Configuration Command Reference Guide
Authority configuration is the top-most level in the SSR configuration hierarchy.
Subcommands
command | description |
---|
access-management | Role Based Access Control (RBAC) configuration. |
asset-connection-resiliency | Configure Asset Connection Resiliency |
backwards-compatible-vrf-bgp-tenants | When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3 |
bgp-service-generation | Configure Bgp Service Generation |
cli-messages | Configure Cli Messages |
client-certificate | The client-certificate configuration contains client certificate content. |
clone | Clone a list item |
conductor-address | IP address or FQDN of the conductor |
currency | Local monetary unit. |
delete | Delete configuration data |
district | Districts in the authority. |
dscp-map | Configure Dscp Map |
dynamic-hostname | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'. |
fib-service-match | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. |
forward-error-correction-profile | A profile for Forward Error Correection parameters, describing how often to send parity packets. |
icmp-control | Settings for ICMP packet handling |
idp-profile | User defined IDP profiles. |
ipfix-collector | Configuration for IPFIX record export. |
ipv4-option-filter | Configure Ipv 4 Option Filter |
ldap-server | LDAP Servers against which to authenticate user credentials. |
management-service-generation | Configure Management Service Generation |
metrics-profile | A collection of metrics |
name | The identifier for the Authority. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
password-policy | Password policy for user's passwords. |
pcli | Configure the PCLI. |
performance-monitoring-profile | A performance monitoring profile used to determine how often packets should be marked. |
radius-server | Radius Servers against which to authenticate user credentials. |
rekey-interval | Hours between security key regeneration. Recommended value 24 hours. |
remote-login | Configure Remote Login |
resource-group | Collect objects into a management group. |
router | The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies. |
routing | authority level routing configuration |
security | The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets. |
service | The service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services. |
service-class | Defines the association between DSCP value and a priority queue. |
service-policy | A service policy, which defines parameters applied to services that reference the policy |
session-record-profile | A profile to describe how to collect session records. |
session-recovery-detection | Configure Session Recovery Detection |
session-type | Type of session classification based on protocol and port, and associates it with a default class of service. |
show | Show configuration data for 'authority' |
software-update | Configure Software Update |
step | Configure Step |
step-repo | List of Service and Topology Exchange Protocol repositories. |
tenant | A customer or user group within the Authority. |
traffic-profile | A set of minimum guaranteed bandwidths, one for each traffic priority |
trusted-ca-certificate | The trusted-ca-certificate configuration contains CA certificate content. |
web-messages | Configure Web Messages |
web-theme | Configure Web Theme |
Role Based Access Control (RBAC) configuration.
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
role | Configure Role |
show | Show configuration data for 'access-management' |
token | Configuration for HTTP authentication token generation. |
Configure Role
Usage
configure authority access-management role <name>
Positional Arguments
name | description |
---|
name | A unique name that identifies this role. |
Subcommands
command | description |
---|
capability | The capabilities that this user will be granted. |
clone | Clone a list item |
delete | Delete configuration data |
description | A description about the role. |
exclude-resource | Exclude a resource from being associated with this role. |
name | A unique name that identifies this role. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource | Associate this role with a resource. |
resource-group | Associate this role with a top-level resource-group. |
show | Show configuration data for 'role' |
The capabilities that this user will be granted.
Usage
configure authority access-management role capability [<identityref>]
Positional Arguments
name | description |
---|
identityref | Value to add to this list |
A description about the role.
Usage
configure authority access-management role description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Exclude a resource from being associated with this role.
Usage
configure authority access-management role exclude-resource <id>
Positional Arguments
name | description |
---|
id | Configure Id |
Subcommands
command | description |
---|
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'exclude-resource' |
Configure Id
Usage
configure authority access-management role exclude-resource id [<resource-id>]
Positional Arguments
name | description |
---|
resource-id | The value to set for this field |
A unique name that identifies this role.
