You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 13
Next »
The request system
command applies to both system-level and configure modes except where noted. The following objects apply to this command:
admin
Command Syntax
% request system admin <SYSTEM NAME>
loadConfig
allowOldVersion <no | yes>
filename
reGenerateSshRsaKeys
reKeyConfdEncryptionKeys
removeSavedConfig fileName <filename>
restart
saveConfig fileNameSuffix <suffix>
setHaConfig
bondMonitoring <currentValue | direct-connect | network-connect>
leaderElection <currentValue | enhanced | standard>
softReset
switchover
verifyDatabaseIntegrity <activeAndStandbyPolicy | activeConfigAndActivePolicy | all>
zeroizePersistenKeys
Command Parameters
System Admin Parameters (request)
Parameter | Description |
---|
loadConfig
| Load saved configuration and restart the system without rebooting the servers. NOTE: In a redundant system, using loadConfig restarts both CEs NOTE: If "reason Configuration file version not compatible with current software version. matrixFileNotAvailable " error is returned, the lswuMatrixSBX5000.bin/lswuMatrixSBX5000.txt file is missing from the/opt/sonus directory. You must must restore these files from the release package of the currently running software with the name pattern of "sbc-V0X.YY.ZZRQQQ.x86_64.tar.gz". Unzip and untar the current release's tar.gz file in that directory, return to the CLI and perform the command again. |
reGenerateSshRsaKeys | Use this control to regenerate all SSH keys. |
reKeyConfdEncryptionKeys | Use this control to regenerate system configuration database encryption keys. NOTE: Unable to show "metadata-from": No such page "_space_variables" recommends backing up current encrypted parameters in plaintext, if possible. Unable to show "metadata-from": No such page "_space_variables" further recommends performing a full configuration backup immediately after this activity has successfully completed. |
removeSavedConfig
| Remove the saved configuration from the system. fileName – Specify filename of configuration to remove from the system.
|
restart
| Restart system (all CEs). |
saveConfig
| Save the current configuration. fileNameSuffix – Use this parameter to specify the filename suffix to use when saving the configuration.
|
setHaConfig | Use this action command to configure SBC for Geographical Redundancy High Availability (GRHA) mode when active and standby servers are located in two different data centers to protect SBCs against data center and network failures. To configure/change just one setting, use currentValue option for the other setting. bondMonitoring – Select the bond monitoring type for GRHA mode.currentValue direct-connect network-connect
leaderElection – Select the leader election algorithm type to use for GRHA mode.currentValue enhanced standard
References: NOTE: |
softReset
| Restart the applications on the system without rebooting the server(s). |
switchover
| Perform a switchover of the management applications and restart all applications on currently active server. |
verifyDatabaseIntegrity | Use this command to verify that the Unable to show "metadata-from": No such page "_space_variables" policy and configuration databases on the active server are in sync and that the policy databases on the active and standby servers are in sync. Because these commands take a few seconds to execute, it is not advisable to constantly run these commands on systems.activeAndStandbyPolicy – Check if policy databases on the active and standby servers are in sync.activeConfigAndActivePolicy – Check if the policy and configuration databases on the active server are in sync.all – Perform both of the above checks.
To view the results of the above checks, use the 'show table system databaseIntegrity' command. See Show Table System for details. |
zeroizePersistenKeys | Use this control to securely erase all persistent CSPs from the system. The Unable to show "metadata-from": No such page "_space_variables" server reboots after confirmation. |
ethernetPort
Command Syntax
% request system ethernetPort packetAdmin <host name> <pkt0 | pkt1> switchover
Command Parameter
Ethernet Port 'request' Parameter
Parameter | Description |
---|
switchover
| Use this parameter to initiate a port switchover within a redundancy pair. Note: The switchover command only applies to pkt0 and pkt1 on Unable to show "metadata-from": No such page "_space_variables" active CE. |
ipPolicing
Command Syntax
> request system ipPolicing resetOffendersList <OffendersList name>
aclOffendersList
aggregateOffendersList
arpOffendersList
badEtherIpHdrOffendersList
discardRuleOffendersList
ipSecDecryptOffendersList
mediaOffendersList
rogueMediaOffendersList
uFlowOffendersList
Offenders List Details
ACL Offenders List – The Access Control List policer offenders list.
Aggregate Offenders List – The aggregate policer offenders list.
ARP Offenders List – The ARP policer offenders list.
Bad Ethernet IP Header Offenders List – The bad Ethernet/IP Header policer offenders list. Ethernet/IP headers are considered bad under the following conditions:
Only broadcast ARP packets are allowed; all other broadcast packets are considered bad.
