValue
option for the other setting.
bondMonitoring
– Select the bond monitoring type for GRHA mode.currentValue
direct-connect
network-connect
leaderElection
– Select the leader election algorithm type to use for GRHA mode.currentValue
enhanced
standard
References:
...
softReset
...
Restart the applications on the system without rebooting the server(s).
...
switchover
...
Perform a switchover of the management applications and restart all applications on currently active server.
...
Use this command to verify that the
Spacevars | ||
---|---|---|
|
activeAndStandbyPolicy
– Check if policy databases on the active and standby servers are in sync.activeConfigAndActivePolicy
– Check if the policy and configuration databases on the active server are in sync.all
– Perform both of the above checks.To view the results of the above checks, use the 'show table system
databaseIntegrity'
command. See Show Table System for details.
...
Use this control to securely erase all persistent CSPs from the system. The
Spacevars | ||
---|---|---|
|
The following example displays system administrative information:
Code Block | ||
---|---|---|
| ||
% show system admin
admin sbx1 {
auditLogState enabled;
dspMismatchAction preserveRedundancy;
passwordRules {
minimumLength 8;
minimumNumberOfUppercaseChars 1;
minimumNumberOfLowercaseChars 1;
minimumNumberOfDigits 1;
minimumNumberOfOtherChars 1;
passwordHistoryDepth 4;
maximumRepeatingCharsCount 3;
minimumDiffWithOldPassword 4;
}
fips-140-2 {
mode disabled;
}
dod {
mode disabled;
}
} |
The following example turns on locator LED for 60 seconds:
Code Block | ||
---|---|---|
| ||
% request system admin SBC01 identify duration 60
result success
reason Identifying server(s)...
[ok][2012-12-28 08:46:19] |
The following example sets the Banner content to require user acknowledgement:
Code Block | ||
---|---|---|
| ||
% set system admin SBC01 banner ackBanner enabled bannerText "This computer system, including all related equipment and network devices (including Internet access), are provided for authorized use only"
% commit |
The following example uses the Account Management feature to accomplish the following actions:
Spacevars | ||
---|---|---|
|
Code Block | ||
---|---|---|
| ||
% set system admin MYSBC accountManagement bruteForceAttack state enabled allowAutoUnlock enabled consecutiveFailedAttemptAllowed 3 unlockTime 300
% show system admin MYSBC accountManagement bruteForceAttack
state enabled;
consecutiveFailedAttemptAllowed 3;
allowAutoUnlock enabled;
unlockTime 300;
|
To set bond monitoring type to 'network-connect' and leader election algorithm type to 'enhanced':
Code Block | ||
---|---|---|
| ||
% request system admin sbx1 setHaConfig bondMonitoring network-connect leaderElection enhanced |
To set bond monitoring type to 'direct-connect' and retain current setting of leader election algorithm:
Code Block | ||
---|---|---|
| ||
% request system admin sbx1 setHaConfig bondMonitoring direct-connect leaderElection currentValue |
Pagebreak |
---|