Usage
configure authority access-management role name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this role with a resource.
Usage
configure authority access-management role resource <id>
Positional Arguments
name | description |
---|
id | Configure Id |
Subcommands
command | description |
---|
delete | Delete configuration data |
generated | Indicates whether or not the resource was automatically generated |
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'resource' |
Indicates whether or not the resource was automatically generated
Usage
configure authority access-management role resource generated [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Id
Usage
configure authority access-management role resource id [<resource-id>]
Positional Arguments
name | description |
---|
resource-id | The value to set for this field |
Associate this role with a top-level resource-group.
Usage
configure authority access-management role resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Configuration for HTTP authentication token generation.
Subcommands
command | description |
---|
delete | Delete configuration data |
expiration | Minutes after initial authentication that the authentication token is valid. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'token' |
Minutes after initial authentication that the authentication token is valid.
Usage
configure authority access-management token expiration [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Description
Units: minutes
Configure Asset Connection Resiliency
Subcommands
command | description |
---|
delete | Delete configuration data |
enabled | Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'asset-connection-resiliency' |
Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
Usage
configure authority asset-connection-resiliency enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3
Usage
configure authority backwards-compatible-vrf-bgp-tenants [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Bgp Service Generation
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
route-reflector-client-mesh | Generate service-route mesh for route reflector clients. |
security-policy | Security policy to be used instead of 'internal'. |
service-policy | Service policy to be used for generated BGP services. |
show | Show configuration data for 'bgp-service-generation' |
Generate service-route mesh for route reflector clients.
Usage
configure authority bgp-service-generation route-reflector-client-mesh [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Security policy to be used instead of 'internal'.
Usage
configure authority bgp-service-generation security-policy [<security-ref>]
Positional Arguments
name | description |
---|
security-ref | The value to set for this field |
Service policy to be used for generated BGP services.
Usage
configure authority bgp-service-generation service-policy [<service-policy-ref>]
Positional Arguments
name | description |
---|
service-policy-ref | The value to set for this field |
Configure Cli Messages
Subcommands
command | description |
---|
delete | Delete configuration data |
login-message | The message displayed before login through console. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'cli-messages' |
welcome-message | The message displayed after a successful login through console. |
The message displayed before login through console.
Usage
configure authority cli-messages login-message [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The message displayed after a successful login through console.
Usage
configure authority cli-messages welcome-message [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The client-certificate configuration contains client certificate content.
Usage
configure authority client-certificate <name>
Positional Arguments
name | description |
---|
name | An identifier for the client certificate. |
Subcommands
command | description |
---|
content | Client certificate content. |
delete | Delete configuration data |
name | An identifier for the client certificate. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'client-certificate' |
configure authority client-certificate content
Client certificate content.
Usage
configure authority client-certificate content [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
An identifier for the client certificate.
Usage
configure authority client-certificate name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
IP address or FQDN of the conductor
Usage
configure authority conductor-address [<hostv4>]
Positional Arguments
name | description |
---|
hostv4 | Value to add to this list |
Local monetary unit.
Usage
configure authority currency [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Districts in the authority.
Usage
configure authority district <name>
Positional Arguments
name | description |
---|
name | Name of the district. |
Subcommands
command | description |
---|
delete | Delete configuration data |
name | Name of the district. |
neighborhood | Neighborhoods which belong to this district. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this district with a top-level resource-group. |
show | Show configuration data for 'district' |
Name of the district.
Usage
configure authority district name [<non-default-district-name>]
Positional Arguments
name | description |
---|
non-default-district-name | The value to set for this field |
Neighborhoods which belong to this district.
Usage
configure authority district neighborhood [<neighborhood-id>]
Positional Arguments
name | description |
---|
neighborhood-id | Value to add to this list |
Associate this district with a top-level resource-group.