Anything other than the following unicast/multicast ICMPV6 packets are considered bad.
- Type 2 (Packet too big)
- Type 3 (ICMP Time exceeded) Code 0 (hop limit exceeded).
- Type 128 (ICMPV6 Echo request)
- Type 129 (ICMPV6 Echo reply)
- Type 135 Neighbor Solicitation
- Type 136 Neighbor Advertisement
Anything other than the following unicast ICMPV4 packets are considered bad:
Type 0 Echo Reply
Type 3 Code 4 (Destination unreachable, fragmentation required)
Type 8 Echo Request
Type 11 Code 0 (Time Exceeded, TTL expired)
Only ICMPV6 neighbor discovery packets are allowed under multicast MAC address. Anything else is considered bad.
If DestMAC is zero, it is considered a bad packet.
Anything other than ethertype (IPV4, IPV6, VLAN) is considered bad.
IP Checksum error is considered bad.
IP version other than 4 or 6 is considered bad.
Bad IP Header length
Packet that is not long enough to contain IP header.
TTL == 0 is considered bad.
IPV4 with options set is considered bad.
IPV6 with initial next header field of 0, 60, or 43 is considered bad.
Discard Rule Offenders List – The table of statistics for the discard rule offenders list. For example: ACLi discard rule packets.
IPsec Decrypt Offenders List – The table of statistics for the IPsec Decrypt policer offenders list. For example:
Bad IPsec packet
Authentication error
Invalid SSID
IPsec protocol == AH
Media Offenders List – The table of statistics for the media policer offenders list. For example: Media packets exceeding the policing value.
Rogue Media Offenders List – The table of statistics for the rogue media policer offenders list. For example:
- UPD packets received in the media port range, but the destination UDP port is not allocated for media call
- Media packets where source port, source address or destination address do not match the allocated media resource
uFlow Offenders List – The table of statistics for the Micro Flow policer offenders list. For example: Microflow packet exceeding the policing rate.
logout
Command Syntax
> request system logout user <user_Id>
policyServer
Command Syntax
> request system policyServer remoteServer <server_name>
security
For additional security configuration details, see PKI Security - CLI.
Command Syntax
% request system security
generateSipHeaderEncryptionKeys
pki
certificate <certificate name>
generateCSR
csrSub (max 255 chars)
keySize (ketSize1K | keySize2K)
subjectAlternativeDnsName (0-512 chars)
importCert certContent (max 4096 chars)
retrieveCertContent
uploadCertificate
Command Parameters
request system security Parameters
Parameter | Description |
---|
generateSipHeaderEncryptionKeys
| Use this command to generate header encryption keys. A "Success" or "Failure" indication is returned. The SBC then adds the key-Id to each encrypted header based on which key is selected as the correct key for decryption. The SBC stores up to two sets of keys at any given time. There is no limit to the number of times this command may be executed. Additionally, there is no specific time delay required before reissuing the command. NOTE: Generating new keys too frequently may lead to a situation where the SBC receives a request with an expired key-id (i.e. the current header encryption key is over-written due to the new key generation) causing unsuccessful decryption of headers. This may lead to call failures any calls caught in the transition to the new key-id. |
pki | PKI certification configuration details. certificate <certificateName> – The name for a collection of certificates configured on SBC.generateCSR – Use this parameter to generate CSR (Certificate Signing Request).importCert certContent – Import PEM format certificate (max 4096 characters).retrieveCertContent – Retrieve content of an existing PKI certificate (local, local-internal and remote).
uploadCertificate – Upload a pk12 certificate.