Usage
configure authority district resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Configure Dscp Map
Usage
configure authority dscp-map <name>
Positional Arguments
name | description |
---|
name | The name of the DSCP map |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-prioritization | Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode. |
dscp-traffic-class | Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode. |
name | The name of the DSCP map |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this DSCP map with a top-level resource-group. |
show | Show configuration data for 'dscp-map' |
Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode.
Usage
configure authority dscp-map dscp-prioritization <priority>
Positional Arguments
name | description |
---|
priority | The priority assigned to the incoming DSCP value. |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-range | Configure Dscp Range |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
priority | The priority assigned to the incoming DSCP value. |
show | Show configuration data for 'dscp-prioritization' |
Configure Dscp Range
Usage
configure authority dscp-map dscp-prioritization dscp-range <start-value>
Positional Arguments
name | description |
---|
start-value | Lower DSCP number. |
Subcommands
command | description |
---|
delete | Delete configuration data |
end-value | Upper DSCP number. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-range' |
start-value | Lower DSCP number. |
Upper DSCP number.
Usage
configure authority dscp-map dscp-prioritization dscp-range end-value [<dscp-end-value>]
Positional Arguments
name | description |
---|
dscp-end-value | The value to set for this field |
Lower DSCP number.
Usage
configure authority dscp-map dscp-prioritization dscp-range start-value [<dscp>]
Positional Arguments
name | description |
---|
dscp | The value to set for this field |
The priority assigned to the incoming DSCP value.
Usage
configure authority dscp-map dscp-prioritization priority [<priority-id>]
Positional Arguments
name | description |
---|
priority-id | The value to set for this field |
Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode.
Usage
configure authority dscp-map dscp-traffic-class <traffic-class>
Positional Arguments
name | description |
---|
traffic-class | The traffic-class assigned to the incoming DSCP value. |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-range | Configure Dscp Range |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-traffic-class' |
traffic-class | The traffic-class assigned to the incoming DSCP value. |
Configure Dscp Range
Usage
configure authority dscp-map dscp-traffic-class dscp-range <start-value>
Positional Arguments
name | description |
---|
start-value | Lower DSCP number. |
Subcommands
command | description |
---|
delete | Delete configuration data |
end-value | Upper DSCP number. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-range' |
start-value | Lower DSCP number. |
Upper DSCP number.
Usage
configure authority dscp-map dscp-traffic-class dscp-range end-value [<dscp-end-value>]
Positional Arguments
name | description |
---|
dscp-end-value | The value to set for this field |
Lower DSCP number.
Usage
configure authority dscp-map dscp-traffic-class dscp-range start-value [<dscp>]
Positional Arguments
name | description |
---|
dscp | The value to set for this field |
The traffic-class assigned to the incoming DSCP value.
Usage
configure authority dscp-map dscp-traffic-class traffic-class [<traffic-class-id>]
Positional Arguments
name | description |
---|
traffic-class-id | The value to set for this field |
The name of the DSCP map
Usage
configure authority dscp-map name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this DSCP map with a top-level resource-group.
Usage
configure authority dscp-map resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'.
Usage
configure authority dynamic-hostname [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
When creating FIB entries by matching route updates to service addresses, consider the specified service addresses.
Usage
configure authority fib-service-match [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
A profile for Forward Error Correection parameters, describing how often to send parity packets.
Usage
configure authority forward-error-correction-profile <name>
Positional Arguments
name | description |
---|
name | The name of the Forward Error Correction profile |
Subcommands
command | description |
---|
delete | Delete configuration data |
mode | Whether to dynamically adjust forward error correction to account for observed loss. |
name | The name of the Forward Error Correction profile |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
ratio | The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted. |
show | Show configuration data for 'forward-error-correction-profile' |
Whether to dynamically adjust forward error correction to account for observed loss.
Usage
configure authority forward-error-correction-profile mode [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
The name of the Forward Error Correction profile
Usage
configure authority forward-error-correction-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted.
Usage
configure authority forward-error-correction-profile ratio [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Settings for ICMP packet handling
Subcommands
command | description |
---|
delete | Delete configuration data |
icmp-async-reply | Whether to allow ICMP replies to be forwarded without corresponding requests. |
icmp-session-match | How to differentiate ICMP sessions. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'icmp-control' |
Whether to allow ICMP replies to be forwarded without corresponding requests.
Usage
configure authority icmp-control icmp-async-reply [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
How to differentiate ICMP sessions.
Usage
configure authority icmp-control icmp-session-match [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
User defined IDP profiles.
Usage
configure authority idp-profile <name>
Positional Arguments
name | description |
---|
name | Name of the profile. |
Subcommands
command | description |
---|
base-policy | Base policy used when building rules. |
clone | Clone a list item |
delete | Delete configuration data |
name | Name of the profile. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
rule | Configure Rule |
show | Show configuration data for 'idp-profile' |
Base policy used when building rules.
Usage
configure authority idp-profile base-policy [<idp-policy>]
Positional Arguments
name | description |
---|
idp-policy | The value to set for this field |
Name of the profile.
Usage
configure authority idp-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Configure Rule
Usage
configure authority idp-profile rule <name>
Positional Arguments
name | description |
---|
name | Name of the rule. |
Subcommands
command | description |
---|
delete | Delete configuration data |
description | Description of the rule. |
match | The options to use for matching. |
name | Name of the rule. |
outcome | The outcome applied to the match |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'rule' |
Description of the rule.
Usage
configure authority idp-profile rule description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The options to use for matching.
Subcommands
command | description |
---|
client-address | Client address prefix to match in the rule. |
delete | Delete configuration data |
destination-address | Destination address prefix to match in the rule. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
severities | List of severity to match in the rule. |
severity | Match vulnerabilities only with severity mentioned or above. |
show | Show configuration data for 'match' |
vulnerability | List of custom vulnerabilities to match in the rule. |
Client address prefix to match in the rule.
Usage
configure authority idp-profile rule match client-address [<ip-prefix>]
Positional Arguments
name | description |
---|
ip-prefix | Value to add to this list |
Destination address prefix to match in the rule.
Usage
configure authority idp-profile rule match destination-address [<ip-prefix>]
Positional Arguments
name | description |
---|
ip-prefix | Value to add to this list |
List of severity to match in the rule.
Usage
configure authority idp-profile rule match severities [<idp-severity>]
Positional Arguments
name | description |
---|
idp-severity | Value to add to this list |
Match vulnerabilities only with severity mentioned or above.
Usage
configure authority idp-profile rule match severity [<idp-severity>]
Positional Arguments
name | description |
---|
idp-severity | The value to set for this field |
List of custom vulnerabilities to match in the rule.
Usage
configure authority idp-profile rule match vulnerability [<string>]
Positional Arguments
name | description |
---|
string | Value to add to this list |
Name of the rule.
Usage
configure authority idp-profile rule name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The outcome applied to the match
Subcommands
command | description |
---|
action | Defines what action the system should take for the match. |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
severity | Modify a vulnerability severity level of the match. |
show | Show configuration data for 'outcome' |
Defines what action the system should take for the match.
Usage
configure authority idp-profile rule outcome action [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Modify a vulnerability severity level of the match.
Usage
configure authority idp-profile rule outcome severity [<idp-severity>]
Positional Arguments
name | description |
---|
idp-severity | The value to set for this field |
Configuration for IPFIX record export.
Usage
configure authority ipfix-collector <name>
Positional Arguments
name | description |
---|
name | A unique name for the collector. |
Subcommands
command | description |
---|
delete | Delete configuration data |
interim-record-interval | The time after which a new interim record will be generated if a flow still exists. |
ip-address | The IP address or hostname of the collector. |
name | A unique name for the collector. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
port | The port of the collector. |
protocol | The transport protocol to be used when communicating with the collector. |
resource-group | Associate this IPFIX collector with a top-level resource-group. |
sampling-percentage | The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 || |
show | Show configuration data for 'ipfix-collector' |
template-refresh-interval | The time between template retransmissions when using the UDP protocol. |
tenant | The tenants whose records this collector should receive. An empty list indicates all tenants. |
The time after which a new interim record will be generated if a flow still exists.