|
Command Example
To retrieve certificate content of an existing PKI certificate:
% request system security pki certificate server retrieveCertContent
result Certificate:
Data:
Version: 1 (0x0)
Serial Number: 13211600523504912060 (0xb75908ad95e006bc)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=MA, L=Westford, O=VeriSign
Validity
Not Before: Apr 28 09:56:54 2015 GMT
Not After : Jul 12 09:56:54 2033 GMT
Subject: C=IN, ST=TN, L=Chennai
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:80:dc:59:0a:8d:98:19:0b:bd:be:fd:ab:6c:
f7:e9:b6:28:d9:e8:fe:a5:84:fb:45:d9:16:97:f5:
fc:9f:df:7b:5b:03:6e:34:38:3f:10:2b:d0:d8:d6:
4a:03:5f:2a:78:85:4c:65:d4:0d:a6:e2:d3:be:1a:
fc:8b:96:a1:db:15:16:74:3e:9f:2a:34:95:88:6a:
49:3b:1e:78:15:bf:5c:e8:ec:a3:0d:8b:d4:2a:39:
d6:17:c1:a8:88:94:36:23:23:d5:3b:2c:49:fb:15:
d3:e6:7f:72:b0:e4:3d:e6:3a:44:f3:ac:a2:d3:2a:
62:f7:2f:d1:d4:a1:82:fe:03:57:49:1d:6b:12:14:
2c:28:f8:ef:6c:e0:c2:36:8c:7f:77:2a:32:d9:ce:
c7:9e:fc:4f:20:aa:43:db:b1:77:16:e9:d5:b5:44:
ff:06:8a:85:d4:74:63:af:3c:5e:f3:a3:e0:83:5a:
40:d1:5d:fc:84:36:34:b4:8b:ac:f1:5b:2c:b6:0e:
97:bc:1b:cd:a4:f8:17:b3:81:42:41:db:09:bb:79:
42:1f:92:dc:43:52:ca:78:e3:db:3d:db:e9:f6:39:
15:eb:3a:09:e5:ab:eb:18:5f:7e:14:ec:f9:b6:04:
9e:f5:6d:73:f4:ea:85:c4:4a:1f:5a:01:8f:2e:94:
b6:0d
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
1a:91:c0:8a:b8:66:4b:a2:67:bc:99:4f:b4:0b:f8:bc:67:0e:
de:23:37:42:bc:dd:96:64:7c:ef:e1:05:c7:eb:92:06:fa:ef:
7b:72:ee:7f:26:b5:1c:39:b5:f2:b2:04:6e:2e:0c:1d:7e:1f:
7a:87:b8:8b:9c:25:e2:8f:77:6f:ac:bb:a0:63:28:51:4f:7c:
35:30:ad:31:24:85:f3:99:6d:c2:f8:33:eb:49:45:ed:ab:26:
97:f4:04:a7:0a:06:dd:40:c3:f6:1a:0e:ec:72:0f:40:65:ab:
34:4a:dc:51:2b:f3:61:b6:3a:1c:26:09:a1:af:37:dc:bf:a5:
ba:dd
No Trusted Uses.
No Rejected Uses.
Alias: Server Cert
Key Id: 79:70:FC:99:1A:2B:15:A7:A1:33:21:F7:8A:57:0C:A7:07:7B:96:35
status 0
serverAdmin
Command Syntax
> request system serverAdmin <server_name>
forceCoreDump coreDumpType <full | partial>
removeCoredump coredumpFileName <filename>
restart
softReset
startSoftwareUpgrade
integrityCheck <perform | skip>
package <pkg_name>
rpmName <name>
versionCheck <perform | skip>
Command Parameters
'request system serverAdmin' Command Parameters
Parameter | Description |
---|
<serverName>
| The unique name of the server. |
forceCoreDump | Use this command to force the termination of a fixed set of application processes with accompanying core dumps for troubleshooting purposes. By default, a full dump is performed if no option is specified. Before the command executes, the user is prompted to confirm or cancel the operation. If canceled, no further action is taken, and application operation is not affected. coreDumpType – Choose an option below:full (default) – Full set of processes to dump (see Table 2 below).partial – Partial set of processes to dump (see Table 3 below).
|
removeCoredump | Use this object to remove the specified coredump from the chosen server. coredumpFileName <filename> – The name of the coredump file.
|
restart | Restart the specified server. |
softReset | Restart the application on the server without rebooting the server. |
startSoftwareUpgrade | Use this control to start a software upgrade on the specified server. |
Full Application Process List
CamProcess | ChmProcess | CpxAppProc | DiamProcess |
DnsProcess | DsProcess | EmaProcess | EnmProcessMain |
FmMasterProcess | IkeProcess | ImProcess | IpmProcess |
PathchkProcess | PesProcess | PipeProcess | PrsProcess |
RtmProcess | SamProcess | ScmProcess_0 | ScmProcess_1 |
ScmProcess_2 | ScmProcess_3 | ScpaProcess | SmProcess |
SsaProcess | SsreqProcess | | |
Partial Application Process List
Process | PrsProcess | RtmProcess |
SamProcess | ScmProcess_0 | ScmProcess_1 |
ScmProcess_2 | ScmProcess_3 | SmProcess |
Command Examples
To set bond monitoring type to 'network-connect' and leader election algorithm type to 'enhanced':
% request system admin sbx1 setHaConfig bondMonitoring network-connect leaderElection enhanced
To set bond monitoring type to 'direct-connect' and retain current setting of leader election algorithm:
% request system admin sbx1 setHaConfig bondMonitoring direct-connect leaderElection currentValue