Usage
configure authority ipfix-collector interim-record-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
The IP address or hostname of the collector.
Usage
configure authority ipfix-collector ip-address [<host>]
Positional Arguments
name | description |
---|
host | The value to set for this field |
A unique name for the collector.
Usage
configure authority ipfix-collector name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The port of the collector.
Usage
configure authority ipfix-collector port [<l4-port>]
Positional Arguments
name | description |
---|
l4-port | The value to set for this field |
The transport protocol to be used when communicating with the collector.
Usage
configure authority ipfix-collector protocol [<ipfix-protocol>]
Positional Arguments
name | description |
---|
ipfix-protocol | The value to set for this field |
Associate this IPFIX collector with a top-level resource-group.
Usage
configure authority ipfix-collector resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 ||
Usage
configure authority ipfix-collector sampling-percentage [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
The time between template retransmissions when using the UDP protocol.
Usage
configure authority ipfix-collector template-refresh-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
The tenants whose records this collector should receive. An empty list indicates all tenants.
Usage
configure authority ipfix-collector tenant [<tenant-ref>]
Positional Arguments
name | description |
---|
tenant-ref | Value to add to this list |
Configure Ipv 4 Option Filter
Subcommands
command | description |
---|
action | How packets containing option headers are treated when being processed. |
delete | Delete configuration data |
drop-exclusion | Option headers that will not cause the packet to be dropped when present. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'ipv4-option-filter' |
How packets containing option headers are treated when being processed.
Usage
configure authority ipv4-option-filter action [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Option headers that will not cause the packet to be dropped when present.
Usage
configure authority ipv4-option-filter drop-exclusion [<uint8>]
Positional Arguments
name | description |
---|
uint8 | Value to add to this list |
LDAP Servers against which to authenticate user credentials.
Usage
configure authority ldap-server <name>
Positional Arguments
name | description |
---|
name | The name of the LDAP server. |
Subcommands
command | description |
---|
address | The IP address or FQDN of the LDAP server. |
auto-generate-filter | When enabled, the SSR will generate user-search-base and group-search-base LDAP filters. |
bind-type | The type of binding to the LDAP server. |
certificate-assurance | LDAP assurance level to apply on server certificates in a TLS session. |
delete | Delete configuration data |
distinguished-name | The distinguished name to use for binding to the server. |
group-search-base | An optional group search LDAP filter to restrict searches for this attribute type. |
name | The name of the LDAP server. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
password | The password to use for binding to the server. |
port | Port to connect to LDAP server. |
resource-group | Associate this LDAP server with a top-level resource-group. |
search-base | The LDAP search base string. |
server-type | The type of LDAP server. |
show | Show configuration data for 'ldap-server' |
user-search-base | An optional user search LDAP filter to restrict searches for this attribute type. |
The IP address or FQDN of the LDAP server.
Usage
configure authority ldap-server address [<host>]
Positional Arguments
name | description |
---|
host | The value to set for this field |
When enabled, the SSR will generate user-search-base and group-search-base LDAP filters.
Usage
configure authority ldap-server auto-generate-filter [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
The type of binding to the LDAP server.
Usage
configure authority ldap-server bind-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
LDAP assurance level to apply on server certificates in a TLS session.
Usage
configure authority ldap-server certificate-assurance [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
The distinguished name to use for binding to the server.
Usage
configure authority ldap-server distinguished-name [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
An optional group search LDAP filter to restrict searches for this attribute type.
Usage
configure authority ldap-server group-search-base [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The name of the LDAP server.
Usage
configure authority ldap-server name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The password to use for binding to the server.
Usage
configure authority ldap-server password [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Port to connect to LDAP server.
Usage
configure authority ldap-server port [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Associate this LDAP server with a top-level resource-group.
Usage
configure authority ldap-server resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
The LDAP search base string.
Usage
configure authority ldap-server search-base [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The type of LDAP server.
Usage
configure authority ldap-server server-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
An optional user search LDAP filter to restrict searches for this attribute type.
Usage
configure authority ldap-server user-search-base [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Configure Management Service Generation
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
service-policy | Service policy to be used instead of auto-generated service policy. |
service-route-type | Strategy to generate service-routes for management services. |
show | Show configuration data for 'management-service-generation' |
Service policy to be used instead of auto-generated service policy.
Usage
configure authority management-service-generation service-policy [<service-policy-ref>]
Positional Arguments
name | description |
---|
service-policy-ref | The value to set for this field |
Strategy to generate service-routes for management services.
Usage
configure authority management-service-generation service-route-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
A collection of metrics
Usage
configure authority metrics-profile <name>
Positional Arguments
name | description |
---|
name | The name of the profile |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
filter | A list of parameter values that should be included in the output. |
metric | The ID of the metric as it exists in the REST API |
name | The name of the profile |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'metrics-profile' |
A list of parameter values that should be included in the output.
Usage
configure authority metrics-profile filter <parameter>
Positional Arguments
name | description |
---|
parameter | The name of the parameter being referenced |
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
parameter | The name of the parameter being referenced |
show | Show configuration data for 'filter' |
value | The values that should be included if matched |
The name of the parameter being referenced
Usage
configure authority metrics-profile filter parameter [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The values that should be included if matched
Usage
configure authority metrics-profile filter value [<string>]
Positional Arguments
name | description |
---|
string | Value to add to this list |
The ID of the metric as it exists in the REST API
Usage
configure authority metrics-profile metric <id>
Positional Arguments
name | description |
---|
id | The ID of the metric as it exists in the REST API |
Subcommands
command | description |
---|
delete | Delete configuration data |
description | A customizable description of this metric's purpose |
id | The ID of the metric as it exists in the REST API |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'metric' |
A customizable description of this metric's purpose
Usage
configure authority metrics-profile metric description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The ID of the metric as it exists in the REST API
Usage
configure authority metrics-profile metric id [<metric-id>]
Positional Arguments
name | description |
---|
metric-id | The value to set for this field |
The name of the profile
Usage
configure authority metrics-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The identifier for the Authority.
Usage
configure authority name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Password policy for user's passwords.
Subcommands
command | description |
---|
delete | Delete configuration data |
deny | The number of failed login attempts before locking a user |
lifetime | The lifetime of a user's password in days |
minimum-length | The minimum length of user's password. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'password-policy' |
unlock-time | The time a user account will remained locked after failing login attempts |
The number of failed login attempts before locking a user
Usage
configure authority password-policy deny [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
The lifetime of a user's password in days
Usage
configure authority password-policy lifetime [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: days
The minimum length of user's password.
Usage
configure authority password-policy minimum-length [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
The time a user account will remained locked after failing login attempts
Usage
configure authority password-policy unlock-time [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Configure the PCLI.
Subcommands
command | description |
---|
alias | An alias is a custom PCLI command that executes another PCLI command and optionally filters the output. |
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'pcli' |
An alias is a custom PCLI command that executes another PCLI command and optionally filters the output.
Usage
configure authority pcli alias <path>
Positional Arguments
name | description |
---|
path | The space-delimited path to the alias. This will be the text that a user must enter to run the alias. |
Subcommands
command | description |
---|
clone | Clone a list item |
command | The PCLI command that the alias will run. |
delete | Delete configuration data |
description | A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
path | The space-delimited path to the alias. This will be the text that a user must enter to run the alias. |
resource-group | Associate this PCLI alias with a top-level resource-group. |
show | Show configuration data for 'alias' |
The PCLI command that the alias will run.
Usage
configure authority pcli alias command <path>
Positional Arguments
name | description |
---|
path | The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?). |
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
path | The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?). |
show | Show configuration data for 'command' |
table-filter | Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.) |
The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).
Usage
configure authority pcli alias command path [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.)
Usage
configure authority pcli alias command table-filter [<string>]
Positional Arguments
name | description |
---|
string | Value to add to this list |
A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text.
Usage
configure authority pcli alias description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The space-delimited path to the alias. This will be the text that a user must enter to run the alias.
Usage
configure authority pcli alias path [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Associate this PCLI alias with a top-level resource-group.
Usage
configure authority pcli alias resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
A performance monitoring profile used to determine how often packets should be marked.
Usage
configure authority performance-monitoring-profile <name>
Positional Arguments
name | description |
---|
name | The name of the performance monitoring profile. |
Subcommands
command | description |
---|
delete | Delete configuration data |
interval-duration | Represents the duration of a packet marking interval in milliseconds. |
marking-count | The number of packets to mark within a given interval. |
monitor-only | Collect statistics without influencing packet processing features. |
name | The name of the performance monitoring profile. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this performance monitoring profile with a top-level resource-group. |
show | Show configuration data for 'performance-monitoring-profile' |
Represents the duration of a packet marking interval in milliseconds.
Usage
configure authority performance-monitoring-profile interval-duration [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: milliseconds
The number of packets to mark within a given interval.
Usage
configure authority performance-monitoring-profile marking-count [<uint16>]
Positional Arguments
name | description |
---|
uint16 | The value to set for this field |
Description
Units: packets
Collect statistics without influencing packet processing features.
Usage
configure authority performance-monitoring-profile monitor-only [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
The name of the performance monitoring profile.
Usage
configure authority performance-monitoring-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this performance monitoring profile with a top-level resource-group.
Usage
configure authority performance-monitoring-profile resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Radius Servers against which to authenticate user credentials.
Usage
configure authority radius-server <name>
Positional Arguments
name | description |
---|
name | The name of the Radius server. |
Subcommands
command | description |
---|
address | The IP address or FQDN of the Radius server. |
delete | Delete configuration data |
name | The name of the Radius server. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
port | The port number Radius server listens on. |
secret | The secret key to bind to the Radius server. |
show | Show configuration data for 'radius-server' |
timeout | Radius Request Timeout. |
Control account creation behavior.
Usage
configure authority radius-server account-creation [<enumeration>]
Positional Arguments
name | description |
---|
manual or automatic | Manual is the default value, requires the user to be created using create-user . Automatic allows remote users that exist only in Radius to connect to the device without needing a local account. |
The IP address or FQDN of the Radius server.
Usage
configure authority radius-server address [<host>]
Positional Arguments
name | description |
---|
host | The value to set for this field |
The name of the Radius server.
Usage
configure authority radius-server name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The port number Radius server listens on.
Usage
configure authority radius-server port [<port-number>]
Positional Arguments
name | description |
---|
port-number | The value to set for this field |
The secret key to bind to the Radius server.
Usage
configure authority radius-server secret [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Radius Request Timeout.
Usage
configure authority radius-server timeout [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Hours between security key regeneration. Recommended value 24 hours.
Usage
configure authority rekey-interval [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Description
Units: hours
Configure Remote Login
Subcommands
command | description |
---|
delete | Delete configuration data |
enabled | Enable remote login from a Conductor to managed assets. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'remote-login' |
Enable remote login from a Conductor to managed assets.
Usage
configure authority remote-login enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Collect objects into a management group.
Usage
configure authority resource-group <name>
Positional Arguments
name | description |
---|
name | The name of the resource group. |
Subcommands
command | description |
---|
delete | Delete configuration data |
description | A description about the resource-group. |
name | The name of the resource group. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'resource-group' |
A description about the resource-group.
Usage
configure authority resource-group description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The name of the resource group.
Usage
configure authority resource-group name [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies.
Usage
configure authority router <name>
Positional Arguments
name | description |
---|
name | An identifier for the router. |
Subcommands
command | description |
---|
administrative-group | An identifier that associates this router with an administrative group. |
application-identification | Configure Application Identification |
bfd | BFD parameters for sessions between nodes within the router. |
clone | Clone a list item |
conductor-address | IP address or FQDN of the conductor |
delete | Delete configuration data |
description | A human-readable string that allows administrators to describe this configuration. |
dhcp-server-generated-address-pool | The address pool for KNI network-interfaces generated for dhcp-servers. |
district-settings | Per-district settings for the router. |
dns-config | Configure Dns Config |
entitlement | Project configuration for entitlement reporting. |
half-open-connection-limit | A limit on half-open TCP sessions. |
icmp-probe-profile | Profile for active ICMP probes for reachability-detection enforcement |
idp | Advanced IDP configuration. |
inter-node-security | The name of the security policy used for inter node communication between router interfaces |
location | A descriptive location for this SSR. |
location-coordinates | The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/ |
maintenance-mode | When enabled, the router will be in maintenance mode and alarms related to this router will be shelved. |
management-service-generation | Configure Management Service Generation |
max-inter-node-way-points | Maximum number of way points to be allocated on inter-node path. |
name | An identifier for the router. |
nat-pool | A pool of shared NAT ports. |
node | List of one or two SSR software instances, comprising an SSR. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
path-mtu-discovery | Automatic path MTU discovery between nodes within the router. |
peer | Defines the properties associated with peer SSRs. The peer may be another router in the same authority or a router in a different authority |
rate-limit-policy | Configuration for rate limiting policy for all associated service traffic across all interfaces on a given node, when configured within a service-class. |
reachability-profile | Defines a traffic profile for reachability-detection enforcement |
redundancy-group | A group of redundant interfaces which will fail over together if one goes down for any reason. |
resource-group | Associate this router with a top-level resource-group. |
reverse-flow-enforcement | When to enforce biflow reverse fib entry check |
reverse-packet-session-resiliency | Parameters for setting session failover behavior without presence of forward traffic. |
router-group | Logical group of routers for filtering services. |
routing | A router-level container for all of the routing policies associated with a given SSR deployment. Each routing element may have one and only one routing-instance. |
service-route | Defines a route for a service or an instance of a service (server or service agent). |
service-route-policy | Used to define the properties of service routes. These capabilities influence route selection when determining the optimal path for establishing new sessions. |
show | Show configuration data for 'router' |
static-hostname-mapping | Map hostnames to ip-address resolutions. These entries will be put in /etc/hosts. This will prevent DNS requests from being sent for these hostnames. |
system | System group configuration. Lets administrators configure system-wide properties for their SSR deployment. |
udp-transform | UDP transform settings for interoperating with stateful TCP firewalls for nodes within the router. |
An identifier that associates this router with an administrative group.
Usage
configure authority router administrative-group [<name-id>]
Positional Arguments
name | description |
---|
name-id | Value to add to this list |
Description
Warning: 'administrative-group' is deprecated and will be removed in a future software version
Configure Application Identification
Subcommands
The maximum capacity for caching application-director requests
Usage
configure authority router application-identification application-director-cache-max-capacity [<uint64>]
Positional Arguments
name | description |
---|
uint64 | The value to set for this field |
Automatic updating of application data
Subcommands
command | description |
---|
day-of-week | The day of the week to perform updates |
delete | Delete configuration data |
enabled | Enable updates |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'auto-update' |
update-frequency | How often to attempt to update |
update-jitter | The max random jitter applied to the update time |
update-time | The hour of the day on the local system to fetch |
The day of the week to perform updates
Usage
configure authority router application-identification auto-update day-of-week [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Enable updates
Usage
configure authority router application-identification auto-update enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |