Command Line Interface Reference (APPLIANCE)
Purpose

This guide describes each of the commands available in the Solace Router Command Line Interface (CLI). The commands are listed separately for each CLI level.

The Solace Router CLI is the interface to the software that you use whenever you access Solace Systems routers, whether from the management console or through a remote network connection. The Solace router CLI, which automatically starts after the Solace routers finish powering up, provides commands that you use to perform various tasks, including configuring, monitoring and troubleshooting the software, network connectivity, and the router hardware.

Conventions

The following conventions are used in the product documentation:

CLI Commands

CLI Command Tree

 [no] alarm-display 
  cd [<directory>]
  dir [<pattern>]
  enable 
     admin 
        bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto]
           clear-event <event-name>
           disconnect 
        certificate-authority <ca-name>
           refresh-crl 
        client <name> message-vpn <vpn-name> [primary] [backup] [static]
           clear-event <event-name>
           disconnect 
        config-sync 
           assert-master {router | message-vpn <vpn-name>}
           resync-master {router | message-vpn <vpn-name>}
           resync-slave message-vpn <vpn-name>
        cspf 
           neighbor <physical-router-name>
              clear-event <event-name>
        delete-remote-router <router-name>
        disk 
           rebuild 
           rebuild-speed {high | low}
        distributed-cache <name> message-vpn <vpn-name>
           backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
           clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
           delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
           restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
           start [cache-cluster <cluster-name>] [cache-instance <instance-name>]
        gather-diagnostics [days-of-history <days-of-history>]
        interface <phy-interface>
           switch-active 
        message-spool message-vpn <vpn-name>
           commit-transaction xid <xid>
           delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to 
                          <to-msg-id>]]
           delete-transacted-session <name>
           delete-transaction xid <xid>
           queue <name>
              cancel-replay [force-complete]
              start-replay [replay-log <replay-log>] [from-date <from-date>]
           replay-log <name>
              trim-logged-messages older-than-date <older-than-date>
           rollback-transaction xid <xid>
           sequenced-topic <topic> next-sequence-number <seq-num>
           topic-endpoint <name>
              cancel-replay [force-complete]
              start-replay [replay-log <replay-log>] [from-date <from-date>]
       [no] product-key <key-value>
        redundancy 
           revert-activity 
        system 
           message-spool 
              assert-disk-ownership 
              backup-adb-to-disk 
              defragment-spool-files {start | stop}
              next-message-id <message-id>
              override-flash-failure 
              reset [full]
     backup 
     boot {<version> [default-config] | backout}
     clear 
        bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] stats
        cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                      [message-vpn <vpn-name>] stats
        certificate-authority stats
        client <name> [message-vpn <vpn-name>] [primary] [backup] [static] stats
        client-username <name> [message-vpn <vpn-name>] stats
        compression stats
        cspf 
           neighbor <physical-router-name> stats
           stats 
        ldap-profile <profile-name> stats
        log 
           acl [client-connect | publish-topic | subscribe-topic]
           login diag
           no-subscription-match 
           rest rest-delivery-point errors
        message-spool 
           stats 
        message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest 
                   {{rest-delivery-point <rdp-name>} | {rest-consumer 
                   <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2]}} stats*2} 
                   | {mqtt {mqtt-session <client-id-pattern>} stats*3}}
        queue <name> [message-vpn <vpn-name>] stats
        radius-profile <profile-name> stats
        replication stats
        smrp stats [router-name [<router-name>]]
        snmp 
           stats 
        stats 
           client 
           neighbor 
           ssl 
        topic-endpoint <name> [message-vpn <vpn-name>] stats
     configure 
       [create|no] acl-profile <name> message-vpn <vpn-name>
           client-connect 
              default-action {allow | disallow}
             [no] exception <cidr-addr>
           publish-topic 
              default-action {allow | disallow}
             [no] exceptions [smf | mqtt] list <exception-list>
           subscribe-topic 
              default-action {allow | disallow}
             [no] exceptions [smf | mqtt] list <exception-list>
        authentication 
          [no] allow-direct-shell-login [<shell-login-name>]
          [create|no] certificate-authority <ca-name>
             [no] certificate {file <ca-certificate> | content <raw-data>}
              revocation-check 
                 crl 
                   [no] refresh-schedule [days <days-of-week> ] times <times-of-day>
                   [no] url <url>
                 ocsp 
                   [no] allow-non-responder-certificate 
                   [no] override-url <ocsp-override-url>
                   [no] responder-common-name {empty | name <common-name>}
                   [no] timeout <seconds>
                [no] shutdown 
           client-certificate-revocation-checking <mode>
           kerberos 
              keytab 
                 add-key <keytab-filename> [index <index>]
                 delete-keytab-entry <index>
          [create|no] ldap-profile <profile-name>
              admin dn <admin-dn> [password <admin-password> ]
             [no] allow-unauthenticated-authentication 
              group-membership-secondary-search 
                 base-dn <distinguished-name>
                 deref {never | search | base | always}
                 filter <filter>
                 filter-attribute-from-primary-search <attribute-name>
                [no] follow-continuation-references 
                 scope {base | one-level | subtree}
                [no] shutdown 
                 timeout <duration>
             [no] ldap-server <ldap-host> index <server-index>
              search 
                 base-dn <distinguished-name>
                 deref {never | search | base | always}
                 filter <filter>
                [no] follow-continuation-references 
                 scope {base | one-level | subtree}
                 timeout <duration>
             [no] shutdown 
             [no] tls 
          [create|no] radius-profile <profile-name>
             [no] radius-server <ip-port> index <server-index> [key <shared-secret-key> ]
              retransmit <attempts>
             [no] shutdown 
              timeout <duration>
          [no] replace-duplicate-client-connections 
           user-class cli
              access-level 
                 default 
                    global-access-level <access-level>
                    message-vpn 
                      [create|no] access-level-exception <vpn-name>
                          access-level <access-level>
                       default-access-level <access-level>
                 ldap 
                   [create|no] group <group-name>
                   [no] group-membership-attribute-name <attribute-name>
                    group global-access-level <access-level>
                    group message-vpn 
                   [create|no] group message-vpn access-level-exception <vpn-name>
                    group message-vpn access-level-exception access-level <access-level>
                    group message-vpn default-access-level <access-level>
              auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}
             [no] radius-domain <radius-domain>
       [create|no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto]
          [no] max-ttl <ttl-value>
           remote 
              authentication 
                 auth-scheme {basic | client-certificate}
                 basic 
                   [no] client-username <name> [password <password> ]
                 client-certificate 
                   [no] certificate-file <filename> {[file-contents <file-contents> ]}
              deliver-to-one 
                [no] priority <dto-priority>
             [create|no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface 
                                    <phys-intf>]}
                [no] client-username <name> [password <password> ]
                [no] compressed-data 
                [no] connect-order <number>
                 message-spool 
                   [no] queue <name>
                   [no] window-size <number>
                [no] shutdown 
                [no] ssl 
                 unidirectional 
                   [no] client-profile <name>
              retry 
                [no] count <count>
                [no] delay <seconds>
             [no] subscription-topic <topic> [deliver-always]
          [no] shutdown 
           ssl 
             [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] trusted-common-name {empty | name <common-name>}
       [create|no] client-profile <name> message-vpn <vpn-name>
          [no] allow-bridge-connections 
          [no] allow-shared-subscriptions 
           compression 
             [no] shutdown 
           eliding 
             [no] delay <milliseconds>
             [no] max-topics <num>
             [no] shutdown 
           event 
              client-provisioned-endpoint-spool-usage 
                [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
              connections-per-client-username 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              egress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              endpoints-per-client-username 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              ingress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              service 
                 smf 
                    connections-per-client-username 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 web-transport 
                    connections-per-client-username 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              subscriptions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transacted-sessions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transactions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
          [no] max-connections-per-client-username <value>
          [no] max-subscriptions <value>
           message-spool 
             [no] allow-cut-through-forwarding 
             [no] allow-guaranteed-endpoint-create 
             [no] allow-guaranteed-message-receive 
             [no] allow-guaranteed-message-send 
             [no] allow-transacted-sessions 
              api-queue-management 
                [no] copy-from-on-create <queue-name>
              api-topic-endpoint-management 
                [no] copy-from-on-create <topic-endpoint-name>
             [no] max-egress-flows <value>
             [no] max-endpoints-per-client-username <value>
             [no] max-ingress-flows <value>
             [no] max-transacted-sessions <value>
             [no] max-transactions <value>
             [no] reject-msg-to-sender-on-no-subscription-match 
           queue <type>
             [no] max-depth <depth>
             [no] min-msg-burst <depth>
           replication 
             [no] allow-clients-when-standby 
           service 
              smf 
                [no] max-connections-per-client-username <value>
              web-transport 
                [no] inactive-timeout <seconds>
                [no] max-connections-per-client-username <value>
                [no] max-web-payload <bytes>
           ssl 
             [no] allow-downgrade-to-plain-text 
           tcp 
             [no] initial-cwnd <num-mss>
              keepalive 
                [no] count <num>
                [no] idle <seconds>
                [no] interval <seconds>
             [no] max-wnd <num-kilo-bytes>
             [no] mss <byte-count>
       [create|no] client-username <username> message-vpn <vpn-name>
          [no] acl-profile <name>
          [no] client-profile <name>
          [no] guaranteed-endpoint-permission-override 
          [no] password <password>
          [no] shutdown 
          [no] subscription-manager 
        clock 
           set <time> <day> <month> <year>
           synchronization 
             [no] ntp-server <ip-addr>
             [no] protocol {ntp | ptp}
             [no] shutdown 
           timezone <zone>
        compression 
           mode {optimize-for-size | optimize-for-speed}
        config-sync 
           authentication 
              client-certificate 
                [no] max-certificate-chain-depth <max-depth>
                [no] validate-certificate-date 
           client-profile 
              tcp 
                [no] initial-cwnd <num-mss>
                 keepalive 
                   [no] count <num>
                   [no] idle <seconds>
                   [no] interval <seconds>
                [no] max-wnd <num-kilo-bytes>
                [no] mss <byte-count>
          [no] shutdown 
           synchronize 
             [no] username 
        console 
           baud-rate <baud-rate>
          [no] login-banner {text <banner-text> | file <file-name> | default}
           timeout <idle-timeout>
       [create|no] distributed-cache <name> message-vpn <vpn-name>
          [create|no] cache-cluster <name>
             [create|no] cache-instance <name>
                [no] auto-start 
                [no] shutdown 
                [no] stop-on-lost-message 
             [no] deliver-to-one-override 
              event 
                 data-byte-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 data-message-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 max-memory 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 max-topics 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 request-queue-depth 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 request-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 response-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              global-caching 
                [no] heartbeat <seconds>
                [create|no] home-cache-cluster <name>
                   [no] topic-prefix <topic-prefix>
                [no] shutdown 
                [no] topic-lifetime <seconds>
             [no] max-memory <megabytes>
             [no] max-messages-per-topic <num-messages>
             [no] max-topics <num-topics>
             [no] message-lifetime <seconds>
             [no] new-topic-advertisement 
             [no] request-queue-depth <num-messages>
             [no] shutdown 
             [no] topic <topic-str>
          [no] heartbeat <seconds>
          [no] scheduled-delete-message [days <days-of-week> ] times <times-of-day>
          [no] shutdown 
        dns 
          [no] name-server <ip-addr>
          [no] polled-domain-name <domain-name>
        hardware 
           disk <disk-name> [no-shutdown] [shutdown]
           message-spool 
             [no] disk-array wwn <wwn>
              event 
                 cache-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 delivered-unacked 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 disk-usage 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 egress-flows 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 endpoints 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 ingress-flows 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 message-count 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 spool-files 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 transacted-session-resources 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 transacted-sessions 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 transactions 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] internal-disk 
             [no] max-cache-usage <percent-usage>
             [no] max-spool-usage <size>
             [no] shutdown 
              transaction 
                [no] replication-compatibility-mode {legacy | transacted}
           power-redundancy <type>
           topic-routing 
             [no] acl-topic-matching-mode {legacy | enforce-for-queues}
       [no] hostname <name> [defer]
       [create|no] interface <phy-interface> [<mode>]
           lacp 
              rate {fast | slow}
          [no] member <phy-interface>
          [no] primary-member <phy-interface>
          [no] shutdown 
           traffic-shaping 
              egress 
                [no] rate-limit <mbps>
                [no] shutdown 
        ip 
           vrf <name>
             [create|no] interface <ip-interface> [primary | backup | static]
                [no] ip-address <cidr-addr>
                 kerberos 
                   [no] service-principal-name <name>
                [no] shutdown 
             [no] route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]
        jndi message-vpn <vpn-name>
          [create|no] connection-factory <name>
              property-list <name>
                [no] property <name> <value>
          [create|no] queue <name>
             [no] property <name> <value>
          [no] shutdown 
          [create|no] topic <name>
             [no] property <name> <value>
        logging 
          [no] command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds}
          [no] debug {<subsystem-id> | all} [level <level>] [mask <mask>]
           event 
             [no] publish-system 
             [no] system-tag <tag-string>
          [no] millisecond-timestamp 
       [no] management-message-vpn <vpn-name>
        memory-event 
           nab-buffer-load-factor 
             [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
           physical-memory 
             [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
           subscriptions-memory 
             [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
        message-spool message-vpn <vpn-name>
           event 
              egress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              endpoints 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              ingress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              spool-usage 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transacted-sessions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transactions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
          [no] max-egress-flows <value>
          [no] max-endpoints <value>
          [no] max-ingress-flows <value>
          [no] max-spool-usage <size>
          [no] max-transacted-sessions <value>
          [no] max-transactions <value>
          [create|no] queue <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] owner <owner>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
             [no] shutdown [ingress | egress | full]
             [no] subscription topic <topic>
          [create|no] replay-log <name>
             [no] max-spool-usage <size>
             [no] shutdown [ingress | egress | full]
          [no] sequenced-topic <topic>
          [create|no] topic-endpoint <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] owner <owner>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
             [no] shutdown [ingress | egress | full]
       [create|no] message-vpn <vpn-name>
           authentication 
              user-class client
                 basic 
                    auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none }
                   [no] radius-domain <radius-domain>
                   [no] shutdown 
                 client-certificate 
                   [no] allow-api-provided-username 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] revocation-check-mode <permission>
                   [no] shutdown 
                   [no] username-source <source>
                   [no] validate-certificate-date 
                 kerberos 
                   [no] allow-api-provided-username 
                   [no] shutdown 
           authorization 
              user-class client
                [create|no] authorization-group <name>
                   [no] acl-profile <name>
                   [no] client-profile <name>
                    order {before | after} <authorization-group-name>
                   [no] shutdown 
                 authorization-type {ldap <ldap-profile> | internal }
                 ldap 
                   [no] group-membership-attribute-name <attribute-name>
           bridging 
              ssl 
                 server-certificate-validation 
                   [no] enforce-trusted-common-name 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
          [no] distributed-cache-management 
           dns 
             [no] prefer-ip-version {ipv4 | ipv6}
           dynamic-message-routing 
             [create|no] dmr-bridge <remote-node-name>
                 remote 
                   [no] message-vpn <vpn-name>
             [no] shutdown 
           event 
              connections 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              egress-message-rate 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              ingress-message-rate 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
             [no] large-message-threshold <size>
             [no] log-tag <tag-string>
             [no] publish-client 
             [no] publish-message-vpn 
             [no] publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}]
             [no] publish-topic-format [smf] [mqtt]
              service 
                 amqp 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 mqtt 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 rest 
                    incoming 
                       connections 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                 smf 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 web-transport 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              subscriptions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
           export-policy 
             [no] export-subscriptions 
          [no] max-connections <value>
          [no] max-subscriptions <value>
           mqtt 
             [create|no] mqtt-session <client-id> [primary | backup]
                [no] owner <owner>
                [create|no] queue 
                   [no] access-type {exclusive | non-exclusive}
                   [no] consumer-ack-propagation 
                   [no] dead-message-queue <dmq-name>
                    event 
                       bind-count 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                       reject-low-priority-msg-limit 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                       spool-usage 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                   [no] max-bind-count <value>
                   [no] max-delivered-unacked-msgs-per-flow <max>
                   [no] max-message-size <size>
                   [no] max-redelivery <value>
                   [no] max-spool-usage <size>
                   [no] max-ttl <ttl>
                   [no] owner <owner>
                   [no] permission all {no-access | read-only | consume | modify-topic | delete}
                   [no] reject-low-priority-msg 
                   [no] reject-low-priority-msg-limit <limit>
                   [no] reject-msg-to-sender-on-discard [including-when-shutdown]
                   [no] respect-ttl 
                   [no] shutdown [ingress | egress | full]
                [no] shutdown 
                [create|no] subscription <topic>
                 subscription-list qos <qos-value> [<topic-list>]
                [no] subscription qos <qos-value>
              retain 
                [create|no] cache <cache-name>
                   [no] message-lifetime <seconds>
                   [no] shutdown 
                [no] max-memory <megabytes>
           replication 
              ack-propagation 
                 interval 
                   [no] messages <num-messages>
              bridge 
                 authentication 
                    auth-scheme {basic | client-certificate}
                    basic 
                      [no] client-username <name> [password <password> ]
                    client-certificate 
                      [no] certificate-file <filename> {[file-contents <file-contents> ]}
                [no] compressed-data 
                 message-spool 
                   [no] window-size <number>
                [no] retry-delay <seconds>
                [no] ssl 
                 unidirectional 
                   [no] client-profile <name>
              queue 
                [no] max-spool-usage <size>
                [no] reject-msg-to-sender-on-discard 
             [no] reject-msg-when-sync-ineligible 
             [create|no] replicated-topic <topic>
                [no] replication-mode {sync | async}
             [no] shutdown 
              state {active | standby}
             [no] transaction-replication-mode {sync | async}
           rest 
             [create|no] rest-delivery-point <name>
                [no] client-profile <name>
                [create|no] queue-binding <queue-name>
                    gateway 
                      [no] replace-target-authority 
                   [no] post-request-target <post-request-target>
                [create|no] rest-consumer <name>
                    authentication 
                      [no] auth-scheme {none | http-basic | client-certificate}
                       client-certificate 
                         [no] certificate-file <filename> {[file-contents <file-contents> ]}
                       http-basic 
                         [no] username <name> [password <password> ]
                    local 
                      [no] interface <phys-intf>
                    remote 
                      [no] host <dest-ip-addr-or-host>
                      [no] max-post-wait-time <seconds>
                      [no] outgoing-connection-count <count>
                      [no] port <port>
                       retry 
                         [no] delay <seconds>
                      [no] ssl 
                   [no] shutdown 
                    ssl 
                      [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
                      [no] trusted-common-name {empty | name <common-name>}
                [no] shutdown 
              ssl 
                 server-certificate-validation 
                   [no] enforce-trusted-common-name 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
           semp-over-msgbus 
              admin-cmds 
                 client-cmds 
                   [no] shutdown 
                 distributed-cache-cmds 
                   [no] shutdown 
                [no] shutdown 
              legacy-show-clear-cmds 
                [no] shutdown 
              show-cmds 
                [no] shutdown 
             [no] shutdown 
           service 
              amqp 
                [no] listen-port <port> [ssl]
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
              mqtt 
                [no] listen-port <port> [ssl] [web]
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
                 websocket 
                 websocket-secure 
                   [no] shutdown 
                [no] websocket shutdown 
              rest 
                 incoming 
                   [no] listen-port <port> [ssl]
                   [no] max-connections <value>
                    plain-text 
                      [no] shutdown 
                    ssl 
                      [no] shutdown 
                [no] mode {gateway | messaging}
                 outgoing 
                   [no] max-connections <value>
              smf 
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
              web-transport 
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
          [no] shutdown 
           ssl 
             [no] allow-downgrade-to-plain-text 
        mqtt 
           retain 
             [no] max-memory <megabytes>
        redundancy 
          [no] active-standby-role {primary | backup | none }
           authentication 
              pre-shared-key 
                [no] key <pre-shared-key>
          [no] auto-revert 
          [no] mate-router-name <name>
          [no] release-activity 
          [no] shutdown 
          [no] vrrp-vrid <vrid> {primary | backup}
        replication 
           config-sync 
              bridge 
                 authentication 
                    auth-scheme {basic | client-certificate}
                [no] compressed-data 
                 message-spool 
                   [no] window-size <number>
                [no] retry-delay <seconds>
                [no] shutdown 
                [no] ssl 
                 ssl-server-certificate-validation 
                   [no] enforce-trusted-common-name 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
          [no] interface <phys-intf>
           mate 
             [no] connect-port <port> [compressed] [ssl]
             [no] virtual-router-name <virtual-router-name> connect-via <addr>
           ssl 
             [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] trusted-common-name {empty | name <common-name>}
       [no] router-name <name> [defer]
        routing 
           dynamic-message-routing 
             [create|no] cluster <cluster-name>
                 authentication 
                    basic 
                      [no] auth-type {internal | none}
                      [no] password <password>
                      [no] shutdown 
                    client-certificate 
                      [no] certificate-file <filename> {[file-contents <file-contents> ]}
                      [no] shutdown 
                [create|no] link <remote-node-name>
                    authentication 
                      [no] auth-scheme {basic | client-certificate}
                       basic 
                         [no] password <password>
                    client-profile 
                       queue <type>
                         [no] max-depth <depth>
                         [no] min-msg-burst <depth>
                       tcp 
                         [no] initial-cwnd <num-mss>
                          keepalive 
                            [no] count <num>
                            [no] idle <seconds>
                            [no] interval <seconds>
                         [no] max-wnd <num-kilo-bytes>
                         [no] mss <byte-count>
                   [no] connect-via <addr-port>
                   [no] initiator {lexical | local | remote}
                    message-spool 
                      [no] window-size <number>
                    queue 
                      [no] dead-message-queue <dmq-name>
                       event 
                          spool-usage 
                            [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                           <set-percentage>] [clear-percentage 
                                           <clear-percentage>]}
                      [no] max-delivered-unacked-msgs-per-flow <max>
                      [no] max-redelivery <value>
                      [no] max-spool-usage <size>
                      [no] max-ttl <ttl>
                      [no] reject-msg-to-sender-on-discard [including-when-shutdown]
                      [no] respect-ttl 
                   [no] shutdown 
                   [no] span {internal | external}
                    ssl 
                      [no] trusted-common-name {empty | name <common-name>}
                    transport 
                      [no] compressed 
                      [no] ssl 
                [no] shutdown 
                 ssl 
                    server-certificate-validation 
                      [no] enforce-trusted-common-name 
                      [no] max-certificate-chain-depth <max-depth>
                      [no] validate-certificate-date 
          [no] interface <phy-interface>
          [no] mode {dynamic-message-routing | multi-node-routing} [defer]
           multi-node-routing 
              cspf 
                [create|no] neighbor <physical-router-name>
                   [no] compressed-data 
                   [no] connect-via <ip-port>
                   [no] control-port <port>
                   [no] link-cost <cost>
                   [no] shutdown 
                    ssl 
                   [no] ssl-data 
                   [no] ssl cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
                   [no] ssl trusted-common-name {empty | name <common-name>}
                    tcp 
                      [no] initial-cwnd <num-mss>
                       keepalive 
                         [no] count <num>
                         [no] idle <seconds>
                         [no] interval <seconds>
                      [no] max-wnd <num-kilo-bytes>
                      [no] mss <byte-count>
                 queue 
                   [no] max-depth <depth>
                   [no] min-msg-burst <depth>
                 ssl 
                    certificate-validation 
                      [no] enforce-trusted-common-name 
                      [no] max-certificate-chain-depth <max-depth>
                      [no] validate-certificate-date 
                    client-certificate 
                      [no] certificate-file <filename> {[file-contents <file-contents> ]}
             [no] shutdown 
        schedule 
          [no] backup [days <days-of-week>] times <times-of-day> [max-backups <max-backups>]
        service 
           amqp 
             [no] shutdown 
           event 
              connections 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
           health-check 
             [no] listen-port <port>
             [no] shutdown 
           mqtt 
             [no] shutdown 
           msg-backbone 
             [no] shutdown 
           rest 
              event 
                 outgoing 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              incoming 
                [no] shutdown 
              outgoing 
                [no] shutdown 
           semp 
             [no] listen-port <port> [ssl]
             [no] shutdown [ssl] [plain-text]
           smf 
              event 
                 connections 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] listen-port <port> {[compressed] [routing-control] | [ssl]}
             [no] shutdown 
           ssl 
              event 
                 connections 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
           web-transport 
             [no] listen-port <port> [ssl]
             [no] shutdown 
             [no] web-url-suffix <suffix>
       [no] snmp-server 
          [no] community <name> group <group>
          [no] contact <name>
          [no] group <name> {v2c | v3 {auth | noauth | priv}}
          [no] host <ip-addr> traps [{v2c | v3 {{auth | noauth | priv} user <name>}}] [port <port>] 
                   [community <community-name>]
          [no] location <name>
          [no] shutdown 
          [no] trap 
              connections 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              disk-utilization [disk <disk-name>]
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              egress-msg-rate 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              fan-speed 
                [no] shutdown 
              ingress-msg-rate 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              power-status 
                [no] shutdown 
             [no] shutdown 
              subscriptions 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              temperature 
                [no] shutdown 
              voltage 
                [no] shutdown 
          [no] user <name> group <group> {password <password> }
        ssl 
          [no] allow-tls-version-1.0 
          [no] allow-tls-version-1.1 
           cipher-suite 
             [no] management {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] msg-backbone {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] ssh {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
          [no] server-certificate <filename> {[file-contents <file-contents> ]}
          [no] tls-session-timeout <seconds>
       [create|no] syslog <name>
          [no] facility {command | event | system }
          [no] host <hostname-or-address> [transport {tcp | udp}]
        system 
           topic-routing 
             [no] acl-topic-matching-mode {legacy | enforce-for-queues}
             [no] subscription-exceptions [defer]
       [create|no] username <name>
          [no] change-password <password>
           global-access-level <access-level>
           message-vpn 
             [create|no] access-level-exception <vpn-name>
                 access-level <access-level>
              default-access-level <access-level>
           rename <name>
     copy <source> <destination>
     delete <file>
     delete-load <version>
     disable 
     disconnect sessionid <session-id>
     power-down 
     reload [default-config | config <config-file>]
     rename <old> <new>
     setup 
     shell <reason>
  end 
  exit 
  help 
  home 
  logout 
  more <pattern>
 [no] paging [size <size>]
  ping <vrf-ip-addr-or-host> [ip-interface <ip-interface>]
  ping6 <ip-addr> [ip-interface <ip-interface>]
  pwd 
  session 
     timeout <idle-timeout>
  show 
     acl-profile <name> [message-vpn <vpn-name>] [{detail [[client-connect ] [publish-topic] 
                [subscribe-topic] ]} | {users } ]
     alarm 
     authentication [user-class cli-semp] [{current-user } | access-level [{default | ldap [group 
                   <group-name-pattern>]}] [detail ]]
     backup 
     bridge <bridge-name-pattern> [message-vpn <vpn-name-pattern>] [remote-message-vpn 
           <remote-vpn-name-pattern>] [remote-router-name <remote-router-name-pattern>] 
           [connect-via <addr-port>] [primary | backup | auto] [subscriptions [local | remote]
            | stats [queues] | connections [wide] | detail | message-spool-stats | ssl | 
           client-certificate]
     cache-cluster <name> [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | topics 
                  [filter <topic-pattern>] [type {local | global [home-cache-cluster 
                  <home-cache-cluster-name>]}] ]
     cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                   [message-vpn <vpn-name>] [detail | remote {status | home-cache-clusters 
                   [<home-cluster-name>] | topics [detail*2] [filter <topic-pattern>] 
                   [type {local | global}] }]
     certificate-authority {ca-name <ca-name> [cert [raw-content] | crl | stats | detail] [count <num-elements>] | 
                          stats*2}
     client <name> [client-username <username>] [message-vpn <vpn-name>] [authorization-group 
           <group-name>] [{[{stats [congestion | queues]} | {connections [wide]}] } | 
           {subscriptions [{subscription <subscription-name>}]} | {{message-spool | 
           message-spool-stats | {transaction-stats [session <session-id>]}} [{{ingress | 
           egress }} [flow <flow-id>]] } | {transacted-session [{session*2 
           <session-name>}]} | {sorted-stats [<stats-to-show>] [sort-by 
           <stats-to-sort-by>] [clear-high-water-marks]} | web-transport ] [detail] [primary] 
           [backup] [static] [slow-subscriber] [connected | disconnected]
     client-profile <name> [message-vpn <vpn-name>] [detail]
     client-username <name> [message-vpn <vpn-name>] [authorization-group <group-name>] [stats | detail
                     ]
     clock [{detail | {timezones [<pattern>]}}]
     cluster <cluster-name-pattern> [detail | link <link-name-pattern> [detail*2 | client-profile | 
            queue | ssl | channel [message-vpn <vpn-name>] [detail*3]]]
     compression 
     config-sync [database [router | message-vpn <vpn-name>] [detail | remote] [count <num-elements>]]
     console [login-banner]
     cspf 
        database 
        neighbor <physical-router-name> [stats [queues | detail] | connections [wide] | detail*2]
        queue 
        route [destination <router-destination>] [source <router-source>]
        ssl 
        stats 
     current-config 
        all 
        message-vpn <vpn-name> [remove]
     debug [process-name <process-name>] [process-instance <process-instance>] [timeout 
          <seconds>] <command> [<parameter-list>]
     deferred-config 
     disk [detail]
     distributed-cache {<name> [message-vpn <vpn-name>] [detail] | summary}
     dns 
     environment 
     hardware [details | post]
     home-cache-cluster <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                       [message-vpn <vpn-name>]
     hostname 
     interface [<phy-interface>] [detail]
     ip 
        route 
        vrf [<name> {[link-local-address] | [{route | interface <interface-pattern>} [detail]]}]
     jndi 
        connection-factory <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
                          [detail]
        object <name> [message-vpn <vpn-name>]
        queue <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
             [detail]
        schema [connection-factory | topic | queue]
        summary [message-vpn <vpn-name>]
        topic <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
             [detail]
     kerberos [{keytab | keytab-file <file-name>} [detail]]
     ldap-profile <profile-name> [detail | [index <server-index>] stats | users]
     log 
        acl [client-connect | publish-topic | subscribe-topic] [client-username <username>] [message-vpn 
           <vpn-name>] [wide]
        command [lines <num-lines>] [find <search-string>]
        debug [lines <num-lines>] [find <search-string>]
        event [lines <num-lines>] [find <search-string>]
        login diag [wide]
        no-subscription-match [client-username <username>] [client-name <name>] [message-vpn <vpn-name>] [wide]
        rest rest-delivery-point errors [wide]
        system [lines <num-lines>] [find <search-string>]
     logging 
        command 
        config 
        debug [<subsystem-id>]
        event 
     memory 
     message-spool [message-vpn <vpn-name> [sort-by-messages-spooled]] [stats | detail | rates ]
     message-vpn <vpn-name> {[[detail | stats [detail*2] | service [stats*2]] | [subscriptions [primary] 
                [backup] [static] ]] | replication [stats*3 | detail*3 | client-certificate] | rest 
                [{rest-delivery-point <rdp-name> [stats*4 | queue-binding 
                <queue-binding-name>] [count*2 <num-elements>*2] [detail*4] | 
                rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ]
                 [stats*5 | outgoing-connections [tcp [wide]] | authentication | 
                client-certificate*2 | ssl | detail*5] [count*3 <num-elements>*3] }] | 
                authorization [authorization-group <name> [detail*6]] [count*4 
                <num-elements>*4] | mqtt [{mqtt-session <client-id-pattern> [owner 
                <owner-pattern>] [primary*2] [backup*2] [detail*7 | subscriptions*2 [qos 
                <qos-value>] | stats*6 | client | queue]} | {retain {cache <cache-name> 
                [detail*8]}}] | bridging | dynamic-message-routing [dmr-bridge 
                <remote-node-name-pattern> ] }
     mqtt 
     paging 
     process [pid <pid>]
     product-key 
     queue <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest]
           [msg-id <msg-id> | priority <priority>] | subscriptions | rates | 
          sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue 
          <dmq-filter> [dmq-list] | replay] [durable | non-durable] [detail] [replay-state 
          {initializing | active | pending-complete | failed | all}] [count <num-elements>]
     radius-profile <profile-name> [detail | stats]
     redundancy [detail]
     replay-log <name> [message-vpn <vpn-name>] [messages [oldest | newest] [msg-id <msg-id> | 
               priority <priority>] [detail]] [count <num-elements>]
     replicated-topic <topic> [message-vpn <vpn-name>] [replication-mode {sync | async}] [count 
                     <num-elements>]
     replication [stats]
     router-name 
     routing 
     sequenced-topic <topic> [message-vpn <vpn-name>] [count <num-elements>]
     service [web-transport]
     session 
     smrp 
        database [router-name <router-name>] [detail]
        route topic <topic-string> [message-vpn <vpn-name>] [destination-name 
             <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] 
             [backup] [static] [persistent | non-persistent]
        stats [router-name [<router-name>]]
        subscription-block [router-name <router-name>] [block-id <block-id>] [message-vpn <vpn-name>] 
                          [persistent | non-persistent] [detail]
        subscriptions [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] 
                     [topic-endpoint] [remote-router] [primary] [backup] [static] [{[dto-priority 
                     <priority>] [topic <topic-str>] [persistent | non-persistent] } | 
                     {summary }]
     snmp [trap [<name>]]
     ssl 
        allow-tls-version 
        certificate-files [filename <filename>] [detail]
        cipher-suite-list {default | management [default*2] | msg-backbone [default*3] | ssh [default*4]}
        server-certificate [detail]
        supported-cipher-suites [{management | msg-backbone | ssh}]
        supported-tls-versions 
        tls-session-timeout 
     stats 
        client [detail]
        neighbor [detail]
        ssl 
     syslog [<name>]
     system [detail | post]
     topic-endpoint <name> [message-vpn <vpn-name>] [stats [priorities] | messages [oldest | newest] [msg-id
                    <msg-id> | priority <priority>] | topics | rates | 
                   sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue 
                   <dmq-filter> [dmq-list] | replay] [durable | non-durable] [replay-state 
                   {initializing | active | pending-complete | failed | all}] [detail] [flow 
                   <flow-id>] [count <num-elements>]
     transaction [xid <xid>] [message-vpn <vpn-name>] [state <transaction-state>] [replicated] 
                [detail | sort-by-last-state-change | sort-by-messages-spooled] [count 
                <num-elements>]
     username <username-pattern> [detail]
     version 
  source script <script-name> [stop-on-error] [no-prompt]
 [no] strict-column-wrapping 
  tree [all | global]


alarm-display

COMMAND:
[no] alarm-display
DESCRIPTION:
Use this command to enable the display of 3200 Series router system alarms in the current CLI session on a session-by-session basis. The no version disables the displaying of router system alarms in the current CLI session.

The default value is no alarm-display.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters


cd

COMMAND:
cd [<directory>]
DESCRIPTION:
Use this command to change the current working directory on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readonly
PARAMETERS:
<directory> [0..255 chars] - directory to change to. If no directory is specified the root ('/') directory is assumed


dir

COMMAND:
dir [<pattern>]
DESCRIPTION:
Use this command to list the contents of a directory on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readonly
PARAMETERS:
<pattern> [0..255 chars] - file(s)/directory(s) to display. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files.


enable

COMMAND:
enable
DESCRIPTION:
Use this command to enter the Privileged EXEC level of the CLI to perform router configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters


enable admin

COMMAND:
admin
DESCRIPTION:
Use this command to reach the Admin EXEC level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readonly
PARAMETERS:
This command does not take any parameters


enable admin bridge

COMMAND:
bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto]
DESCRIPTION:
Enter bridge admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is primary, backup and auto.
backup - Only bridges of the backup virtual router. Default is primary, backup and auto.
<bridge-name-pattern> [1..300 chars] - Bridge name; may contain wildcard characters * or ?
primary - Only bridges of the primary virtual router. Default is primary, backup and auto.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<event-name> [string] - The name of the one shot event


enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> disconnect

COMMAND:
disconnect
DESCRIPTION:
Disconnect one or more bridges

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin certificate-authority

COMMAND:
certificate-authority <ca-name>
DESCRIPTION:
Enter certificate-authority admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<ca-name> [1..64 chars] - The name of the certificate authority.


enable admin certificate-authority <ca-name> refresh-crl

COMMAND:
refresh-crl
DESCRIPTION:
Refresh the CRL file

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin client

COMMAND:
client <name> message-vpn <vpn-name> [primary] [backup] [static]
DESCRIPTION:
Enter client admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readonly
PARAMETERS:
backup - Only clients of the backup virtual router
<name> [1..160 chars] - Client name; may contain wildcard characters * or ?
primary - Only clients of the primary virtual router
static - Only clients of the static virtual router
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable admin client <name> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readonly
PARAMETERS:
<event-name> [string] - The name of the one shot event


enable admin client <name> message-vpn <vpn-name> disconnect

COMMAND:
disconnect
DESCRIPTION:
Disconnect one or more clients

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable admin config-sync

COMMAND:
config-sync [assert-master... | resync-master... | resync-slave...]
DESCRIPTION:
Enter config-sync admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
assert-master - Assert ownership of the specified config-sync table, forcing any other master's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a master for the selected table.
resync-master - Resync the selected table, forcing this master's content to be overwritten with that from another master. Config-sync must be a master for the selected table.
resync-slave - Resync the selected table, forcing this slave's content to be overwritten with that from a master. Config-sync must be a slave for the selected table.


enable admin config-sync assert-master

COMMAND:
assert-master {router | message-vpn <vpn-name>}
DESCRIPTION:
Assert ownership of the specified config-sync table, forcing any other master's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a master for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
Notes/Exceptions: global/rw is required to run this command with the router parameter.
PARAMETERS:
router - Assert ownership for the router table
<vpn-name> [1..32 chars] - Assert ownership for the named message-vpn table; may contain wildcard characters * or ?


enable admin config-sync resync-master

COMMAND:
resync-master {router | message-vpn <vpn-name>}
DESCRIPTION:
Resync the selected table, forcing this master's content to be overwritten with that from another master. Config-sync must be a master for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
Notes/Exceptions: global/rw is required to run this command with the router parameter.
PARAMETERS:
router - Resync content for the router table
<vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ?


enable admin config-sync resync-slave

COMMAND:
resync-slave message-vpn <vpn-name>
DESCRIPTION:
Resync the selected table, forcing this slave's content to be overwritten with that from a master. Config-sync must be a slave for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ?


enable admin cspf

COMMAND:
cspf [neighbor...]
DESCRIPTION:
Enter cspf admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
neighbor - Enter neighbor admin mode


enable admin cspf neighbor

COMMAND:
neighbor <physical-router-name>
DESCRIPTION:
Enter neighbor admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?


enable admin cspf neighbor <physical-router-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<event-name> [string] - The name of the one shot event.


enable admin delete-remote-router

COMMAND:
delete-remote-router <router-name>
DESCRIPTION:
Delete remote router from the SMRP and/or Message Spool database and remove all subscriptions (persistent and non-persistent) received from it

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


enable admin disk

COMMAND:
disk
DESCRIPTION:
Enter disk admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin disk rebuild

COMMAND:
rebuild
DESCRIPTION:
Trigger a disk rebuild after disk replacement

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin disk rebuild-speed

COMMAND:
rebuild-speed {high | low}
DESCRIPTION:
Configure speed at which disk is rebuilt after disk replacement

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
high - Rebuild at high speed
low - Rebuild at low speed (default)


enable admin distributed-cache

COMMAND:
distributed-cache <name> message-vpn <vpn-name>
DESCRIPTION:
Enter distributed-cache admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readonly
PARAMETERS:
<name> [1..200 chars] - The distributed-cache name. Must be a valid topic without hierarchy, whitespace, or ?.
<vpn-name> [1..32 chars] - The message VPN name.


enable admin distributed-cache <name> message-vpn <vpn-name> backup-cached-messages

COMMAND:
backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
DESCRIPTION:
Backup cached messages of the selected cache-instance to disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
cancel - Cancel the backup/restore operation currently in progress
<filename> [1..255 chars] - Filename for backup/restore of cached messages
<instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?.


enable admin distributed-cache <name> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Clear an event of selected cache-instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readonly
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<event-name> [lost-message] - Name of the event, or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?


enable admin distributed-cache <name> message-vpn <vpn-name> delete-messages

COMMAND:
delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Delete message contents covered by given topic in selected cache-instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?
<topic> [1..250 chars] - Delete messages covered by this topic


enable admin distributed-cache <name> message-vpn <vpn-name> restore-cached-messages

COMMAND:
restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
DESCRIPTION:
Restore cached messages for the selected cache-instance from disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
cancel - Cancel the backup/restore operation currently in progress
<filename> [1..255 chars] - Filename for backup/restore of cached messages
<instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?.


enable admin distributed-cache <name> message-vpn <vpn-name> start

COMMAND:
start [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Start selected cache instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?


enable admin gather-diagnostics

COMMAND:
gather-diagnostics [days-of-history <days-of-history>]
DESCRIPTION:
Gather a number of diagnostic files and command output into a single diagnostics file

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readonly
PARAMETERS:
<days-of-history> [1..65535] - Number of days of history that should be gathered for diagnostics. Default is 1.


enable admin interface

COMMAND:
interface <phy-interface>
DESCRIPTION:
Enter interface admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable admin interface <phy-interface> switch-active

COMMAND:
switch-active
DESCRIPTION:
switch active link

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin message-spool

COMMAND:
message-spool message-vpn <vpn-name>
DESCRIPTION:
Enter message spool admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the message-spool belongs to


enable admin message-spool message-vpn <vpn-name> commit-transaction

COMMAND:
commit-transaction xid <xid>
DESCRIPTION:
Commit the transaction identified by the XID. The transaction is heuristically committed and thus is not deleted upon completing the commit. To delete, use the delete-transaction command.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> delete-messages

COMMAND:
delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to <to-msg-id>]]
DESCRIPTION:
Delete spooled messages

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<msg-id> [1..18446744073709551615] - Message id to be deleted
<queue-name> [1..200 chars] - Queue name; may contain wildcard characters * or ?
<te-name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ?
<to-msg-id> [1..18446744073709551615] - End of range of message ids to be deleted


enable admin message-spool message-vpn <vpn-name> delete-transacted-session

COMMAND:
delete-transacted-session <name>
DESCRIPTION:
Delete the transacted-session identified by the name. The client that is connected to the session is disconnected, and all transactions associated with the session are rolled back and deleted.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..63 chars] - Transacted session name; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> delete-transaction

COMMAND:
delete-transaction xid <xid>
DESCRIPTION:
Delete the transaction identified by the XID. The transaction must be in the Heuristically Completed state.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> queue

COMMAND:
queue <name>
DESCRIPTION:
Enter message spool queue admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..200 chars] - Queue name


enable admin message-spool message-vpn <vpn-name> queue <name> cancel-replay

COMMAND:
cancel-replay [force-complete]
DESCRIPTION:
Cancel all replays to this queue

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
force-complete - force cancellation without waiting for client unbind ack


enable admin message-spool message-vpn <vpn-name> queue <name> start-replay

COMMAND:
start-replay [replay-log <replay-log>] [from-date <from-date>]
DESCRIPTION:
Start a replay to this queue

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<from-date> [string] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second
<replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;"


enable admin message-spool message-vpn <vpn-name> replay-log

COMMAND:
replay-log <name>
DESCRIPTION:
Enter message spool replay log admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..185 chars] - Name of Replay Log. Invalid characters are "'<>*?&;"


enable admin message-spool message-vpn <vpn-name> replay-log <name> trim-logged-messages

COMMAND:
trim-logged-messages older-than-date <older-than-date>
DESCRIPTION:
Trim messages from this replay log

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<older-than-date> [string] - All messages before this date will be removed. Specify using the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second


enable admin message-spool message-vpn <vpn-name> rollback-transaction

COMMAND:
rollback-transaction xid <xid>
DESCRIPTION:
Rollback the transaction identified by the XID. The transaction is heuristically rolled back and thus is not deleted upon completing the rollback. To delete, use the delete-transaction command.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> sequenced-topic

COMMAND:
sequenced-topic <topic> next-sequence-number <seq-num>
DESCRIPTION:
Set the next sequence number for the sequenced topic

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<seq-num> [1..9223372036854775807] - Next sequence number for the sequenced topic
<topic> [1..250 chars] - Topic for applying sequence numbers


enable admin message-spool message-vpn <vpn-name> topic-endpoint

COMMAND:
topic-endpoint <name>
DESCRIPTION:
Enter message spool topic endpoint admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..250 chars] - Topic Endpoint name


enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> cancel-replay

COMMAND:
cancel-replay [force-complete]
DESCRIPTION:
Cancel all replays to this topic endpoint

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
force-complete - force cancellation without waiting for client unbind ack


enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> start-replay

COMMAND:
start-replay [replay-log <replay-log>] [from-date <from-date>]
DESCRIPTION:
Start a replay to this topic endpoint

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<from-date> [string] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second
<replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;"


enable admin product-key

COMMAND:
[no] product-key <key-value>
DESCRIPTION:
Configure a product key to unlock feature content

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<key-value> [40..255 chars] - Product key value


enable admin redundancy

COMMAND:
redundancy [revert-activity]
DESCRIPTION:
Enter redundancy mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
revert-activity - Force backup router to give up activity if primary router is ready to provide service


enable admin redundancy revert-activity

COMMAND:
revert-activity
DESCRIPTION:
Force backup router to give up activity if primary router is ready to provide service

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin system

COMMAND:
system [message-spool]
DESCRIPTION:
Enter system admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
message-spool - Enter message-spool admin mode


enable admin system message-spool

COMMAND:
message-spool [assert-disk-ownership | backup-adb-to-disk | defragment-spool-files... | next-message-id... | override-flash-failure | reset...]
DESCRIPTION:
Enter message-spool admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
assert-disk-ownership - Assert ownership over the message-spool external disk
backup-adb-to-disk - Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore.
defragment-spool-files - Start a spool file defragmentation run
next-message-id - Set the message-id to be assigned to the next message that is spooled. This should be done immediately after the message spool has been reset.
override-flash-failure - Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages.
reset - Reset the message spooling facility on a Solace appliance (without affecting the rest of the appliance configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state.


enable admin system message-spool assert-disk-ownership

COMMAND:
assert-disk-ownership
DESCRIPTION:
Assert ownership over the message-spool external disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin system message-spool backup-adb-to-disk

COMMAND:
backup-adb-to-disk
DESCRIPTION:
Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin system message-spool defragment-spool-files

COMMAND:
defragment-spool-files {start | stop}
DESCRIPTION:
Start a spool file defragmentation run

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
start - initiate spool file defragmentation operation
stop - halt the spool file defragmentation operation


enable admin system message-spool next-message-id

COMMAND:
next-message-id <message-id>
DESCRIPTION:
Set the message-id to be assigned to the next message that is spooled. This should be done immediately after the message spool has been reset.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<message-id> [1..18446744073709551615] - The message-id assigned to the next spooled message.


enable admin system message-spool override-flash-failure

COMMAND:
override-flash-failure
DESCRIPTION:
Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable admin system message-spool reset

COMMAND:
reset [full]
DESCRIPTION:
Reset the message spooling facility on a Solace appliance (without affecting the rest of the appliance configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
full - including reset the message-id assigned to the next spooled message.


enable backup

COMMAND:
backup
DESCRIPTION:
Use this command to immediately create a manual local backup of your configuration database file on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable boot

COMMAND:
boot {<version> [default-config] | backout}
DESCRIPTION:
Use this command to upgrade or downgrade the router software to a new or old SolOS software load and activate it, or to revert to and run the previous SolOS software version that was running before the last upgrade.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
backout - Revert to previous load.
default-config - Boots the router to a default configuration.
<version> [string] - Load version to boot to


enable clear

COMMAND:
clear [bridge... | cache-instance... | certificate-authority... | client... | client-username... | compression... | cspf | ldap-profile... | log | message-spool | message-vpn... | queue... | radius-profile... | replication... | smrp... | snmp | stats | topic-endpoint...]
DESCRIPTION:
Use this command to clear various statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
bridge - Clear the statistics for one or more bridges.
cache-instance - Clear statistics for one or more cache-instances.
certificate-authority - Clear global level statistics for certificate authorities.
Also clears individual certificate authority stats.
client - Clear statistics for one or more clients.
client-username - Clear statistics for one or more client-usernames.
compression - Clear statistics for compression.
cspf - Clear specified CSPF information.
ldap-profile - Clear ldap-profile statistics for one or all profiles.
log - Clear logs.
message-spool - Clear message-spool statistics.
message-vpn - Clear statistics for one or more message VPNs.
queue - Clear statistics for one or more queues.
radius-profile - Clear radius-profile statistics for one or all profiles.
replication - Clear the global replication statistics.
smrp - Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared.
snmp - Clear SNMP statistics.
stats - Clear global level statistics.
topic-endpoint - Clear statistics for one or more topic-endpoints.


enable clear bridge

COMMAND:
bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] stats
DESCRIPTION:
Clear the statistics for one or more bridges.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is primary, backup and auto.
backup - Only bridges of the backup virtual router. Default is primary, backup and auto.
<bridge-name-pattern> [string] - Bridge name; may contain wildcard characters * or ?
primary - Only bridges of the primary virtual router. Default is primary, backup and auto.
stats - Specify this keyword to clear statistics.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear cache-instance

COMMAND:
cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more cache-instances.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ?
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?
stats - Clears cache-instance statistics
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear certificate-authority

COMMAND:
certificate-authority stats
DESCRIPTION:
Clear global level statistics for certificate authorities.
Also clears individual certificate authority stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable clear client

COMMAND:
client <name> [message-vpn <vpn-name>] [primary] [backup] [static] stats
DESCRIPTION:
Clear statistics for one or more clients.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
backup - If specified, clients associated with the backup virtual router will be cleared.
<name> [1..160 chars] - Client name; may contain wildcard characters * or ?
primary - If specified, clients associated with the primary virtual router will be cleared.
static - If specified, clients associated with the static virtual router will be cleared.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear client-username

COMMAND:
client-username <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more client-usernames.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..189 chars] - Client name; may contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear compression

COMMAND:
compression stats
DESCRIPTION:
Clear statistics for compression.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear cspf

COMMAND:
cspf [neighbor... | stats]
DESCRIPTION:
Clear specified CSPF information.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
neighbor - Clear statistics related to neighbors
stats - Clear statistics related to the CSPF protocol


enable clear cspf neighbor

COMMAND:
neighbor <physical-router-name> stats
DESCRIPTION:
Clear statistics related to neighbors

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<physical-router-name> [1..66 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?
stats - Clear neighbor stats


enable clear cspf stats

COMMAND:
stats
DESCRIPTION:
Clear statistics related to the CSPF protocol

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear ldap-profile

COMMAND:
ldap-profile <profile-name> stats
DESCRIPTION:
Clear ldap-profile statistics for one or all profiles.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name. May contain wildcard characters * and ?.


enable clear log

COMMAND:
log [acl... | login... | no-subscription-match | rest...]
DESCRIPTION:
Clear logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
acl - Clear ACL logs.
login - Clear login logs
no-subscription-match - Clear no-subscription-match logs.
rest - Clear REST logs.


enable clear log acl

COMMAND:
acl [client-connect | publish-topic | subscribe-topic]
DESCRIPTION:
Clear ACL logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
client-connect - Clear only logs relating to client-connect ACLs
publish-topic - Clear only logs relating to publish-topic ACLs
subscribe-topic - Clear only logs relating to subscribe-topic ACLs


enable clear log login

COMMAND:
login diag
DESCRIPTION:
Clear login logs

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
diag - Clear logs relating to login diagnostics


enable clear log no-subscription-match

COMMAND:
no-subscription-match
DESCRIPTION:
Clear no-subscription-match logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear log rest

COMMAND:
rest rest-delivery-point errors
DESCRIPTION:
Clear REST logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
errors - Clear logs relating to REST errors
rest-delivery-point - Clear logs relating to REST Delivery Points


enable clear message-spool

COMMAND:
message-spool [stats]
DESCRIPTION:
Clear message-spool statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
stats - Clear message-spool statistics


enable clear message-spool stats

COMMAND:
stats
DESCRIPTION:
Clear message-spool statistics

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear message-vpn

COMMAND:
message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest {{rest-delivery-point <rdp-name>} | {rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2]}} stats*2} | {mqtt {mqtt-session <client-id-pattern>} stats*3}}
DESCRIPTION:
Clear statistics for one or more message VPNs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<client-id-pattern> [string] - The pattern that filters the mqtt-session selected. May contain wildcard characters * and ?.
message-spool-stats - Clear message-spool statistics.
mqtt - MQTT related clear commands
<rdp-name> [string] - The pattern that filters the RDP selected. May contain wildcard characters * and ?.
<rdp-name>*2 - The pattern that filters the RDP selected. May contain wildcard characters * and ?.
replication-stats - Clear replication statistics.
rest - REST related clear commands
<rest-consumer-name> [string] - The pattern that filters the REST Consumer selected. May contain wildcard characters * and ?.
service-stats - Clear SMF service statistics for message VPN.
stats - Clears the statistics for the specified message VPN
stats*2 - Specify this keyword to clear REST Delivery Point statistics.
stats*3 - Specify this keyword to clear MQTT statistics.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear queue

COMMAND:
queue <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more queues.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..200 chars] - Queue name; may contain wildcard characters * or ?
stats - Clears the statistics for the specified queue.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear radius-profile

COMMAND:
radius-profile <profile-name> stats
DESCRIPTION:
Clear radius-profile statistics for one or all profiles.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name. May contain wildcard characters * and ?.


enable clear replication

COMMAND:
replication stats
DESCRIPTION:
Clear the global replication statistics.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
stats - Clear stats.


enable clear smrp

COMMAND:
smrp stats [router-name [<router-name>]]
DESCRIPTION:
Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


enable clear snmp

COMMAND:
snmp [stats]
DESCRIPTION:
Clear SNMP statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
stats - Clear SNMP statistics


enable clear snmp stats

COMMAND:
stats
DESCRIPTION:
Clear SNMP statistics

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear stats

COMMAND:
stats [client | neighbor | ssl]
DESCRIPTION:
Clear global level statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
client - Clear global level statistics for clients.
Also clears individual client stats.
neighbor - Clear global level statistics for neighbors.
Also clears individual neighbor stats.
ssl - Clear global level statistics related to SSL.


enable clear stats client

COMMAND:
client
DESCRIPTION:
Clear global level statistics for clients.
Also clears individual client stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear stats neighbor

COMMAND:
neighbor
DESCRIPTION:
Clear global level statistics for neighbors.
Also clears individual neighbor stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear stats ssl

COMMAND:
ssl
DESCRIPTION:
Clear global level statistics related to SSL.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable clear topic-endpoint

COMMAND:
topic-endpoint <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more topic-endpoints.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ?
stats - Clears the statistics for the specified topic-endpoint.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable configure

COMMAND:
configure
DESCRIPTION:
Use this command to reach the Global CONFIG level by entering configure from the privileged EXEC level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters


enable configure acl-profile

COMMAND:
[no] acl-profile <name> message-vpn <vpn-name>

create acl-profile <name> message-vpn <vpn-name> [allow-client-connect] [allow-publish-topic] [allow-subscribe-topic]

DESCRIPTION:
Use this command to create and configure ACL client profiles for publishing and subscription topic access control.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the ACL Profile.
<vpn-name> [1..32 chars] - Message VPN the ACL profile belongs to
allow-client-connect - Set default-action for a client connect attempt. Default disallow.
allow-publish-topic - Set default-action for publishing. Default disallow.
allow-subscribe-topic - Set default-action for subscribing. Default disallow.


enable configure acl-profile <name> message-vpn <vpn-name> client-connect

COMMAND:
client-connect [default-action... | exception...]
DESCRIPTION:
Configure client-connect access controls

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile connects to the Message VPN.
[no] exception - Configure client connection exceptions to the default action for client connection access attempts.


enable configure acl-profile <name> message-vpn <vpn-name> client-connect default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile connects to the Message VPN.

The no version of the command returns its value to the default (disallow).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
allow - Allow client connection unless an exception is found for it.
disallow - Disallow client connection unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> client-connect exception

COMMAND:
[no] exception <cidr-addr>
DESCRIPTION:
Configure client connection exceptions to the default action for client connection access attempts.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<cidr-addr> [nnn.nnn.nnn.nnn/dd] - IP address/prefix length combination in CIDR form


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic

COMMAND:
publish-topic [default-action... | exceptions...]
DESCRIPTION:
Configure publish-topic access controls

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN.
[no] exceptions - Configure topic publishing exceptions to the default action for topic publishing access attempts.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN.

The no version of the command returns its value to the default (disallow).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
allow - Allow topic unless an exception is found for it.
disallow - Disallow topic unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic exceptions

COMMAND:
[no] exceptions [smf | mqtt] list <exception-list>
DESCRIPTION:
Configure topic publishing exceptions to the default action for topic publishing access attempts.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<exception-list> [1..250 chars] - List of exceptions
mqtt - Exception list uses MQTT topic syntax
smf - Exception list uses SMF topic syntax


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic

COMMAND:
subscribe-topic [default-action... | exceptions...]
DESCRIPTION:
Configure subscribe-topic access controls

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN.
[no] exceptions - Configure topic subscription exceptions to the default action for topic subscription access attempts.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN.

The no version of the command returns its value to the default (disallow).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
allow - Allow topic unless an exception is found for it.
disallow - Disallow topic unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic exceptions

COMMAND:
[no] exceptions [smf | mqtt] list <exception-list>
DESCRIPTION:
Configure topic subscription exceptions to the default action for topic subscription access attempts.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<exception-list> [1..250 chars] - List of exceptions
mqtt - Exception list uses MQTT topic syntax
smf - Exception list uses SMF topic syntax


enable configure authentication

COMMAND:
authentication [allow-direct-shell-login... | certificate-authority... | client-certificate-revocation-checking... | kerberos | ldap-profile... | radius-profile... | replace-duplicate-client-connections | user-class...]
DESCRIPTION:
Enter authentication configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] allow-direct-shell-login - Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access.
[create|no] certificate-authority - Create, edit, and delete Certificate Authorities.
client-certificate-revocation-checking - The client certificate revocation checking mode used when a client authenticates with a client certificate. The modes available include no checking, checking via the Open Certificate Status Protcol (OCSP), checking via Certificate Revocation Lists (CRL), or a combination of the OCSP and CRL methods.
kerberos - Configure Kerberos Authentication.
[create|no] ldap-profile - Create, edit and delete LDAP profiles.
[create|no] radius-profile - Create, edit and delete RADIUS profiles.
[no] replace-duplicate-client-connections - Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections.
user-class - Configure authentication for a given user class.


enable configure authentication allow-direct-shell-login

COMMAND:
[no] allow-direct-shell-login [<shell-login-name>]
DESCRIPTION:
Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access.

The no version of the command returns its value to the default (no allow-direct-shell-login configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<shell-login-name> [1..32 chars] - Any valid SolOS shell user.


enable configure authentication certificate-authority

COMMAND:
[create | no] certificate-authority <ca-name>
DESCRIPTION:
Create, edit, and delete Certificate Authorities.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-name> [1..64 chars] - The name of the certificate authority.


enable configure authentication certificate-authority <ca-name> certificate

COMMAND:
certificate {file <ca-certificate> | content <raw-data>}

no certificate

DESCRIPTION:
The trusted root certificate for a certificate authority. The file must be located in the /certs directory and must be PEM formatted.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-certificate> - The CA certificate file.
<raw-data> [0..24576 chars] - The CA certificate content.


enable configure authentication certificate-authority <ca-name> revocation-check

COMMAND:
revocation-check [crl | ocsp | shutdown]
DESCRIPTION:
Enter the revocation-check configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
crl - Enter the Certificate Revocation Lists (CRL) configuration mode.
ocsp - Enter the Open Certificate Status Protcol (OCSP) configuration mode.
[no] shutdown - Enable or disable certificate authority revocation checking.


enable configure authentication certificate-authority <ca-name> revocation-check crl

COMMAND:
crl [refresh-schedule... | url...]
DESCRIPTION:
Enter the Certificate Revocation Lists (CRL) configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] refresh-schedule - The schedule for refreshing the CRL by downloading a new copy.
[no] url - The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included.


enable configure authentication certificate-authority <ca-name> revocation-check crl refresh-schedule

COMMAND:
refresh-schedule [days <days-of-week> ] times <times-of-day>

no refresh-schedule

DESCRIPTION:
The schedule for refreshing the CRL by downloading a new copy.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<days-of-week> [list of days] - Comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc. Default is daily.
<times-of-day> [list of times] - Hourly or comma-separated list of times of the form hh:mm where hh is [0..23] and mm is [0..59].


enable configure authentication certificate-authority <ca-name> revocation-check crl url

COMMAND:
url <url>

no url

DESCRIPTION:
The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included.

The no version of the command returns its value to the default ().

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<url> [0..2048 chars] - The CRL url.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp

COMMAND:
ocsp [allow-non-responder-certificate | override-url... | responder-common-name... | timeout...]
DESCRIPTION:
Enter the Open Certificate Status Protcol (OCSP) configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] allow-non-responder-certificate - Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses.
[no] override-url - The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included.
[no] responder-common-name - Configure the OCSP responder common name list. When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to specific common names. A maximum of 8 common names can be configured as valid response signers.
[no] timeout - The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp allow-non-responder-certificate

COMMAND:
[no] allow-non-responder-certificate
DESCRIPTION:
Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses.

The default value is no allow-non-responder-certificate.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication certificate-authority <ca-name> revocation-check ocsp override-url

COMMAND:
override-url <ocsp-override-url>

no override-url

DESCRIPTION:
The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included.

The no version of the command returns its value to the default ().

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ocsp-override-url> [0..2048 chars] - The OCSP override url.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp responder-common-name

COMMAND:
responder-common-name {empty | name <common-name>}

no responder-common-name name <common-name>

DESCRIPTION:
Configure the OCSP responder common name list. When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to specific common names. A maximum of 8 common names can be configured as valid response signers.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate
empty - Removes all common names from the list


enable configure authentication certificate-authority <ca-name> revocation-check ocsp timeout

COMMAND:
timeout <seconds>

no timeout

DESCRIPTION:
The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<seconds> [1..86400] - The OCSP timeout in seconds


enable configure authentication certificate-authority <ca-name> revocation-check shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable certificate authority revocation checking.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication client-certificate-revocation-checking

COMMAND:
client-certificate-revocation-checking <mode>
DESCRIPTION:
The client certificate revocation checking mode used when a client authenticates with a client certificate. The modes available include no checking, checking via the Open Certificate Status Protcol (OCSP), checking via Certificate Revocation Lists (CRL), or a combination of the OCSP and CRL methods.

The no version of the command returns its value to the default (none).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<mode> [none | ocsp | crl | ocsp-crl] - The certificate revocation checking mode


enable configure authentication kerberos

COMMAND:
kerberos [keytab]
DESCRIPTION:
Configure Kerberos Authentication.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
keytab - Configure Kerberos keytab entries.


enable configure authentication kerberos keytab

COMMAND:
keytab [add-key... | delete-keytab-entry...]
DESCRIPTION:
Configure Kerberos keytab entries.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
add-key - Add a Kerberos key to the router keytab store.
delete-keytab-entry - Delete a Kerberos key from the router keytab store.


enable configure authentication kerberos keytab add-key

COMMAND:
add-key <keytab-filename> [index <index>]
DESCRIPTION:
Add a Kerberos key to the router keytab store.

The no version of the command returns its value to the default (no add-key configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<index> [1..65535] - Index of the key in the keytab file.
<keytab-filename> [Filename of keytab in /keytab directory.] - Kerberos keytab file used to get the key from.


enable configure authentication kerberos keytab delete-keytab-entry

COMMAND:
delete-keytab-entry <index>
DESCRIPTION:
Delete a Kerberos key from the router keytab store.

The no version of the command returns its value to the default (no delete-keytab-entry configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<index> [1..65535] - Index of the key in the keytab store.


enable configure authentication ldap-profile

COMMAND:
[create | no] ldap-profile <profile-name>
DESCRIPTION:
Create, edit and delete LDAP profiles.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name.


enable configure authentication ldap-profile <profile-name> admin

COMMAND:
admin dn <admin-dn> [password <admin-password> ]
DESCRIPTION:
Configure the router's credentials when connecting to an LDAP server in this profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<admin-dn> [0..1024 chars] - The distinguished name to bind as.
<admin-password> [0..128 chars] - The password to provide during the bind.


enable configure authentication ldap-profile <profile-name> allow-unauthenticated-authentication

COMMAND:
[no] allow-unauthenticated-authentication
DESCRIPTION:
This command allows clients connecting to the router without passwords to have those empty passwords forwarded to the LDAP server(s) for authentication. By disabling this attribute the login attempt is immediately rejected by the router without consulting the LDAP server.
Important: Unauthenticated authentication permits password-less logins for all users of this profile if such authentications are also permitted by the LDAP server. As such enabling this attibute can result in a significant security hole.

The default value is no allow-unauthenticated-authentication.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search

COMMAND:
group-membership-secondary-search [base-dn... | deref... | filter... | filter-attribute-from-primary-search... | follow-continuation-references | scope... | shutdown | timeout...]
DESCRIPTION:
Configure the group membership secondary search parameters.

The intent for this search is to indirectly determine the groups the user belongs to. The "group-membership-attribute-name" is not used when this feature is enabled.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base-dn - Sets the base node for searches.
deref - Configure the dereferencing behavior of searches.
filter - Sets the templated filter used to locate individual users in the directory service.
filter-attribute-from-primary-search - The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search.
[no] follow-continuation-references - Enable or disable the following of continuation references.
scope - Configure the scope of directory searches.
[no] shutdown - Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.
timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search base-dn

COMMAND:
base-dn <distinguished-name>
DESCRIPTION:
Sets the base node for searches.

The no version of the command returns its value to the default ().

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search deref

COMMAND:
deref {never | search | base | always}
DESCRIPTION:
Configure the dereferencing behavior of searches.

The no version of the command returns its value to the default (always).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
always - Always dereference aliases. Default setting.
base - Only dereference alias when locating the base node.
never - Don't dereference aliases.
search - Only dereference aliases when searching.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter

COMMAND:
filter <filter>
DESCRIPTION:
Sets the templated filter used to locate individual users in the directory service.

The no version of the command returns its value to the default ((member=$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH)).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter-attribute-from-primary-search

COMMAND:
filter-attribute-from-primary-search <attribute-name>
DESCRIPTION:
The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search.

The no version of the command returns its value to the default (dn).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attribute-name> [0..64 chars] - LDAP attribute name.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search follow-continuation-references

COMMAND:
[no] follow-continuation-references
DESCRIPTION:
Enable or disable the following of continuation references.

The default value is follow-continuation-references.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search scope

COMMAND:
scope {base | one-level | subtree}
DESCRIPTION:
Configure the scope of directory searches.

The no version of the command returns its value to the default (subtree).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base - Search only the base node.
one-level - Search only 1 level deep.
subtree - Search the entire subtree. Default setting.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..20] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails.


enable configure authentication ldap-profile <profile-name> ldap-server

COMMAND:
ldap-server <ldap-host> index <server-index>

no ldap-server {<ldap-host> | index <server-index>}

DESCRIPTION:
Configures or removes LDAP servers in a given LDAP profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ldap-host> [0..256 chars] - LDAP host. Examples:
ldap://ldap.solace.com
ldap://192.168.123.4:389
ldap://ldap.solace.com:389
<server-index> [1..3] - A positive integer indicating server preference. A value of "1" indicates first choice, "2" indicates second choice, etc. Up to a maximum of "3".


enable configure authentication ldap-profile <profile-name> search

COMMAND:
search [base-dn... | deref... | filter... | follow-continuation-references | scope... | timeout...]
DESCRIPTION:
Configure search parameters.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base-dn - Sets the base node for searches.
deref - Configure the dereferencing behavior of searches.
filter - Sets the templated filter used to locate individual users in the directory service.
[no] follow-continuation-references - Enable or disable the following of continuation references.
scope - Configure the scope of directory searches.
timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.


enable configure authentication ldap-profile <profile-name> search base-dn

COMMAND:
base-dn <distinguished-name>
DESCRIPTION:
Sets the base node for searches.

The no version of the command returns its value to the default ().

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"


enable configure authentication ldap-profile <profile-name> search deref

COMMAND:
deref {never | search | base | always}
DESCRIPTION:
Configure the dereferencing behavior of searches.

The no version of the command returns its value to the default (always).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
always - Always dereference aliases. Default setting.
base - Only dereference alias when locating the base node.
never - Don't dereference aliases.
search - Only dereference aliases when searching.


enable configure authentication ldap-profile <profile-name> search filter

COMMAND:
filter <filter>
DESCRIPTION:
Sets the templated filter used to locate individual users in the directory service.

The no version of the command returns its value to the default ((cn=$CLIENT_USERNAME)).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"


enable configure authentication ldap-profile <profile-name> search follow-continuation-references

COMMAND:
[no] follow-continuation-references
DESCRIPTION:
Enable or disable the following of continuation references.

The default value is follow-continuation-references.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication ldap-profile <profile-name> search scope

COMMAND:
scope {base | one-level | subtree}
DESCRIPTION:
Configure the scope of directory searches.

The no version of the command returns its value to the default (subtree).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base - Search only the base node.
one-level - Search only 1 level deep.
subtree - Search the entire subtree. Default setting.


enable configure authentication ldap-profile <profile-name> search timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..20] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails.


enable configure authentication ldap-profile <profile-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the LDAP profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication ldap-profile <profile-name> tls

COMMAND:
[no] tls
DESCRIPTION:
Enables or disables TLS for this profile.

The default value is no tls.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication radius-profile

COMMAND:
[create | no] radius-profile <profile-name>
DESCRIPTION:
Create, edit and delete RADIUS profiles.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name.


enable configure authentication radius-profile <profile-name> radius-server

COMMAND:
radius-server <ip-port> index <server-index> [key <shared-secret-key> ]

no radius-server {<ip-port> | index <server-index>}

DESCRIPTION:
Configures or removes RADIUS servers in a given RADIUS profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ip-port> [1..253 chars[:nnnnn]/nnn.nnn.nnn.nnn[:nnnnn]] - FQDN or IP address (and optional port).Ex.
192.1.2.3:12345
solace.com
<server-index> [1..3] - Priority index for the server. Default: next available index
<shared-secret-key> [0..64 chars] - The shared secret between the router and the RADIUS server
( no ) <ip-port> [1..253 chars[:nnnnn]/nnn.nnn.nnn.nnn[:nnnnn]] - FQDN or IP address (and optional port). Ex.
192.1.2.3:12345
solace.com


enable configure authentication radius-profile <profile-name> retransmit

COMMAND:
retransmit <attempts>
DESCRIPTION:
Sets the number of times to retry a request.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attempts> [1..10] - The number of attempts to retry a request.


enable configure authentication radius-profile <profile-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the RADIUS profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication radius-profile <profile-name> timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Sets the time to wait before retrying a request.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..10] - The time in seconds to wait.


enable configure authentication replace-duplicate-client-connections

COMMAND:
[no] replace-duplicate-client-connections
DESCRIPTION:
Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections.

The default value is replace-duplicate-client-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters


enable configure authentication user-class

COMMAND:
user-class cli
DESCRIPTION:
Configure authentication for a given user class.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
cli - CLI users


enable configure authentication user-class cli access-level

COMMAND:
access-level [default | ldap]
DESCRIPTION:
Enter sub-mode to configure parameters related to CLI access levels.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
default - Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.
ldap - Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP.


enable configure authentication user-class cli access-level default

COMMAND:
default [global-access-level... | message-vpn]
DESCRIPTION:
Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
global-access-level - Set the global-scope access-level of a CLI username.
message-vpn - Enter sub-mode to configure the access level at Message VPN level for CLI users.


enable configure authentication user-class cli access-level default global-access-level

COMMAND:
global-access-level <access-level>
DESCRIPTION:
Set the global-scope access-level of a CLI username.

The no version of the command returns its value to the default (read-only).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<access-level> [none | read-only | read-write | admin] - CLI global access level


enable configure authentication user-class cli access-level default message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.


enable configure authentication user-class cli access-level default message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured.


enable configure authentication user-class cli access-level default message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level <access-level>
DESCRIPTION:
vpn-scope access-level to assign to CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level


enable configure authentication user-class cli access-level default message-vpn default-access-level

COMMAND:
default-access-level <access-level>
DESCRIPTION:
The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN


enable configure authentication user-class cli access-level ldap

COMMAND:
ldap [group... | group-membership-attribute-name...]
DESCRIPTION:
Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[create|no] group - The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.
[no] group-membership-attribute-name - The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level.


enable configure authentication user-class cli access-level ldap group

COMMAND:
[create | no] group <group-name>
DESCRIPTION:
The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<group-name> [1..256 chars] - LDAP group name.


enable configure authentication user-class cli access-level ldap group-membership-attribute-name

COMMAND:
group-membership-attribute-name <attribute-name>

no group-membership-attribute-name

DESCRIPTION:
The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attribute-name> [1..64 chars] - LDAP attribute name.


enable configure authentication user-class cli access-level ldap group <group-name> global-access-level

COMMAND:
global-access-level <access-level>
DESCRIPTION:
Set the global-scope access-level of CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<access-level> [none | read-only | read-write | admin] - CLI global access level


enable configure authentication user-class cli access-level ldap group <group-name> message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.


enable configure authentication user-class cli access-level ldap group <group-name> message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured.


enable configure authentication user-class cli access-level ldap group <group-name> message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level <access-level>
DESCRIPTION:
vpn-scope access-level to assign to CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level


enable configure authentication user-class cli access-level ldap group <group-name> message-vpn default-access-level

COMMAND:
default-access-level <access-level>
DESCRIPTION:
The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN


enable configure authentication user-class cli auth-type

COMMAND:
auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}
DESCRIPTION:
Assign authentication mechanisms to this user class.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
internal - Internal database.
ldap - LDAP authentication.
<ldap-profile> [1..32 chars] - LDAP profile name.
radius - RADIUS authentication.
<radius-profile> [1..32 chars] - RADIUS profile name.


enable configure authentication user-class cli radius-domain

COMMAND:
radius-domain <radius-domain>

no radius-domain

DESCRIPTION:
Assign radius-domain string for this user class.

The no version of the command returns its value to the default (no radius-domain configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<radius-domain> [0..64 chars] - RADIUS domain string


enable configure bridge

COMMAND:
[create | no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto]
DESCRIPTION:
Enter configuration mode for the specified bridge

The no version of the command removes a bridge that already exists. A bridge cannot be removed unless it is in the 'shutdown' state.

There can be only one bridge operational for a given pair of local and remote tuples of the form {message-vpn, virtual-router}.

'auto' will attach to the 'primary' or 'backup' router depending, respectively, on the type of router executing the command.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
auto - (default) bridge belongs to the primary virtual router on the primary/active and the backup virtual router on the backup/standby.
backup - bridge belongs to the backup virtual-router
<bridge-name> [1..150 chars] - The name of the Bridge.
primary - bridge belongs to the primary virtual-router
<vpn-name> [1..32 chars] - The name of the local Message VPN of the Bridge.


enable configure bridge <bridge-name> message-vpn <vpn-name> max-ttl

COMMAND:
max-ttl <ttl-value>

no max-ttl

DESCRIPTION:
The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value.

The no version of the command returns its value to the default (8).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<ttl-value> [1..255] - The new max-ttl value


enable configure bridge <bridge-name> message-vpn <vpn-name> remote

COMMAND:
remote [authentication | deliver-to-one | message-vpn... | retry | subscription-topic...]
DESCRIPTION:
Enter remote configuration mode for the Bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
authentication - Enter authentication configuration mode for the Bridge.
deliver-to-one - Enter deliver-to-one configuration mode for the Bridge.
[create|no] message-vpn - Configure the Message VPN to connect to the remote router.
retry - Enter remote retry configuration mode for the Bridge.
[no] subscription-topic - Add or remove a subscription topic for the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication

COMMAND:
authentication [auth-scheme... | basic | client-certificate]
DESCRIPTION:
Enter authentication configuration mode for the Bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
auth-scheme - The authentication scheme for the remote Message VPN.
basic - Enter basic authentication configuration mode for the Bridge.
client-certificate - Enter client-certificate authentication configuration mode for the Bridge.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication auth-scheme

COMMAND:
auth-scheme {basic | client-certificate}
DESCRIPTION:
The authentication scheme for the remote Message VPN.

The no version of the command returns its value to the default (basic).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
basic - Basic Authentication Scheme (via username and password).
client-certificate - Client Certificate Authentication Scheme (via certificate file or content).


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic

COMMAND:
basic [client-username...]
DESCRIPTION:
Enter basic authentication configuration mode for the Bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] client-username - The Client Username the Bridge uses to login to the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The Client Username the Bridge uses to login to the remote Message VPN.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> - The password associated with the client-username used for authentication on the remote-router.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter client-certificate authentication configuration mode for the Bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] certificate-file - The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> {[file-contents <file-contents> ]}

no certificate-file

DESCRIPTION:
The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<file-contents> [string] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one

COMMAND:
deliver-to-one [priority...]
DESCRIPTION:
Enter deliver-to-one configuration mode for the Bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] priority - The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one priority

COMMAND:
priority <dto-priority>

no priority

DESCRIPTION:
The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN.

The no version of the command returns its value to the default (P1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<dto-priority> [P1 | P2 | P3 | P4 | DA] - The deliver-to-one priority for topic subscriptions.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn

COMMAND:
[create | no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface <phys-intf>]}
DESCRIPTION:
Configure the Message VPN to connect to the remote router.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<addr> - FQDN or IP address (and optional port) where the remote router should be reached. This may be a static or virtual address of the remote-router. DNS name lookup is supported. For bridges that are looping back to a message-vpn on this router, the IP address '127.0.0.1' must be used.
<phys-intf> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"
<virtual-router-name> - name of the virtual remote-router where the message-vpn is located. All virtual remote-router names start with 'v:', for e.g. v:lab-128-97.
<vpn-name> [1..32 chars] - remote message-vpn name


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The Client Username the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> - The password associated with the client-username used for authentication on the remote-router.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } compressed-data

COMMAND:
[no] compressed-data
DESCRIPTION:
Enable or disable data compression for the remote Message VPN connection.

The default value is no compressed-data.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } connect-order

COMMAND:
connect-order <number>

no connect-order

DESCRIPTION:
The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority).

The no version of the command returns its value to the default (4).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<number> [1..4] - number


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool

COMMAND:
message-spool [queue... | window-size...]
DESCRIPTION:
Configure the message spool parameters used when the Bridge connects using the remote Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] queue - The queue binding of the Bridge in the remote Message VPN.
[no] window-size - The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgement is received.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool queue

COMMAND:
queue <name>

no queue

DESCRIPTION:
The queue binding of the Bridge in the remote Message VPN.

The no version of the command returns its value to the default (no queue configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [0..200 chars] - Queue name or #DEAD_MSG_QUEUE


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool window-size

COMMAND:
window-size <number>

no window-size

DESCRIPTION:
The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgement is received.

The no version of the command returns its value to the default (255).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<number> [0..65535] - The transport window size for guaranteed messaging in messages.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the remote Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable or disable TLS encryption for the remote Message VPN connection.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional

COMMAND:
unidirectional [client-profile...]
DESCRIPTION:
Configure the unidirectional parameters used when the Bridge connects using the remote Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] client-profile - The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters.

The no version of the command returns its value to the default (#client-profile, which has a TCP max window size of 2MB).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry

COMMAND:
retry [count... | delay...]
DESCRIPTION:
Enter remote retry configuration mode for the Bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] count - The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever.
[no] delay - The number of seconds to delay before retrying to connect to the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry count

COMMAND:
count <count>

no count

DESCRIPTION:
The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<count> [0..255] - Number of times to retry a connection to an individual router-name.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry delay

COMMAND:
delay <seconds>

no delay

DESCRIPTION:
The number of seconds to delay before retrying to connect to the remote Message VPN.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<seconds> [0..255] - Number of seconds


enable configure bridge <bridge-name> message-vpn <vpn-name> remote subscription-topic

COMMAND:
subscription-topic <topic> [deliver-always]

no subscription-topic <topic>

DESCRIPTION:
Add or remove a subscription topic for the remote Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
deliver-always - Enable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both.
<topic> [1..250 chars] - The topic of the Bridge remote subscription.
( no ) <topic> [1..250 chars] - The subscription-topic to remove.


enable configure bridge <bridge-name> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Bridge.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl

COMMAND:
ssl [cipher-suite... | trusted-common-name...]
DESCRIPTION:
Enter SSL configuration mode for the Bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] cipher-suite - Configure available cipher-suites for TLS connections to the remote Message VPN.
[no] trusted-common-name - Configure the bridge TLS authentication mechanism with a list of trusted common names. This list is used to verify the common name of the remote server certificate.


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl cipher-suite

COMMAND:
cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no cipher-suite name <suite-name>

DESCRIPTION:
Configure available cipher-suites for TLS connections to the remote Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list.
empty - Remove all cipher suites from the list
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl trusted-common-name

COMMAND:
trusted-common-name {empty | name <common-name>}

no trusted-common-name name <common-name>

DESCRIPTION:
Configure the bridge TLS authentication mechanism with a list of trusted common names. This list is used to verify the common name of the remote server certificate.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate
empty - Removes all common names from the list


enable configure client-profile

COMMAND:
[create | no] client-profile <name> message-vpn <vpn-name>
DESCRIPTION:
Enter client-profile configuration mode for the specified client-profile, creating that profile if it does not already exist

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.
<vpn-name> [1..32 chars] - Message VPN the Client Profile belongs to


enable configure client-profile <name> message-vpn <vpn-name> allow-bridge-connections

COMMAND:
[no] allow-bridge-connections
DESCRIPTION:
Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections.

The default value is no allow-bridge-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> allow-shared-subscriptions

COMMAND:
[no] allow-shared-subscriptions
DESCRIPTION:
Enable or disable allowing shared subscriptions.

The default value is no allow-shared-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> compression

COMMAND:
compression [shutdown]
DESCRIPTION:
Enter Compression configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] shutdown - Enable or disable allowing clients using the Client Profile to use compression.


enable configure client-profile <name> message-vpn <vpn-name> compression shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to use compression.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> eliding

COMMAND:
eliding [delay... | max-topics... | shutdown]
DESCRIPTION:
Enter Client Profile eliding configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] delay - The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients.
[no] max-topics - The maximum number of topics tracked for message eliding per client connection using the Client Profile.
[no] shutdown - Enable or disable message eliding for clients using the Client Profile.


enable configure client-profile <name> message-vpn <vpn-name> eliding delay

COMMAND:
delay <milliseconds>

no delay

DESCRIPTION:
The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<milliseconds> [0..60000] - Eliding delay interval in milliseconds


enable configure client-profile <name> message-vpn <vpn-name> eliding max-topics

COMMAND:
max-topics <num>

no max-topics

DESCRIPTION:
The maximum number of topics tracked for message eliding per client connection using the Client Profile.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<num> [1..32000] - The max number of topics


enable configure client-profile <name> message-vpn <vpn-name> eliding shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable message eliding for clients using the Client Profile.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> event

COMMAND:
event [client-provisioned-endpoint-spool-usage | connections-per-client-username | egress-flows | endpoints-per-client-username | ingress-flows | service | subscriptions | transacted-sessions | transactions]
DESCRIPTION:
Enter Client Profile event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
client-provisioned-endpoint-spool-usage - Configure the event thresholds for the spool usage for the client provisioned endpoints.
connections-per-client-username - Configure the event for the number of connections for a given client-username.
egress-flows - Configure the event thresholds for the number of egress flows allowed per client associated with this client profile.
endpoints-per-client-username - Configure the event thresholds for the number of queues and topic endpoints for a given client-username associated with this client profile.
ingress-flows - Configure the event thresholds for the number of ingress flows allowed per client associated with this client profile.
service - Configure per-service events.
subscriptions - Configure the event for the number of subscriptions per client.
transacted-sessions - Configure the event thresholds for guaranteed data transacted sessions allowed per client.
transactions - Configure the event thresholds for guaranteed data transactions allowed per client.


enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage

COMMAND:
client-provisioned-endpoint-spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the spool usage for the client provisioned endpoints.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the provisioned endpoint spool usage event as a percentage of the signalled max-spool-usage. Changing these values during operation does not affect existing sessions. For provisioned durable endpoints, these settings apply when initially provisioned, but can then be changed at any time afterwards via the associated queue/topic-endpoint spool-usage command.


enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the provisioned endpoint spool usage event as a percentage of the signalled max-spool-usage. Changing these values during operation does not affect existing sessions. For provisioned durable endpoints, these settings apply when initially provisioned, but can then be changed at any time afterwards via the associated queue/topic-endpoint spool-usage command.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value


enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Configure the event for the number of connections for a given client-username.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - "Configure/reset thresholds for the connections-per-client-username event."


enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
"Configure/reset thresholds for the connections-per-client-username event."

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections-per-client-username value
<clear-value> [0..200000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections-per-client-username value
<set-value> [0..200000] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of egress flows allowed per client associated with this client profile.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of egress flows allowed per client, either as percentage of maximum number of egress flows, or as a count.


enable configure client-profile <name> message-vpn <vpn-name> event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of egress flows allowed per client, either as percentage of maximum number of egress flows, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-egress-flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-egress-flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username

COMMAND:
endpoints-per-client-username [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of queues and topic endpoints for a given client-username associated with this client profile.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of endpoints belonging to the same client username associated with this client profile, either as percentage of maximum number of endpoints, or as a count.


enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of endpoints belonging to the same client username associated with this client profile, either as percentage of maximum number of endpoints, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-endpoints value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-endpoints value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of ingress flows allowed per client associated with this client profile.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of ingress flows allowed per client, either as percentage of maximum number of ingress flows, or as a count.


enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of ingress flows allowed per client, either as percentage of maximum number of ingress flows, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-ingress-flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-ingress-flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event service

COMMAND:
service [smf | web-transport]
DESCRIPTION:
Configure per-service events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
smf - Configure client-profile events for the SMF service.
web-transport - Configure client-profile events for the Web Transport service.


enable configure client-profile <name> message-vpn <vpn-name> event service smf

COMMAND:
smf [connections-per-client-username]
DESCRIPTION:
Configure client-profile events for the SMF service.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
connections-per-client-username - Configure the event for the number of connections for a given client-username.


enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Configure the event for the number of connections for a given client-username.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the connections-per-client-username event.


enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the connections-per-client-username event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections-per-client-username value
<clear-value> [0..30000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections-per-client-username value
<set-value> [0..30000] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport

COMMAND:
web-transport [connections-per-client-username]
DESCRIPTION:
Configure client-profile events for the Web Transport service.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
connections-per-client-username - Configure the event for the number of connections for a given client-username.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Configure the event for the number of connections for a given client-username.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the connections-per-client-username event.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the connections-per-client-username event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections-per-client-username value
<clear-value> [0..200000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections-per-client-username value
<set-value> [0..200000] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event subscriptions

COMMAND:
subscriptions [thresholds...]
DESCRIPTION:
Configure the event for the number of subscriptions per client.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the subscriptions event either as a percentage of max-subscriptions or as a count


enable configure client-profile <name> message-vpn <vpn-name> event subscriptions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the subscriptions event either as a percentage of max-subscriptions or as a count

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-subscriptions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-subscriptions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transacted sessions allowed per client.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the client level transacted sessions event, either as a percentage of the maximum number of guaranteed data transacted sessions allowed per client or as a count.


enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the client level transacted sessions event, either as a percentage of the maximum number of guaranteed data transacted sessions allowed per client or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transacted-sessions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transacted-sessions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transactions allowed per client.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the client level transactions event, either as a percentage of the maximum number of guaranteed data transactions allowed per client or as a count.


enable configure client-profile <name> message-vpn <vpn-name> event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the client level transactions event, either as a percentage of the maximum number of guaranteed data transactions allowed per client or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transactions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transactions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure client-profile <name> message-vpn <vpn-name> max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - value


enable configure client-profile <name> message-vpn <vpn-name> max-subscriptions

COMMAND:
max-subscriptions <value>

no max-subscriptions

DESCRIPTION:
The maximum number of subscriptions per client using the Client Profile.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..4294967295] - value


enable configure client-profile <name> message-vpn <vpn-name> message-spool

COMMAND:
message-spool [allow-cut-through-forwarding | allow-guaranteed-endpoint-create | allow-guaranteed-message-receive | allow-guaranteed-message-send | allow-transacted-sessions | api-queue-management | api-topic-endpoint-management | max-egress-flows... | max-endpoints-per-client-username... | max-ingress-flows... | max-transacted-sessions... | max-transactions... | reject-msg-to-sender-on-no-subscription-match]
DESCRIPTION:
Enter Client Profile message spool configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] allow-cut-through-forwarding - Enable or disable allowing clients using the Client Profile to bind to endpoints with the cut-through forwarding delivery mode. Changing this value does not affect existing client connections.
[no] allow-guaranteed-endpoint-create - Enable or disable allowing clients using the Client Profile to create topic endponts or queues. Changing this value does not affect existing client connections.
[no] allow-guaranteed-message-receive - Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections.
[no] allow-guaranteed-message-send - Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections.
[no] allow-transacted-sessions - Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections.
api-queue-management - Enter API queue management configuration mode. This mode is for provisioning queues as templates for new queues that are signaled in from an API.
api-topic-endpoint-management - Enter API topic endpoint management configuration mode. This mode is for provisioning topic endpoints as templates for new topic endpoints that are signaled in from an API.
[no] max-egress-flows - The maximum number of transmit flows per client using the Client Profile.
[no] max-endpoints-per-client-username - The maximum number of queues and topic endpoints per Client Username using the Client Profile.
[no] max-ingress-flows - The maximum number of receive flows per client using the Client Profile.
[no] max-transacted-sessions - The maximum number of transacted sessions per client using the Client Profile.
[no] max-transactions - The maximum number of transactions per client using the Client Profile.
[no] reject-msg-to-sender-on-no-subscription-match - Enable or disable the sending of a negative acknowledgement (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-cut-through-forwarding

COMMAND:
[no] allow-cut-through-forwarding
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to bind to endpoints with the cut-through forwarding delivery mode. Changing this value does not affect existing client connections.

The default value is no allow-cut-through-forwarding.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-endpoint-create

COMMAND:
[no] allow-guaranteed-endpoint-create
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to create topic endponts or queues. Changing this value does not affect existing client connections.

The default value is no allow-guaranteed-endpoint-create.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-receive

COMMAND:
[no] allow-guaranteed-message-receive
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections.

The default value is no allow-guaranteed-message-receive.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-send

COMMAND:
[no] allow-guaranteed-message-send
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections.

The default value is no allow-guaranteed-message-send.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-transacted-sessions

COMMAND:
[no] allow-transacted-sessions
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections.

The default value is no allow-transacted-sessions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management

COMMAND:
api-queue-management [copy-from-on-create...]
DESCRIPTION:
Enter API queue management configuration mode. This mode is for provisioning queues as templates for new queues that are signaled in from an API.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] copy-from-on-create - The name of a queue to copy settings from when a new queue is created by a client using the Client Profile. The referenced queue must exist in the Message VPN.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management copy-from-on-create

COMMAND:
copy-from-on-create <queue-name>

no copy-from-on-create

DESCRIPTION:
The name of a queue to copy settings from when a new queue is created by a client using the Client Profile. The referenced queue must exist in the Message VPN.

The no version of the command returns its value to the default (no copy-from-on-create configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<queue-name> [0..200 chars] - Name of the Queue to use as a template for new queues


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management

COMMAND:
api-topic-endpoint-management [copy-from-on-create...]
DESCRIPTION:
Enter API topic endpoint management configuration mode. This mode is for provisioning topic endpoints as templates for new topic endpoints that are signaled in from an API.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] copy-from-on-create - The name of a topic endpoint to copy settings from when a new topic endpoint is created by a client using the Client Profile. The referenced topic endpoint must exist in the Message VPN.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management copy-from-on-create

COMMAND:
copy-from-on-create <topic-endpoint-name>

no copy-from-on-create

DESCRIPTION:
The name of a topic endpoint to copy settings from when a new topic endpoint is created by a client using the Client Profile. The referenced topic endpoint must exist in the Message VPN.

The no version of the command returns its value to the default (no copy-from-on-create configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<topic-endpoint-name> [0..200 chars] - Name of the topic-endpoint to use as a template for new topic-endpoints


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-egress-flows

COMMAND:
max-egress-flows <value>

no max-egress-flows

DESCRIPTION:
The maximum number of transmit flows per client using the Client Profile.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - Maximum number of egress flows


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-endpoints-per-client-username

COMMAND:
max-endpoints-per-client-username <value>

no max-endpoints-per-client-username

DESCRIPTION:
The maximum number of queues and topic endpoints per Client Username using the Client Profile.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - Maximum number of queues and topic endpoints


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-ingress-flows

COMMAND:
max-ingress-flows <value>

no max-ingress-flows

DESCRIPTION:
The maximum number of receive flows per client using the Client Profile.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - Maximum number of ingress flows


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transacted-sessions

COMMAND:
max-transacted-sessions <value>

no max-transacted-sessions

DESCRIPTION:
The maximum number of transacted sessions per client using the Client Profile.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..16000] - Maximum transacted sessions


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transactions

COMMAND:
max-transactions <value>

no max-transactions

DESCRIPTION:
The maximum number of transactions per client using the Client Profile.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..50000] - Maximum transactions


enable configure client-profile <name> message-vpn <vpn-name> message-spool reject-msg-to-sender-on-no-subscription-match

COMMAND:
[no] reject-msg-to-sender-on-no-subscription-match
DESCRIPTION:
Enable or disable the sending of a negative acknowledgement (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found.

The default value is no reject-msg-to-sender-on-no-subscription-match.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> queue

COMMAND:
queue <type>
DESCRIPTION:
Enter Client Profile queue configuration mode for the specified queue.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<type> - Queue type (G-Guaranteed, D-Direct, C-Control)


enable configure client-profile <name> message-vpn <vpn-name> queue <type> max-depth

COMMAND:
max-depth <depth>

no max-depth

DESCRIPTION:
Configure the maximum depth of the specified queue measured in work units. Each work unit is 2048 bytes of data.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<depth> [2..262144] - The queue depth in number of work units


enable configure client-profile <name> message-vpn <vpn-name> queue <type> min-msg-burst

COMMAND:
min-msg-burst <depth>

no min-msg-burst

DESCRIPTION:
Configure the minimum number of messages that must be on a priority queue before the queue's depth is checked against the max-depth setting.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<depth> [0..262144] - The queue burst depth in messages


enable configure client-profile <name> message-vpn <vpn-name> replication

COMMAND:
replication [allow-clients-when-standby]
DESCRIPTION:
Enter Client Profile replication configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] allow-clients-when-standby - Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby.


enable configure client-profile <name> message-vpn <vpn-name> replication allow-clients-when-standby

COMMAND:
[no] allow-clients-when-standby
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby.

The default value is no allow-clients-when-standby.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> service

COMMAND:
service [smf | web-transport]
DESCRIPTION:
Enter per-service configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
smf - Enter Client Profile SMF service configuration.
web-transport - Enter Client Profile Web Transport service configuration.


enable configure client-profile <name> message-vpn <vpn-name> service smf

COMMAND:
smf [max-connections-per-client-username...]
DESCRIPTION:
Enter Client Profile SMF service configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] max-connections-per-client-username - The maximum number of SMF client connections per Client Username using the Client Profile.


enable configure client-profile <name> message-vpn <vpn-name> service smf max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of SMF client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..30000] - value


enable configure client-profile <name> message-vpn <vpn-name> service web-transport

COMMAND:
web-transport [inactive-timeout... | max-connections-per-client-username... | max-web-payload...]
DESCRIPTION:
Enter Client Profile Web Transport service configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] inactive-timeout - The timeout for inactive Web Transport client sessions using the Client Profile, in seconds.
[no] max-connections-per-client-username - The maximum number of Web Transport client connections per Client Username using the Client Profile.
[no] max-web-payload - The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport inactive-timeout

COMMAND:
inactive-timeout <seconds>

no inactive-timeout

DESCRIPTION:
The timeout for inactive Web Transport client sessions using the Client Profile, in seconds.

The no version of the command returns its value to the default (30).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<seconds> [1..4294967295] - Duration of the inactive timeout in seconds


enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of Web Transport client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - value


enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-web-payload

COMMAND:
max-web-payload <bytes>

no max-web-payload

DESCRIPTION:
The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included.

The no version of the command returns its value to the default (1000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<bytes> [300..10000000] - Maximum size of web transport message payload in bytes


enable configure client-profile <name> message-vpn <vpn-name> ssl

COMMAND:
ssl [allow-downgrade-to-plain-text]
DESCRIPTION:
Enter SSL configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] allow-downgrade-to-plain-text - Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text.


enable configure client-profile <name> message-vpn <vpn-name> ssl allow-downgrade-to-plain-text

COMMAND:
[no] allow-downgrade-to-plain-text
DESCRIPTION:
Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text.

The default value is allow-downgrade-to-plain-text.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-profile <name> message-vpn <vpn-name> tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter TCP configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support before changing this value.
keepalive - Enter Client Profile TCP keepalive configuration.
[no] max-wnd - The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.
[no] mss - The TCP maximum segment size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.


enable configure client-profile <name> message-vpn <vpn-name> tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support before changing this value.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<num-mss> [2..7826] - The size of the initial congestion window measured in number of MSS.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter Client Profile TCP keepalive configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<num> [2..5] - The maximum number of keepalive probes TCP should send before dropping the connection.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<seconds> [3..120] - The time (in seconds) the connection needs to be idle before TCP starts sending keepalive probes.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<seconds> [1..30] - The time (in seconds) between individual keepalive probes.


enable configure client-profile <name> message-vpn <vpn-name> tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<num-kilo-bytes> [16..65536] - The size of the maximum TCP window size in KB.


enable configure client-profile <name> message-vpn <vpn-name> tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
The TCP maximum segment size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<byte-count> [256..1460] - The size in bytes of MSS.


enable configure client-username

COMMAND:
[create | no] client-username <username> message-vpn <vpn-name>
DESCRIPTION:
Enter configuration mode for the specified client-username

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<username> [1..189 chars] - The name of the Client Username.
<vpn-name> [1..32 chars] - The Message VPN the Client Username belongs to.


enable configure client-username <username> message-vpn <vpn-name> acl-profile

COMMAND:
acl-profile <name>

no acl-profile

DESCRIPTION:
The ACL Profile of the Client Username.

The no version of the command returns its value to the default (default).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the ACL profile.


enable configure client-username <username> message-vpn <vpn-name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the Client Username.

The no version of the command returns its value to the default (default).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.


enable configure client-username <username> message-vpn <vpn-name> guaranteed-endpoint-permission-override

COMMAND:
[no] guaranteed-endpoint-permission-override
DESCRIPTION:
Enables or disables guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner.

The default value is no guaranteed-endpoint-permission-override.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-username <username> message-vpn <vpn-name> password

COMMAND:
password <password>

no password

DESCRIPTION:
The password for the Client Username.

The no version of the command returns its value to the default (no password configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<password> [0..128 chars] - password


enable configure client-username <username> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables the Client Username. When disabled, all clients currently connected as the Client Username are disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure client-username <username> message-vpn <vpn-name> subscription-manager

COMMAND:
[no] subscription-manager
DESCRIPTION:
Enables or disables the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames.

The default value is no subscription-manager.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure clock

COMMAND:
clock [set... | synchronization | timezone...]
DESCRIPTION:
Use this command to configure the system clock on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
set - Sets the system clock
synchronization - Use this command to configure the system synchronization on the router.
timezone - Sets the system time zone


enable configure clock set

COMMAND:
set <time> <day> <month> <year>
DESCRIPTION:
Sets the system clock

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<day> [1..31] - The current day by date
<month> [string] - The current month by name (e.g. January)
<time> [string] - The current time in 24-hour format (hh:mm:ss)
<year> [1970..2037] - The current year, no abbreviation


enable configure clock synchronization

COMMAND:
synchronization [ntp-server... | protocol... | shutdown]
DESCRIPTION:
Use this command to configure the system synchronization on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] ntp-server - Use this command to configure the Network Time Protocol (NTP) server. The no version turns off NTP server synchronization.
[no] protocol - Set the synchronization protocol
[no] shutdown - Enable or disable clock synchronization


enable configure clock synchronization ntp-server

COMMAND:
ntp-server <ip-addr>

no ntp-server

DESCRIPTION:
Use this command to configure the Network Time Protocol (NTP) server. The no version turns off NTP server synchronization.

The no version of the command returns its value to the default (no ntp-server configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<ip-addr> [1..253 chars/nnn.nnn.nnn.nnn] - FQDN/IP address


enable configure clock synchronization protocol

COMMAND:
protocol {ntp | ptp}

no protocol

DESCRIPTION:
Set the synchronization protocol

The no version of the command returns its value to the default (ntp).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
ntp - Use NTP for system clock synchronization
ptp - Use PTP protocal for system clock synchronization


enable configure clock synchronization shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable clock synchronization

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure clock timezone

COMMAND:
timezone <zone>
DESCRIPTION:
Sets the system time zone

The no version of the command returns its value to the default (UTC).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<zone> [0..32 chars] - The time zone name (e.g. EST, Europe/London, Etc/GMT-5). If unsure, use UTC or see 'show clock timezones' for list of supported time zones.


enable configure compression

COMMAND:
compression [mode...]
DESCRIPTION:
Use this command to set on a global basis the compression mode for data sent from routers. The router compression mode can be configured globally for data sent from the router to one of two types: optimized for size (the default) or optimized for speed. In general, optimized for size yields a higher compression ratio with lower throughput, while optimized for-speed yields a higher throughput with lower compression ratio.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
mode - This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio.


enable configure compression mode

COMMAND:
mode {optimize-for-size | optimize-for-speed}
DESCRIPTION:
This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio.

The no version of the command returns its value to the default (optimize-for-size).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
optimize-for-size - optimize-for-size tends to yield higher compression ratio with lower throughput
optimize-for-speed - optimize-for-speed tends to yield higher throughput with lower compression ratio


enable configure config-sync

COMMAND:
config-sync [authentication | client-profile | shutdown... | synchronize]
DESCRIPTION:
Enter Config-Sync configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
authentication - Enter authentication configuration mode
client-profile - Enter client-profile configuration mode
[no] shutdown - This command disables the Config-Sync feature.
synchronize - Enter synchronization configuration mode.


enable configure config-sync authentication

COMMAND:
authentication [client-certificate]
DESCRIPTION:
Enter authentication configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
client-certificate - Enter client-certificate configuration mode


enable configure config-sync authentication client-certificate

COMMAND:
client-certificate [max-certificate-chain-depth... | validate-certificate-date]
DESCRIPTION:
Enter client-certificate configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] max-certificate-chain-depth - Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.


enable configure config-sync authentication client-certificate max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8


enable configure config-sync authentication client-certificate validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure config-sync client-profile

COMMAND:
client-profile [tcp]
DESCRIPTION:
Enter client-profile configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
tcp - Enter tcp configuration mode


enable configure config-sync client-profile tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter tcp configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] initial-cwnd - Configure the TCP initial congestion window size.
keepalive - Enter configuration of tcp keepalives.
[no] max-wnd - Configure the TCP maximum window size.
[no] mss - Configure the TCP maximum segment size.


enable configure config-sync client-profile tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
Configure the TCP initial congestion window size.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<num-mss> [2..7826] - The size of the initial congestion window measured in number of MSS.


enable configure config-sync client-profile tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter configuration of tcp keepalives.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.


enable configure config-sync client-profile tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<num> [2..5] - The maximum number of keepalive probes TCP should send before dropping the connection.


enable configure config-sync client-profile tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<seconds> [3..120] - The time (in seconds) the connection needs to be idle before TCP starts sending keepalive probes.


enable configure config-sync client-profile tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<seconds> [1..30] - The time (in seconds) between individual keepalive probes.


enable configure config-sync client-profile tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
Configure the TCP maximum window size.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<num-kilo-bytes> [16..65536] - The size of the maximum TCP window size in KB.


enable configure config-sync client-profile tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
Configure the TCP maximum segment size.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<byte-count> [256..1460] - The size in bytes of MSS.


enable configure config-sync shutdown

COMMAND:
shutdown

no shutdown

DESCRIPTION:
This command disables the Config-Sync feature.

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure config-sync synchronize

COMMAND:
synchronize [username]
DESCRIPTION:
Enter synchronization configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] username - Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync.


enable configure config-sync synchronize username

COMMAND:
[no] username
DESCRIPTION:
Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync.

The default value is username.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure console

COMMAND:
console [baud-rate... | login-banner... | timeout...]
DESCRIPTION:
Use this command to configure console parameters on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
baud-rate - Configure the baud rate for the serial console port.
[no] login-banner - Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.

Example input for printing Hello World across 2 lines:
"Hello\nWorld"

Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.

Banners can be a maximum of 2048 characters in length.

The default banner is a product specific description.

The 'no' version of this command returns to the default login banner.
timeout - Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions.


enable configure console baud-rate

COMMAND:
baud-rate <baud-rate>
DESCRIPTION:
Configure the baud rate for the serial console port.

The no version of the command returns its value to the default (9600).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<baud-rate> [integer] - Baud rate in bps. Valid values are: 110, 300, 1200, 2400, 4800, 9600, 19200, 38400, 57600, or 115200


enable configure console login-banner

COMMAND:
login-banner {text <banner-text> | file <file-name> | default}

no login-banner

DESCRIPTION:
Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.

Example input for printing Hello World across 2 lines:
"Hello\nWorld"

Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.

Banners can be a maximum of 2048 characters in length.

The default banner is a product specific description.

The 'no' version of this command returns to the default login banner.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<banner-text> [0..2048 chars] - Text to display on user logins
default - Use the product description as the banner text
file - Load the banner text from a file
<file-name> [0..255 chars] - Name of the file to load from the jail directory
text - Enter the banner text directly on the command line


enable configure console timeout

COMMAND:
timeout <idle-timeout>
DESCRIPTION:
Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<idle-timeout> [0..43200] - timeout value in minutes (0 to disable)


enable configure distributed-cache

COMMAND:
[create | no] distributed-cache <name> message-vpn <vpn-name>
DESCRIPTION:
Use this command to create a Distributed Cache and configure cache parameters. The no version deletes the specified Distributed Cache, as well as all contained Cache Clusters and associated cached messages.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..200 chars] - The distributed-cache name. Must be a valid topic without hierarchy, whitespace, or ?.
<vpn-name> [1..32 chars] - The message VPN name.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster

COMMAND:
[create | no] cache-cluster <name>
DESCRIPTION:
Create or configure a Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..200 chars] - The cache-cluster name. Must be a valid topic without hierarchy, whitespace, or ?.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance

COMMAND:
[create | no] cache-instance <name>
DESCRIPTION:
Create or configure a Cache Instance.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> auto-start

COMMAND:
[no] auto-start
DESCRIPTION:
Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker.

The default value is no auto-start.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Cache Instance.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> stop-on-lost-message

COMMAND:
[no] stop-on-lost-message
DESCRIPTION:
Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages.

The default value is stop-on-lost-message.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> deliver-to-one-override

COMMAND:
[no] deliver-to-one-override
DESCRIPTION:
Enable or disable deliver-to-one override for the Cache Cluster.

The default value is deliver-to-one-override.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event

COMMAND:
event [data-byte-rate | data-message-rate | max-memory | max-topics | request-queue-depth | request-rate | response-rate]
DESCRIPTION:
Enter config mode for events of the Cache Cluster.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
data-byte-rate - Enter config mode for data-byte-rate events.
data-message-rate - Enter config mode for data-message-rate events.
max-memory - Enter config mode for max-memory events.
max-topics - Enter config mode for max-topics events.
request-queue-depth - Enter config mode for request-queue-depth events.
request-rate - Enter config mode for request-rate events.
response-rate - Enter config mode for response-rate events.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate

COMMAND:
data-byte-rate [thresholds...]
DESCRIPTION:
Enter config mode for data-byte-rate events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset set/clear thresholds for the cached data incoming byte rate in bytes/sec.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset set/clear thresholds for the cached data incoming byte rate in bytes/sec.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..4294967295] - The clear-value (rate) for this event.
<set-value> [0..4294967295] - The set-value (rate) for this event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate

COMMAND:
data-message-rate [thresholds...]
DESCRIPTION:
Enter config mode for data-message-rate events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset set/clear thresholds for the cached data incoming message rate in msgs/sec.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset set/clear thresholds for the cached data incoming message rate in msgs/sec.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..4294967295] - The clear-value (rate) for this event.
<set-value> [0..4294967295] - The set-value (rate) for this event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory

COMMAND:
max-memory [thresholds...]
DESCRIPTION:
Enter config mode for max-memory events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset set/clear thresholds for the memory usage per instance in percentage.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset set/clear thresholds for the memory usage per instance in percentage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..100] - The clear-value (percentage) for this event.
<set-value> [0..100] - The set-value (percentage) for this event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics

COMMAND:
max-topics [thresholds...]
DESCRIPTION:
Enter config mode for max-topics events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset set/clear thresholds for the maximum number of topics in percentage.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset set/clear thresholds for the maximum number of topics in percentage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..100] - The clear-value (percentage) for this event.
<set-value> [0..100] - The set-value (percentage) for this event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth

COMMAND:
request-queue-depth [thresholds...]
DESCRIPTION:
Enter config mode for request-queue-depth events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset set/clear thresholds for the request queue depth in percentage.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset set/clear thresholds for the request queue depth in percentage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..100] - The clear-value (percentage) for this event.
<set-value> [0..100] - The set-value (percentage) for this event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate

COMMAND:
request-rate [thresholds...]
DESCRIPTION:
Enter config mode for request-rate events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset set/clear thresholds for the request message rate in msgs/sec.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset set/clear thresholds for the request message rate in msgs/sec.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..4294967295] - The clear-value (rate) for this event.
<set-value> [0..4294967295] - The set-value (rate) for this event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate

COMMAND:
response-rate [thresholds...]
DESCRIPTION:
Enter config mode for response-rate events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset set/clear thresholds for the response message rate in msgs/sec.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset set/clear thresholds for the response message rate in msgs/sec.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..4294967295] - The clear-value (rate) for this event.
<set-value> [0..4294967295] - The set-value (rate) for this event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching

COMMAND:
global-caching [heartbeat... | home-cache-cluster... | shutdown | topic-lifetime...]
DESCRIPTION:
Enter config mode for global caching of the Cache Cluster. Global caching can enable the Cache Cluster to respond to local cache requests for topics that are homed on a remote Cache elsewhere in the network.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] heartbeat - The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters.
[create|no] home-cache-cluster - Create or configure a Home Cache Cluster. This is a remote Cache Cluster in another Distributed Cache which hosts a topic of local interest.
[no] shutdown - Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters.
[no] topic-lifetime - The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching heartbeat

COMMAND:
heartbeat <seconds>

no heartbeat

DESCRIPTION:
The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<seconds> [1..255] - Heartbeat interval in seconds.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster

COMMAND:
[create | no] home-cache-cluster <name>
DESCRIPTION:
Create or configure a Home Cache Cluster. This is a remote Cache Cluster in another Distributed Cache which hosts a topic of local interest.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..200 chars] - The remote home-cache-cluster name. Must be a valid topic without hierarchy, whitespace, or ?.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster <name> topic-prefix

COMMAND:
[no] topic-prefix <topic-prefix>
DESCRIPTION:
Add or remove a topic-prefix for global topics which are available from this Home Cache Cluster in the network. Note that global topics which contain wildcards are not requested from Home Cache Clusters.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<topic-prefix> [1..250 chars] - A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching topic-lifetime

COMMAND:
topic-lifetime <seconds>

no topic-lifetime

DESCRIPTION:
The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging.

The no version of the command returns its value to the default (3600).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<seconds> [0..4294967295] - Topic lifetime in seconds.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-memory

COMMAND:
max-memory <megabytes>

no max-memory

DESCRIPTION:
The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster.

The no version of the command returns its value to the default (2048).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<megabytes> [128..2147483647] - Number of megabytes, 1 MB = 1024 x 1024 bytes.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-messages-per-topic

COMMAND:
max-messages-per-topic <num-messages>

no max-messages-per-topic

DESCRIPTION:
The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<num-messages> [1..2147483647] - Number of messages.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-topics

COMMAND:
max-topics <num-topics>

no max-topics

DESCRIPTION:
The maximum number of topics for each Cache Instance in the Cache Cluster.

The no version of the command returns its value to the default (2000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<num-topics> [1..4294967294] - Maximum number of topics.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> message-lifetime

COMMAND:
message-lifetime <seconds>

no message-lifetime

DESCRIPTION:
The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely.

The no version of the command returns its value to the default (no message-lifetime configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<seconds> [0..4294967294] - Lifetime of a message in seconds.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> new-topic-advertisement

COMMAND:
[no] new-topic-advertisement
DESCRIPTION:
Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster.

The default value is no new-topic-advertisement.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> request-queue-depth

COMMAND:
request-queue-depth <num-messages>

no request-queue-depth

DESCRIPTION:
The maximum queue depth for cache requests received by the Cache Cluster.

The no version of the command returns its value to the default (100000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<num-messages> [1..200000] - Maximum number of messages in request queue.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Cache Cluster.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> topic

COMMAND:
[no] topic <topic-str>
DESCRIPTION:
Add or remove a topic for the Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<topic-str> [1..250 chars] - The value of the Topic in the form a/b/c.


enable configure distributed-cache <name> message-vpn <vpn-name> heartbeat

COMMAND:
heartbeat <seconds>

no heartbeat

DESCRIPTION:
The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<seconds> [3..60] - The heartbeat interval.


enable configure distributed-cache <name> message-vpn <vpn-name> scheduled-delete-message

COMMAND:
scheduled-delete-message [days <days-of-week> ] times <times-of-day>

no scheduled-delete-message

DESCRIPTION:
The scheduled delete message day(s) and time(s).

The no version of the command returns its value to the default ().

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<days-of-week> [list of days] - Comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc. Default is daily.
<times-of-day> [list of times] - Hourly or comma-separated list of times of the form hh:mm where hh is [0..23] and mm is [0..59].


enable configure distributed-cache <name> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Distributed Cache.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure dns

COMMAND:
dns [name-server... | polled-domain-name...]
DESCRIPTION:
Use this command to enter Domain Name System (DNS) configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] name-server - Use this command to provision a DNS server. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. A maximum of 3 name servers is allowed.
[no] polled-domain-name - Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value.


enable configure dns name-server

COMMAND:
[no] name-server <ip-addr>
DESCRIPTION:
Use this command to provision a DNS server. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. A maximum of 3 name servers is allowed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<ip-addr> [nnn.nnn.nnn.nnn] - IP address


enable configure dns polled-domain-name

COMMAND:
polled-domain-name <domain-name>

no polled-domain-name

DESCRIPTION:
Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value.

The no version of the command returns its value to the default (www.solacesystems.com).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<domain-name> [1..256 chars] - The domain name looked-up in order to determine the status of the name servers


enable configure hardware

COMMAND:
hardware [disk... | message-spool | power-redundancy... | topic-routing]
DESCRIPTION:
Use this command to configure routing modules and disks on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
disk - Enable/disable hard disk
message-spool - Configure message spool hardware options
power-redundancy - Configure power-redundancy.
topic-routing - Configure topic routing hardware options


enable configure hardware disk

COMMAND:
disk <disk-name> [no-shutdown] [shutdown]
DESCRIPTION:
Enable/disable hard disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<disk-name> [1..4] - The name of the top disk is 1; and increments to the bottom slot.
no-shutdown - Enable the disk
shutdown - Disable the disk


enable configure hardware message-spool

COMMAND:
message-spool [disk-array... | event | internal-disk | max-cache-usage... | max-spool-usage... | shutdown... | transaction]
DESCRIPTION:
Configure message spool hardware options

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] disk-array - Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.

The "no disk-array" command resets the WWN to its default value of Null.

This command only affects the system behavior if configured to spool to an external disk.

The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.
event - Enter message spool event configuration mode.
[no] internal-disk - Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.

This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.

This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.

internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".
[no] max-cache-usage - Configure guaranteed message cache usage limit.
[no] max-spool-usage - Configure message spool usage limit.
[no] shutdown - Enable/disable message-spooling for the router
transaction - Enter message spool transaction configuration mode.


enable configure hardware message-spool disk-array

COMMAND:
disk-array wwn <wwn>

no disk-array

DESCRIPTION:
Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.

The "no disk-array" command resets the WWN to its default value of Null.

This command only affects the system behavior if configured to spool to an external disk.

The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<wwn> [1..64 chars] - If the WWN is in NAA format it is either an 8 or 16 byte number represented as a string of hex characters separated by colons starting with 1,2,5 or 6.
For example:
50:00:2a:c0:00:f1:33:74
60:06:01:60:bf:51:12:00:9a:fb:40:97:83:3f:dc:11
If it is not in NAA format it can be any string without colons.


enable configure hardware message-spool event

COMMAND:
event [cache-usage | delivered-unacked | disk-usage | egress-flows | endpoints | ingress-flows | message-count | spool-files | spool-usage | transacted-session-resources | transacted-sessions | transactions]
DESCRIPTION:
Enter message spool event configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
cache-usage - Configure the event thresholds for the cache usage
delivered-unacked - Configure the event thresholds for the total number of delivered but unacked messages at system level.
disk-usage - Configure the event thresholds for the active disk partition usage at system level.
egress-flows - Configure the event thresholds for the egress flows at system level.
endpoints - Configure the event thresholds for the number of queues and topic endpoints at system level
ingress-flows - Configure the event thresholds for the ingress flows at system level.
message-count - Configure the event thresholds for the total number of spooled messages at system level.
spool-files - Configure the event thresholds for the spool files at system level.
spool-usage - Configure the event thresholds for the system level spool usage.
transacted-session-resources - Configure the event thresholds for the total number of transacted session resources at system level.
transacted-sessions - Configure the event thresholds for guaranteed data transacted sessions allowed at the system level.
transactions - Configure the event thresholds for guaranteed data transactions allowed at the system level.


enable configure hardware message-spool event cache-usage

COMMAND:
cache-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the cache usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly


enable configure hardware message-spool event cache-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-cache-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-cache-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event delivered-unacked

COMMAND:
delivered-unacked [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of delivered but unacked messages at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event delivered-unacked thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value


enable configure hardware message-spool event disk-usage

COMMAND:
disk-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the active disk partition usage at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event disk-usage thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the active disk partition usage value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the active disk partition usage value


enable configure hardware message-spool event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the egress flows at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count.


enable configure hardware message-spool event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of egress flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of egress flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event endpoints

COMMAND:
endpoints [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of queues and topic endpoints at system level

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count.


enable configure hardware message-spool event endpoints thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the ingress flows at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count.


enable configure hardware message-spool event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of ingress flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of ingress flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event message-count

COMMAND:
message-count [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of spooled messages at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event message-count thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool messages value


enable configure hardware message-spool event spool-files

COMMAND:
spool-files [thresholds...]
DESCRIPTION:
Configure the event thresholds for the spool files at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event spool-files thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool files value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool files value


enable configure hardware message-spool event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the system level spool usage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB)


enable configure hardware message-spool event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB)

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event transacted-session-resources

COMMAND:
transacted-session-resources [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of transacted session resources at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event transacted-session-resources thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value


enable configure hardware message-spool event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transacted sessions allowed at the system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count.


enable configure hardware message-spool event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transacted-sessions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transacted-sessions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transactions allowed at the system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count.


enable configure hardware message-spool event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transactions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transactions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool internal-disk

COMMAND:
[no] internal-disk
DESCRIPTION:
Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.

This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.

This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.

internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".

The default value is no internal-disk.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure hardware message-spool max-cache-usage

COMMAND:
max-cache-usage <percent-usage>

no max-cache-usage

DESCRIPTION:
Configure guaranteed message cache usage limit.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<percent-usage> [0..50] - Maximum percentage of the NAB's egress queueing resources that the guaranteed message cache is allowed to use


enable configure hardware message-spool max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
Configure message spool usage limit.

The no version of the command returns its value to the default (60000).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure hardware message-spool shutdown

COMMAND:
shutdown

no shutdown [primary | backup]

DESCRIPTION:
Enable/disable message-spooling for the router

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
backup - enable spooling for backup router instead of primary
primary - enable spooling for primary router


enable configure hardware message-spool transaction

COMMAND:
transaction [replication-compatibility-mode...]
DESCRIPTION:
Enter message spool transaction configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] replication-compatibility-mode - Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.


enable configure hardware message-spool transaction replication-compatibility-mode

COMMAND:
replication-compatibility-mode {legacy | transacted}

no replication-compatibility-mode

DESCRIPTION:
Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.

The no version of the command returns its value to the default (legacy).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
legacy - All transactions originated by clients are replicated to the standby site without using transactions.
transacted - All transactions originated by clients are replicated to the standby site using transactions.


enable configure hardware power-redundancy

COMMAND:
power-redundancy <type>
DESCRIPTION:
Configure power-redundancy.

The no version of the command returns its value to the default (1+1).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<type> [1+1 | 1+2 | 2+2] - Expected power supply redundancy


enable configure hardware topic-routing

COMMAND:
topic-routing [acl-topic-matching-mode...]
DESCRIPTION:
Configure topic routing hardware options

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] acl-topic-matching-mode - Sets the ACL topic-matching mode for the special #P2P topics used by the Solace appliance. If the ACL topic-matching mode changes from legacy to enforce-for-queues (either when the SolOS version used by the appliance is upgraded or through a manual configuration) some #P2P topics which previously bypassed ACL enforcement may be blocked. To specifically allow a topic that is denied after the change add an appropriate topic-exception to the acl-profile used by the client.


enable configure hardware topic-routing acl-topic-matching-mode

COMMAND:
acl-topic-matching-mode {legacy | enforce-for-queues}

no acl-topic-matching-mode

DESCRIPTION:
Sets the ACL topic-matching mode for the special #P2P topics used by the Solace appliance. If the ACL topic-matching mode changes from legacy to enforce-for-queues (either when the SolOS version used by the appliance is upgraded or through a manual configuration) some #P2P topics which previously bypassed ACL enforcement may be blocked. To specifically allow a topic that is denied after the change add an appropriate topic-exception to the acl-profile used by the client.

The no version of the command returns its value to the default (enforce-for-queues).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
enforce-for-queues - Ignore publish or subscribe ACL rules for any topics matching '#P2P/v:*' or '#P2P/v:*/>' (default as of SolOS 7.1). This mode is more restrictive than legacy mode.
legacy - Ignore publish or subscribe ACL rules for any topics matching '#P2P' or '#P2P/>' (default prior to SolOS 7.1). This mode is less restrictive than enforce-for-queues mode.


enable configure hostname

COMMAND:
hostname <name> [defer]

no hostname [defer]

DESCRIPTION:
Configure the host name.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart.
<name> [1..64 chars] - The hostname to assign to the router. Cannot start with "v:", which stands for virtual router. The "no" version of the command resets the host name to the default value (solace).


enable configure interface

COMMAND:
[create] interface <phy-interface> [<mode>]

no interface <phy-interface>

DESCRIPTION:
Use this command to enter interface configuration mode to configure ethernet or Link Aggregation Group (LAG) parameters for physical interfaces on routers, on an interface by interface basis.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<mode> - (lacp | active-backup)
Examples: "lacp", "active-backup"
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"
( no ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"
( create ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"


enable configure interface <phy-interface> lacp

COMMAND:
lacp [rate...]
DESCRIPTION:
Enter LACP configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
rate - Configure the rate at which the appliance requests LACP PDU from peers.


enable configure interface <phy-interface> lacp rate

COMMAND:
rate {fast | slow}
DESCRIPTION:
Configure the rate at which the appliance requests LACP PDU from peers.

The no version of the command returns its value to the default (fast).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
fast - Fast LACP PDU rate (1 second intervals)
slow - Slow LACP PDU rate (30 seconds intervals)


enable configure interface <phy-interface> member

COMMAND:
[no] member <phy-interface>
DESCRIPTION:
Add/remove LAG interface members

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure interface <phy-interface> primary-member

COMMAND:
primary-member <phy-interface>

no primary-member

DESCRIPTION:
Primary member for active-backup mode.

The no version of the command returns its value to the default (no primary-member configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure interface <phy-interface> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this interface

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure interface <phy-interface> traffic-shaping

COMMAND:
traffic-shaping [egress]
DESCRIPTION:
Enter traffic shaping configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
egress - Enter egress traffic shaping configuration.


enable configure interface <phy-interface> traffic-shaping egress

COMMAND:
egress [rate-limit... | shutdown]
DESCRIPTION:
Enter egress traffic shaping configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] rate-limit - The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value.
[no] shutdown - Enable or disable this interface


enable configure interface <phy-interface> traffic-shaping egress rate-limit

COMMAND:
rate-limit <mbps>

no rate-limit

DESCRIPTION:
The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value.

The no version of the command returns its value to the default (1000000000).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<mbps> [2..4294967295] - maximum sustained egress rate in mega bits per second


enable configure interface <phy-interface> traffic-shaping egress shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this interface

The default value is no shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure ip

COMMAND:
ip [vrf...]
DESCRIPTION:
Use this command to configure IP VPN parameters on routers.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
vrf - Configure Virtual Routing and Forwarding instances


enable configure ip vrf

COMMAND:
vrf <name>
DESCRIPTION:
Configure Virtual Routing and Forwarding instances

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<name> [string] - VRF name


enable configure ip vrf <name> interface

COMMAND:
[create | no] interface <ip-interface> [primary | backup | static]
DESCRIPTION:
Add an IP interface to this VRF routing domain and configure it

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
backup - interface for backup virtual router
<ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"
primary - interface for primary virtual router
static - static interface irrespective of virtual router


enable configure ip vrf <name> interface <ip-interface> ip-address

COMMAND:
ip-address <cidr-addr>

no ip-address [<cidr-addr>]

DESCRIPTION:
Configure ip addresses

The no version of the command returns its value to the default (no ip-address configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<cidr-addr> [nnn.nnn.nnn.nnn/dd or nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn/ddd] - IP address/prefix length combination in CIDR form


enable configure ip vrf <name> interface <ip-interface> kerberos

COMMAND:
kerberos [service-principal-name...]
DESCRIPTION:
Configure kerberos attributes on the interface

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] service-principal-name - Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address


enable configure ip vrf <name> interface <ip-interface> kerberos service-principal-name

COMMAND:
service-principal-name <name>

no service-principal-name

DESCRIPTION:
Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address

The no version of the command returns its value to the default (no service-principal-name configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<name> [string] - Kerberos Service Principal Name (SPN) of the form host/<fully-qualified-domain-name>@<Kerberos Realm>


enable configure ip vrf <name> interface <ip-interface> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Shutdown this IP interface

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure ip vrf <name> route

COMMAND:
route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]

no route {default | default6 | <cidr-addr>} [<interface>]

DESCRIPTION:
Add/Delete IP routes

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<cidr-addr> [nnn.nnn.nnn.nnn/dd or nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn/ddd] - IP address/prefix length combination in CIDR form
default - default ipv4 route
default6 - default ipv6 route
<interface> [1..15 chars] - IP interface (for management VRF) or
physical interface (for msg-backbone VRF).
IP interface has format as
(eth<port>:<ip> | chassis/lag1:1
Examples: "eth1:1", "chassis/lag1:1"
Physical interface has format as
<cartridge>/<slot>/<port> |
<cartridge>/<slot>/lag<N>
Examples: "1/5/2", "1/6/lag1"
<ip-addr> [nnn.nnn.nnn.nnn or nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn] - IP address


enable configure jndi

COMMAND:
jndi message-vpn <vpn-name>
DESCRIPTION:
Use this command to configure standard Java Naming and Directory Interface (JNDI) objects Connection Factory, Topic, and Queue on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the JNDI is configured against.


enable configure jndi message-vpn <vpn-name> connection-factory

COMMAND:
[create | no] connection-factory <name>
DESCRIPTION:
Configure JNDI connection-factory object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The name of the JMS Connection Factory


enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list

COMMAND:
property-list <name>
DESCRIPTION:
Configure a property list of the object

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..64 chars] - Property-list name


enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the property-list

The no version of the command returns its value to the default (property name).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure jndi message-vpn <vpn-name> queue

COMMAND:
[create | no] queue <name>
DESCRIPTION:
Configure JNDI queue object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Queue


enable configure jndi message-vpn <vpn-name> queue <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the object

The no version of the command returns its value to the default (property name).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure jndi message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable/disable JNDI access for clients

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure jndi message-vpn <vpn-name> topic

COMMAND:
[create | no] topic <name>
DESCRIPTION:
Configure JNDI topic object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Topic


enable configure jndi message-vpn <vpn-name> topic <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the object

The no version of the command returns its value to the default (property name).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure logging

COMMAND:
logging [command... | debug... | event | millisecond-timestamp]
DESCRIPTION:
Enter logging configuration mode, to configure command and debug logging parameters

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] command - Configure command logging
[no] debug - Configure debug logging
event - Enter system event configuration.
[no] millisecond-timestamp - Enables millisecond in logging record timestamp. The no version resets back to default.


enable configure logging command

COMMAND:
command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds}

no command {cli | semp-mgmt | semp-msgbus | all}

DESCRIPTION:
Configure command logging

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
all - Configure cli and semp command logging
all-cmds - log all commands to the command log
cli - Configure cli command logging
config-cmds - log only configuration commands
mode - Set the logging mode to one of the following:
semp-mgmt - Configure semp/mgmt command logging
semp-msgbus - Configure semp/msgbus command logging
shutdown - do not log any commands


enable configure logging debug

COMMAND:
debug {<subsystem-id> | all} [level <level>] [mask <mask>]

no debug {<subsystem-id> | all}

DESCRIPTION:
Configure debug logging

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
all - Configure all Sub System IDs at once
<level> [string] - Change the logging level for given Sub System ID
<mask> [string] - Change the mask for given Sub System ID
<subsystem-id> [string] - Sub System ID


enable configure logging event

COMMAND:
event [publish-system | system-tag...]
DESCRIPTION:
Enter system event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] publish-system - Enable system level event message publishing. The no version of the command disables system level event message publishing.
[no] system-tag - Configure a tag string to prefix system publish events.


enable configure logging event publish-system

COMMAND:
[no] publish-system
DESCRIPTION:
Enable system level event message publishing. The no version of the command disables system level event message publishing.

The default value is no publish-system.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure logging event system-tag

COMMAND:
system-tag <tag-string>

no system-tag

DESCRIPTION:
Configure a tag string to prefix system publish events.

The no version of the command returns its value to the default (no system-tag configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<tag-string> [0..32 chars] - String with no whitespace, '?', '*', or quote chars.


enable configure logging millisecond-timestamp

COMMAND:
[no] millisecond-timestamp
DESCRIPTION:
Enables millisecond in logging record timestamp. The no version resets back to default.

The default value is no millisecond-timestamp.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure management-message-vpn

COMMAND:
management-message-vpn <vpn-name>

no management-message-vpn

DESCRIPTION:
Designate this Message VPN as the management Message VPN for system level SEMP get requests and system level event publishing.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<vpn-name> [0..32 chars] - The name of the message vpn to become the management message vpn


enable configure memory-event

COMMAND:
memory-event [nab-buffer-load-factor | physical-memory | subscriptions-memory]
DESCRIPTION:
Use this command to configure the threshold values for memory usage events on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
nab-buffer-load-factor - Configure the event for NAB buffer load factor.
physical-memory - Configure the event for physical memory utilization as percentage.
subscriptions-memory - Configure the event for subscriptions memory utilization as percentage.


enable configure memory-event nab-buffer-load-factor

COMMAND:
nab-buffer-load-factor [thresholds...]
DESCRIPTION:
Configure the event for NAB buffer load factor.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the NAB buffer load factor event


enable configure memory-event nab-buffer-load-factor thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the NAB buffer load factor event

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the nab-buffer-load-factor value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the nab-buffer-load-factor value


enable configure memory-event physical-memory

COMMAND:
physical-memory [thresholds...]
DESCRIPTION:
Configure the event for physical memory utilization as percentage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the physical memory utilization event.


enable configure memory-event physical-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the physical memory utilization event.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-value> [0..100] - Threshold clear value.
<set-value> [0..100] - Threshold set value.


enable configure memory-event subscriptions-memory

COMMAND:
subscriptions-memory [thresholds...]
DESCRIPTION:
Configure the event for subscriptions memory utilization as percentage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the subscriptions memory utilization event


enable configure memory-event subscriptions-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the subscriptions memory utilization event

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<clear-value> [0..100] - Threshold clear value.
<set-value> [0..100] - Threshold set value.


enable configure message-spool

COMMAND:
message-spool message-vpn <vpn-name>
DESCRIPTION:
Use this command to configure message spool parameters for Guaranteed Messaging on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the message-spool belongs to


enable configure message-spool message-vpn <vpn-name> event

COMMAND:
event [egress-flows | endpoints | ingress-flows | spool-usage | transacted-sessions | transactions]
DESCRIPTION:
Enter event configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
egress-flows - Configure the event thresholds for the number of egress flows allowed at VPN level.
endpoints - Configure the event thresholds for the number of queues and topic endpoints allowed at VPN level.
ingress-flows - Configure the event thresholds for the number of ingress flows allowed at VPN level.
spool-usage - Configure the event thresholds for the vpn level spool usage.
transacted-sessions - Configure the event thresholds for guaranteed data transactions on this Message VPN.
transactions - Configure the event thresholds for guaranteed data transacted sessions on this Message VPN.


enable configure message-spool message-vpn <vpn-name> event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of egress flows allowed at VPN level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of egress flows at VPN level event, either as percentage of maximum number of egress flows at VPN level, or as a count.


enable configure message-spool message-vpn <vpn-name> event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of egress flows at VPN level event, either as percentage of maximum number of egress flows at VPN level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-egress-flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-egress-flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> event endpoints

COMMAND:
endpoints [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of queues and topic endpoints allowed at VPN level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of endpoints at VPN level event, either as percentage of maximum number of endpoints at VPN level, or as a count.


enable configure message-spool message-vpn <vpn-name> event endpoints thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of endpoints at VPN level event, either as percentage of maximum number of endpoints at VPN level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-endpoints value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-endpoints value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of ingress flows allowed at VPN level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of ingress flows at VPN level event, either as percentage of maximum number of ingress flows at VPN level, or as a count.


enable configure message-spool message-vpn <vpn-name> event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of ingress flows at VPN level event, either as percentage of maximum number of ingress flows at VPN level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-ingress-flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-ingress-flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the vpn level spool usage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the vpn level spool usage event, either as a percentage of max-spool-usage at vpn level, or as a count(in MB).


enable configure message-spool message-vpn <vpn-name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the vpn level spool usage event, either as a percentage of max-spool-usage at vpn level, or as a count(in MB).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-usage-spool value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-usage-spool value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transactions on this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the VPN level transacted sessions event, either as a percentage of the maximum number of guaranteed data transacted sessions allowed on this Message VPN or as a count.


enable configure message-spool message-vpn <vpn-name> event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the VPN level transacted sessions event, either as a percentage of the maximum number of guaranteed data transacted sessions allowed on this Message VPN or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transacted-sessions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transacted-sessions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transacted sessions on this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the VPN level transactions event, either as a percentage of the maximum number of guaranteed data transactions allowed on this Message VPN or as a count.


enable configure message-spool message-vpn <vpn-name> event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the VPN level transactions event, either as a percentage of the maximum number of guaranteed data transactions allowed on this Message VPN or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transactions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transactions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> max-egress-flows

COMMAND:
max-egress-flows <value>

no max-egress-flows

DESCRIPTION:
The maximum number of transmit flows that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - Maximum number of egress flows


enable configure message-spool message-vpn <vpn-name> max-endpoints

COMMAND:
max-endpoints <value>

no max-endpoints

DESCRIPTION:
The maximum number of Queues and Topic Endpoints that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - Maximum number of queues and topic endpoints


enable configure message-spool message-vpn <vpn-name> max-ingress-flows

COMMAND:
max-ingress-flows <value>

no max-ingress-flows

DESCRIPTION:
The maximum number of receive flows that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - Maximum number of ingress flows


enable configure message-spool message-vpn <vpn-name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage by the Message VPN, in megabytes.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure message-spool message-vpn <vpn-name> max-transacted-sessions

COMMAND:
max-transacted-sessions <value>

no max-transacted-sessions

DESCRIPTION:
The maximum number of transacted sessions that can be created in the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..100000] - Maximum transacted sessions


enable configure message-spool message-vpn <vpn-name> max-transactions

COMMAND:
max-transactions <value>

no max-transactions

DESCRIPTION:
The maximum number of transactions that can be created in the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..100000] - Maximum transactions


enable configure message-spool message-vpn <vpn-name> queue

COMMAND:
queue <name>

no queue <name>

create queue <name>

DESCRIPTION:
Create, delete or enter configuration mode for a Queue

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..200 chars] - Queue name or #DEAD_MSG_QUEUE. Slashes '/' may be used for hierarchical naming, but the name can't start or end in a slash. Illegal characters are '<>*?&;
( no ) <name> [1..200 chars] - Queue name
( create ) <name> [1..200 chars] - Queue name or #DEAD_MSG_QUEUE. Slashes '/' may be used for hierarchical naming, but the name can't start or end in a slash. Illegal characters are '<>*?&;


enable configure message-spool message-vpn <vpn-name> queue <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to client consumer flows bound to the Queue.

The no version of the command returns its value to the default (exclusive).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.


enable configure message-spool message-vpn <vpn-name> queue <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> queue <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages.

The no version of the command returns its value to the default (#DEAD_MSG_QUEUE).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<dmq-name> [1..200 chars] - Dead message queue to be used for the Queue


enable configure message-spool message-vpn <vpn-name> queue <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter queue event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
bind-count - Enter bind-count event configuration.
reject-low-priority-msg-limit - Configure the event thresholds for reject-low-priority-msg-limit
spool-usage - Configure the event thresholds for the queue spool usage


enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter bind-count event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the bind-count event, either as a percentage of max-bind-count or as a count


enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the bind-count event, either as a percentage of max-bind-count or as a count

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-bind-count value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-bind-count value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Configure the event thresholds for reject-low-priority-msg-limit

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the reject-low-priority-msg-limit event, either as a percentage of reject-low-priority-msg-limit or as a count.


enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the reject-low-priority-msg-limit event, either as a percentage of reject-low-priority-msg-limit or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the reject-low-priority-msg-limit value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the reject-low-priority-msg-limit value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the queue spool usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB)


enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB)

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> queue <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Queue.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<value> [0..10000] - Maximum bind-count


enable configure message-spool message-vpn <vpn-name> queue <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Queue.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<max> [1..1000000] - Maximum unacked messages


enable configure message-spool message-vpn <vpn-name> queue <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the Queue, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..30000000] - Maximum message size in bytes


enable configure message-spool message-vpn <vpn-name> queue <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<value> [0..255] - Maximum message redelivery attempts


enable configure message-spool message-vpn <vpn-name> queue <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure message-spool message-vpn <vpn-name> queue <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<ttl> [0..4294967295] - Maximum TTL in seconds


enable configure message-spool message-vpn <vpn-name> queue <name> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username that owns the Queue and has permission equivalent to "delete".

The no version of the command returns its value to the default (no owner configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<owner> [0..189 chars] - Client username owner of the Queue


enable configure message-spool message-vpn <vpn-name> queue <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all client users of the Queue, excluding the owner.

The no version of the command returns its value to the default (no-access).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
all - Apply to all other users excluding the owner
consume - Consume (read and remove) messages in the Queue
delete - Consume messages, modify the topic/selector or delete the client created Queue altogether
modify-topic - Consume messages or modify the topic/selector of the Queue
no-access - Disallows all access
read-only - Read-only access to the messages in the Queue


enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<limit> [0..4294967295] - Maximum number of messages


enable configure message-spool message-vpn <vpn-name> queue <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable the return of negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> queue <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). MQTT queues do not support enabling message priority.

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> queue <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> queue <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the flow of messages to/from a queue.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
egress - Egress messages from the spool
full - All messages to and from the spool
ingress - Ingress messages to the spool


enable configure message-spool message-vpn <vpn-name> queue <name> subscription

COMMAND:
[no] subscription topic <topic>
DESCRIPTION:
Set subscriptions for this queue

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<topic> [1..250 chars] - The topic of the subscription.
( no ) <topic> [1..250 chars] - Topic


enable configure message-spool message-vpn <vpn-name> replay-log

COMMAND:
[create | no] replay-log <name>
DESCRIPTION:
Create or configure a Replay Log

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..185 chars] - Name of Replay Log. Invalid characters are "'<>*?&;"


enable configure message-spool message-vpn <vpn-name> replay-log <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure message-spool message-vpn <vpn-name> replay-log <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
This command disables the flow of messages to/from a Replay Log. The [no] version of this command enables the flow of messages.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
egress - Egress messages from the spool
full - All messages to and from the spool
ingress - Ingress messages to the spool


enable configure message-spool message-vpn <vpn-name> sequenced-topic

COMMAND:
[no] sequenced-topic <topic>
DESCRIPTION:
Set sequenced topics for the Message VPN

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<topic> [1..250 chars] - Topic for applying sequence numbers


enable configure message-spool message-vpn <vpn-name> topic-endpoint

COMMAND:
topic-endpoint <name>

no topic-endpoint <name>

create topic-endpoint <name>

DESCRIPTION:
Create, delete or enter configuration mode for a Topic Endpoint

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..250 chars] - Topic-endpoint name


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The Topic Endpoint access type of either "exclusive" or "non-exclusive". The default value is "exclusive". The allowed values and their meaning are: "exclusive" - Exclusive delivery of messages to first bound client. "non-exclusive" - Non-exclusive delivery of messages to all bound clients.

The no version of the command returns its value to the default (exclusive).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
exclusive - Exclusive delivery of messages to first bound client
non-exclusive - Non-exclusive delivery of messages to all bound clients


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of Consumer ACKs received on the active replication Message VPN to the standby replication Message VPN. The default value is true.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
Identifies the name of the queue which should be used as the topic endpoint's dead message queue.

The no version of the command returns its value to the default (#DEAD_MSG_QUEUE).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<dmq-name> [1..200 chars] - Dead message queue to be used for the topic-endpoint


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter Topic Endpoint event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
bind-count - Enter bind-count event configuration.
reject-low-priority-msg-limit - Configure the event thresholds for reject-low-priority-msg-limit
spool-usage - Configure the event thresholds for the topic endpoint spool usage


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter bind-count event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the bind-count event, either as a percentage of max-bind-count or as a count.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the bind-count event, either as a percentage of max-bind-count or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-bind-count value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-bind-count value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Configure the event thresholds for reject-low-priority-msg-limit

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the reject-low-priority-msg-limit event, either as a percentage of reject-low-priority-msg-limit or as a count.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the reject-low-priority-msg-limit event, either as a percentage of reject-low-priority-msg-limit or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the reject-low-priority-msg-limit value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the reject-low-priority-msg-limit value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the topic endpoint spool usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the topic endpoint spool usage event, either as a percentage of topic endpoint max-spool-usage or as a count (in MB)


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the topic endpoint spool usage event, either as a percentage of topic endpoint max-spool-usage or as a count (in MB)

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of times clients can bind to a given Topic Endpoint.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<value> [0..10000] - Maximum bind-count


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint.

The no version of the command returns its value to the default (10000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<max> [1..1000000] - Maximum unacked messages


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The max message size (in bytes) allowed in the Topic Endpoint. The default value is "10000000".

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..30000000] - Maximum message size in bytes


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Topic Endpoint will attempt redelivery of a given message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<value> [0..255] - Maximum message redelivery attempts


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The max spool usage (in MB) of the Topic Endpoint. Setting the value to zero enables the last-value-queue feature and disables quota checking. The default varies by platform.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum number of seconds that a message can stay in the Topic Endpoint when respect-ttl is enabled. A message will expire according to the lesser of the TTL in the message (assigned by the publisher) and the max-ttl configured on the Topic Endpoint. The max-ttl is a 32-bit integer value from 1 to 4294967295 representing the expiry time in seconds. A max-ttl of 0 disables this feature.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<ttl> [0..4294967295] - Maximum TTL in seconds


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username which owns the Topic Endpoint.

The no version of the command returns its value to the default (no owner configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<owner> [0..189 chars] - Client username owner of the topic-endpoint


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
Permission level for users of the Topic Endpoint, excluding the owner.

The no version of the command returns its value to the default (no-access).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
all - Apply to all other users excluding the owner
consume - Consume (read and remove) messages in the Topic Endpoint
delete - Consume messages, modify the topic/selector or delete the Topic Endpoint altogether
modify-topic - Consume messages or modify the topic/selector of the Topic Endpoint
no-access - Disallows all access
read-only - Read-only access to the messages in the Topic Endpoint


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable if low priority messages are subject to reject-low-priority-msg-limit checking. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<limit> [0..4294967295] - Maximum number of messages


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
The circumstances under which a nack is sent to the client on discards. Note that nacks cause the message to not be delivered to any destination and transacted-session commits to fail. This attribute may only have a value of `"never"` if `rejectLowPriorityMsgEnabled` is disabled.

The default value is no reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. If enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest).

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL). If enabled, messages contained in the Topic Endpoint are checked for expiry. If expired, the message is discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
This command disables the flow of messages to/from a Topic Endpoint. The [no] version of this command enables the flow of messages.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
egress - Egress messages from the spool
full - All messages to and from the spool
ingress - Ingress messages to the spool


enable configure message-vpn

COMMAND:
[create | no] message-vpn <vpn-name>
DESCRIPTION:
Use this command to create and configure a Message VPN on the router.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
Notes/Exceptions: global/rw is required to create or delete a message-vpn.
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure message-vpn <vpn-name> authentication

COMMAND:
authentication [user-class...]
DESCRIPTION:
Enter Message VPN authentication configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
user-class - Assign authentication mechanisms to user classes.


enable configure message-vpn <vpn-name> authentication user-class

COMMAND:
user-class client
DESCRIPTION:
Assign authentication mechanisms to user classes.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
client - Client users


enable configure message-vpn <vpn-name> authentication user-class client basic

COMMAND:
basic [auth-type... | radius-domain... | shutdown]
DESCRIPTION:
Enter user-class basic authentication configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
auth-type - Authentication mechanism to be used for basic authentication of clients connecting to this Message VPN.
[no] radius-domain - The RADIUS domain to use for basic authentication.
[no] shutdown - Enable or disable basic authentication for clients within the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. When enabled, the currently selected authentication type is used for authentication of users that provide basic authentication credentials. If a user provides credentials for a different authentication scheme this setting is not applicable.


enable configure message-vpn <vpn-name> authentication user-class client basic auth-type

COMMAND:
auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none }
DESCRIPTION:
Authentication mechanism to be used for basic authentication of clients connecting to this Message VPN.

The no version of the command returns its value to the default (radius).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
internal - Internal database.
ldap - LDAP authentication.
<ldap-profile> [1..32 chars] - LDAP profile name.
none - No authentication.
radius - RADIUS authentication.
<radius-profile> [1..32 chars] - RADIUS profile name.


enable configure message-vpn <vpn-name> authentication user-class client basic radius-domain

COMMAND:
radius-domain <radius-domain>

no radius-domain

DESCRIPTION:
The RADIUS domain to use for basic authentication.

The no version of the command returns its value to the default ().

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<radius-domain> [0..64 chars] - RADIUS domain string


enable configure message-vpn <vpn-name> authentication user-class client basic shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable basic authentication for clients within the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. When enabled, the currently selected authentication type is used for authentication of users that provide basic authentication credentials. If a user provides credentials for a different authentication scheme this setting is not applicable.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> authentication user-class client client-certificate

COMMAND:
client-certificate [allow-api-provided-username | max-certificate-chain-depth... | revocation-check-mode... | shutdown | username-source... | validate-certificate-date]
DESCRIPTION:
Enter user-class client-certificate configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] allow-api-provided-username - When enabled, if the client specifies a client-username via the API connect method, the client provided username is used instead of the CN (Common Name) field of the certificate"s subject. When disabled, the certificate CN is always used as the client-username.
[no] max-certificate-chain-depth - The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] revocation-check-mode - Define overrides for certificate revocation checking.
For "allow-all" setting, the result of the client certificate revocation check is ignored. For "allow-unknown" setting, the client is authenticated even if the revocation status of his certificate cannot be determined. For "allow-valid" setting, the client is only authenticated if the revocation check returned an explicit positive response.
[no] shutdown - Enable or disable client certificate authentication in the Message VPN.
[no] username-source - The field from the client certificate to use as the client username. When "common-name" is chosen, the username is extracted from the certificate's Common Name. When "subject-alternative-name-msupn" is chosen, the username is extracted from the "Other Name" type of the "Subject Alternate Name" and must have the msUPN signature.
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.


enable configure message-vpn <vpn-name> authentication user-class client client-certificate allow-api-provided-username

COMMAND:
[no] allow-api-provided-username
DESCRIPTION:
When enabled, if the client specifies a client-username via the API connect method, the client provided username is used instead of the CN (Common Name) field of the certificate"s subject. When disabled, the certificate CN is always used as the client-username.

The default value is no allow-api-provided-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> authentication user-class client client-certificate max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8


enable configure message-vpn <vpn-name> authentication user-class client client-certificate revocation-check-mode

COMMAND:
revocation-check-mode <permission>

no revocation-check-mode

DESCRIPTION:
Define overrides for certificate revocation checking.
For "allow-all" setting, the result of the client certificate revocation check is ignored. For "allow-unknown" setting, the client is authenticated even if the revocation status of his certificate cannot be determined. For "allow-valid" setting, the client is only authenticated if the revocation check returned an explicit positive response.

The no version of the command returns its value to the default (allow-valid).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<permission> [allow-all | allow-unknown | allow-valid] - Certificate check mode permission.


enable configure message-vpn <vpn-name> authentication user-class client client-certificate shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable client certificate authentication in the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> authentication user-class client client-certificate username-source

COMMAND:
username-source <source>

no username-source

DESCRIPTION:
The field from the client certificate to use as the client username. When "common-name" is chosen, the username is extracted from the certificate's Common Name. When "subject-alternative-name-msupn" is chosen, the username is extracted from the "Other Name" type of the "Subject Alternate Name" and must have the msUPN signature.

The no version of the command returns its value to the default (common-name).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<source> [common-name | subject-alternate-name-msupn] - The username source


enable configure message-vpn <vpn-name> authentication user-class client client-certificate validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> authentication user-class client kerberos

COMMAND:
kerberos [allow-api-provided-username | shutdown]
DESCRIPTION:
Enter user-class Kerberos configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] allow-api-provided-username - When enabled, if the client specifies a client-username via the API connect method, the client provided username is used instead of the Kerberos Principal name in Kerberos token. When disabled, the Kerberos Principal name is always used as the client-username. The default value is "false".
[no] shutdown - Enable or disable Kerberos authentication in the Message VPN.


enable configure message-vpn <vpn-name> authentication user-class client kerberos allow-api-provided-username

COMMAND:
[no] allow-api-provided-username
DESCRIPTION:
When enabled, if the client specifies a client-username via the API connect method, the client provided username is used instead of the Kerberos Principal name in Kerberos token. When disabled, the Kerberos Principal name is always used as the client-username. The default value is "false".

The default value is no allow-api-provided-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> authentication user-class client kerberos shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Kerberos authentication in the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> authorization

COMMAND:
authorization [user-class...]
DESCRIPTION:
Enter Message VPN authorization configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
user-class - Assign authorization mechanisms to user classes.


enable configure message-vpn <vpn-name> authorization user-class

COMMAND:
user-class client
DESCRIPTION:
Assign authorization mechanisms to user classes.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
client - Client users


enable configure message-vpn <vpn-name> authorization user-class client authorization-group

COMMAND:
[create | no] authorization-group <name>
DESCRIPTION:
The name of the authorization group as it exists on the LDAP server being used to authorize clients. A newly created group is placed at the end of the group list which is the lowest priority. The 'no' version of this command removes the authorization group. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..256 chars] - The name of the LDAP Authorization Group.


enable configure message-vpn <vpn-name> authorization user-class client authorization-group <name> acl-profile

COMMAND:
acl-profile <name>

no acl-profile

DESCRIPTION:
The ACL Profile of the LDAP Authorization Group.

The no version of the command returns its value to the default (default).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - ACL profile name


enable configure message-vpn <vpn-name> authorization user-class client authorization-group <name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the LDAP Authorization Group.

The no version of the command returns its value to the default (default).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.


enable configure message-vpn <vpn-name> authorization user-class client authorization-group <name> order

COMMAND:
order {before | after} <authorization-group-name>
DESCRIPTION:
Arrange the priority of this group relative to another group.

The no version of the command returns its value to the default (no order configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
after - Move current authorization group after existing authorization group name.
<authorization-group-name> [1..256 chars] - Authorization group name.
before - Move current authorization group before existing authorization group name.


enable configure message-vpn <vpn-name> authorization user-class client authorization-group <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the LDAP Authorization Group in the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> authorization user-class client authorization-type

COMMAND:
authorization-type {ldap <ldap-profile> | internal }
DESCRIPTION:
Authorization mechanism to be used for clients connecting to this Message VPN.

The no version of the command returns its value to the default (internal).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
internal - Internal authorization.
ldap - LDAP authorization.
<ldap-profile> - LDAP profile name.


enable configure message-vpn <vpn-name> authorization user-class client ldap

COMMAND:
ldap [group-membership-attribute-name...]
DESCRIPTION:
Enter LDAP authorization configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] group-membership-attribute-name - The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN.


enable configure message-vpn <vpn-name> authorization user-class client ldap group-membership-attribute-name

COMMAND:
group-membership-attribute-name <attribute-name>

no group-membership-attribute-name

DESCRIPTION:
The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN.

The no version of the command returns its value to the default (memberOf).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<attribute-name> [0..64 chars] - LDAP attribute name.


enable configure message-vpn <vpn-name> bridging

COMMAND:
bridging [ssl]
DESCRIPTION:
Enter Message VPN bridging configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
ssl - Enter Message VPN bridging SSL configuration


enable configure message-vpn <vpn-name> bridging ssl

COMMAND:
ssl [server-certificate-validation]
DESCRIPTION:
Enter Message VPN bridging SSL configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
server-certificate-validation - Enter Message VPN bridging SSL server-certificate-validation configuration


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation

COMMAND:
server-certificate-validation [enforce-trusted-common-name | max-certificate-chain-depth... | validate-certificate-date]
DESCRIPTION:
Enter Message VPN bridging SSL server-certificate-validation configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] enforce-trusted-common-name - Enable or disable validation of the Common Name (CN) in the server certificate from the remote broker. If enabled, the Common Name is checked against the list of Trusted Common Names configured for the Bridge.
[no] max-certificate-chain-depth - The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation enforce-trusted-common-name

COMMAND:
[no] enforce-trusted-common-name
DESCRIPTION:
Enable or disable validation of the Common Name (CN) in the server certificate from the remote broker. If enabled, the Common Name is checked against the list of Trusted Common Names configured for the Bridge.

The default value is enforce-trusted-common-name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> distributed-cache-management

COMMAND:
[no] distributed-cache-management
DESCRIPTION:
Enable or disable managing of cache instances over the message bus.

The default value is distributed-cache-management.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> dns

COMMAND:
dns [prefer-ip-version...]
DESCRIPTION:
Enter Message VPN DNS configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] prefer-ip-version - IP version to use if DNS lookup contains both an IPv4 and IPv6 address.


enable configure message-vpn <vpn-name> dns prefer-ip-version

COMMAND:
prefer-ip-version {ipv4 | ipv6}

no prefer-ip-version

DESCRIPTION:
IP version to use if DNS lookup contains both an IPv4 and IPv6 address.

The no version of the command returns its value to the default (ipv6).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
ipv4 - Use IPv4 address when DNS lookup contains both an IPv4 and IPv6 address.
ipv6 - Use IPv6 address when DNS lookup contains both an IPv4 and IPv6 address.


enable configure message-vpn <vpn-name> dynamic-message-routing

COMMAND:
dynamic-message-routing [dmr-bridge... | shutdown]
DESCRIPTION:
Enter Message VPN dynamic-message-routing configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[create|no] dmr-bridge - Create, modify, or remove a DMR Bridge from this Message Vpn to another in a different Cluster.
[no] shutdown - Enable or disable Dynamic Message Routing (DMR) for the Message VPN.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge

COMMAND:
[create | no] dmr-bridge <remote-node-name>
DESCRIPTION:
Create, modify, or remove a DMR Bridge from this Message Vpn to another in a different Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<remote-node-name> [1..64 chars] - The name of the node at the remote end of the DMR Bridge.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote

COMMAND:
remote [message-vpn...]
DESCRIPTION:
Enter remote configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] message-vpn - The remote Message VPN of the DMR Bridge.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote message-vpn

COMMAND:
message-vpn <vpn-name>

no message-vpn

DESCRIPTION:
The remote Message VPN of the DMR Bridge.

The no version of the command returns its value to the default (no message-vpn configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<vpn-name> [0..32 chars] - The name of the Message VPN.


enable configure message-vpn <vpn-name> dynamic-message-routing shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Dynamic Message Routing (DMR) for the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> event

COMMAND:
event [connections | egress-message-rate | ingress-message-rate | large-message-threshold... | log-tag... | publish-client | publish-message-vpn | publish-subscription... | publish-topic-format... | service | subscriptions]
DESCRIPTION:
Enter Message VPN event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
connections - Configure the event for the number of client connections.
egress-message-rate - Configure the event for the egress message rate in msg/sec.
ingress-message-rate - Configure the event for the ingress message rate in msg/sec.
[no] large-message-threshold - Size in KB for what is being considered a large message for the Message VPN.
[no] log-tag - A prefix applied to all published events in this Message VPN. The default value is "".
[no] publish-client - Enable or disable client level event message publishing. The default value is "false".
[no] publish-message-vpn - Enable or disable Message VPN level event message publishing. The default value is "false".
[no] publish-subscription - Enable or disable subscription level event message publishing. The no version of the command disables subscription level event message publishing. If the event topic format is not specified, it defaults to v1
[no] publish-topic-format - Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.
service - Configure the per-service events.
subscriptions - Configure the event for number of subscriptions.


enable configure message-vpn <vpn-name> event connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Configure the event for the number of client connections.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of client connections event.


enable configure message-vpn <vpn-name> event connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of client connections event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections value
<clear-value> [0..200000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections value
<set-value> [0..200000] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> event egress-message-rate

COMMAND:
egress-message-rate [thresholds...]
DESCRIPTION:
Configure the event for the egress message rate in msg/sec.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - "Configure/reset thresholds for the egress message rate event."


enable configure message-vpn <vpn-name> event egress-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
"Configure/reset thresholds for the egress message rate event."

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..4294967295] - Threshold clear value.
<set-value> [0..4294967295] - Threshold set value.


enable configure message-vpn <vpn-name> event ingress-message-rate

COMMAND:
ingress-message-rate [thresholds...]
DESCRIPTION:
Configure the event for the ingress message rate in msg/sec.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - "Configure/reset thresholds for the ingress message rate event."


enable configure message-vpn <vpn-name> event ingress-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
"Configure/reset thresholds for the ingress message rate event."

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-value> [0..4294967295] - Threshold clear value.
<set-value> [0..4294967295] - Threshold set value.


enable configure message-vpn <vpn-name> event large-message-threshold

COMMAND:
large-message-threshold <size>

no large-message-threshold

DESCRIPTION:
Size in KB for what is being considered a large message for the Message VPN.

The no version of the command returns its value to the default (1024).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..4294967295] - size


enable configure message-vpn <vpn-name> event log-tag

COMMAND:
log-tag <tag-string>

no log-tag

DESCRIPTION:
A prefix applied to all published events in this Message VPN. The default value is "".

The no version of the command returns its value to the default (no log-tag configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<tag-string> [0..32 chars] - String with no whitespace, '?', '*', or quote chars.


enable configure message-vpn <vpn-name> event publish-client

COMMAND:
[no] publish-client
DESCRIPTION:
Enable or disable client level event message publishing. The default value is "false".

The default value is no publish-client.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> event publish-message-vpn

COMMAND:
[no] publish-message-vpn
DESCRIPTION:
Enable or disable Message VPN level event message publishing. The default value is "false".

The default value is no publish-message-vpn.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> event publish-subscription

COMMAND:
publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}]

no publish-subscription

DESCRIPTION:
Enable or disable subscription level event message publishing. The no version of the command disables subscription level event message publishing. If the event topic format is not specified, it defaults to v1

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
event-topic-format - Specify the format of the topic used for publishing the subscription event
no-unsubscribe-events-on-disconnect - Do not generate unsubscribe events for each of a client's subscriptions when the client disconnects
v1 - The publish topic is of form: #LOG/INFO/SUB_ADD|SUB_DEL/<subscribedTopic>
v2 - The publish topic is of form: #LOG/INFO/SUB/<routerName>/ADD|DEL/<vpnName>/<clientName>/<subscribedTopic>


enable configure message-vpn <vpn-name> event publish-topic-format

COMMAND:
publish-topic-format [smf] [mqtt]

no publish-topic-format

DESCRIPTION:
Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
mqtt - publish MQTT topic format
smf - publish SMF topic format


enable configure message-vpn <vpn-name> event service

COMMAND:
service [amqp | mqtt | rest | smf | web-transport]
DESCRIPTION:
Configure the per-service events.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
amqp - Configure AMQP service events
mqtt - Configure MQTT service events
rest - Configure REST service events
smf - Configure SMF service events
web-transport - Configure Web Transport service events


enable configure message-vpn <vpn-name> event service amqp

COMMAND:
amqp [connections]
DESCRIPTION:
Configure AMQP service events

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
connections - Configure the event for the number of client connections.


enable configure message-vpn <vpn-name> event service amqp connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Configure the event for the number of client connections.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of client connections event.


enable configure message-vpn <vpn-name> event service amqp connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of client connections event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections value
<clear-value> [0..200000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections value
<set-value> [0..200000] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> event service mqtt

COMMAND:
mqtt [connections]
DESCRIPTION:
Configure MQTT service events

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
connections - Configure the event for the number of client connections.


enable configure message-vpn <vpn-name> event service mqtt connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Configure the event for the number of client connections.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of client connections event.


enable configure message-vpn <vpn-name> event service mqtt connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of client connections event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections value
<clear-value> [0..200000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections value
<set-value> [0..200000] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> event service rest

COMMAND:
rest [incoming]
DESCRIPTION:
Configure REST service events

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
incoming - Configure REST service incoming events


enable configure message-vpn <vpn-name> event service rest incoming

COMMAND:
incoming [connections]
DESCRIPTION:
Configure REST service incoming events

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
connections - Configure the event for the number of client connections.


enable configure message-vpn <vpn-name> event service rest incoming connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Configure the event for the number of client connections.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of client connections event.


enable configure message-vpn <vpn-name> event service rest incoming connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of client connections event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections value
<clear-value> [0..200000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections value
<set-value> [0..200000] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> event service smf

COMMAND:
smf [connections]
DESCRIPTION:
Configure SMF service events

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
connections - Configure the event for the number of client connections.


enable configure message-vpn <vpn-name> event service smf connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Configure the event for the number of client connections.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of client connections event.


enable configure message-vpn <vpn-name> event service smf connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of client connections event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections value
<clear-value> [0..30000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections value
<set-value> [0..30000] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> event service web-transport

COMMAND:
web-transport [connections]
DESCRIPTION:
Configure Web Transport service events

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
connections - Configure the event for the number of client connections.


enable configure message-vpn <vpn-name> event service web-transport connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Configure the event for the number of client connections.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of client connections event.


enable configure message-vpn <vpn-name> event service web-transport connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of client connections event.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-connections value
<clear-value> [0..200000] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-connections value
<set-value> [0..200000] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> event subscriptions

COMMAND:
subscriptions [thresholds...]
DESCRIPTION:
Configure the event for number of subscriptions.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - "Configure/reset thresholds for the number of subscriptions event."


enable configure message-vpn <vpn-name> event subscriptions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
"Configure/reset thresholds for the number of subscriptions event."

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-subscriptions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-subscriptions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> export-policy

COMMAND:
export-policy [export-subscriptions]
DESCRIPTION:
Enter Message VPN subscription export-policy configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] export-subscriptions - Enable or disable the export of subscriptions in this Message VPN to other routers in the network over neighbor links. The default value is "false".


enable configure message-vpn <vpn-name> export-policy export-subscriptions

COMMAND:
[no] export-subscriptions
DESCRIPTION:
Enable or disable the export of subscriptions in this Message VPN to other routers in the network over neighbor links. The default value is "false".

The default value is no export-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of client connections to the Message VPN.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..200000] - value


enable configure message-vpn <vpn-name> max-subscriptions

COMMAND:
max-subscriptions <value>

no max-subscriptions

DESCRIPTION:
The maximum number of local client subscriptions (both primary and backup) that can be added to the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<value> [0..4294967295] - value


enable configure message-vpn <vpn-name> mqtt

COMMAND:
mqtt [mqtt-session... | retain]
DESCRIPTION:
Enter Message VPN MQTT configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[create|no] mqtt-session - Create, delete, or enter configuration mode for an MQTT Session with the given Client ID. On creation, the virtual router defaults to primary. Before deletion, the MQTT Session must be disabled.
retain - Configure the MQTT Retain feature for this Message VPN.


enable configure message-vpn <vpn-name> mqtt mqtt-session

COMMAND:
mqtt-session <client-id> [primary | backup]

no mqtt-session <client-id> [primary | backup]

create mqtt-session <client-id> [primary | backup]

DESCRIPTION:
Create, delete, or enter configuration mode for an MQTT Session with the given Client ID. On creation, the virtual router defaults to primary. Before deletion, the MQTT Session must be disabled.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
backup - The MQTT Session belongs to the backup virtual router
<client-id> [1..128 chars] - The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.
primary - The MQTT Session belongs to the primary virtual router


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty. Before configuring, the MQTT Session must be disabled.

The no version of the command returns its value to the default (no owner configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<owner> [0..189 chars] - The Client Username which owns the MQTT Session


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue

COMMAND:
[create | no] queue
DESCRIPTION:
Create, delete or enter configuration mode for a Queue

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to client consumer flows bound to the Queue.

The no version of the command returns its value to the default (exclusive).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages.

The no version of the command returns its value to the default (#DEAD_MSG_QUEUE).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<dmq-name> [1..200 chars] - Dead message queue to be used for the Queue


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter queue event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
bind-count - Enter bind-count event configuration.
reject-low-priority-msg-limit - Configure the event thresholds for reject-low-priority-msg-limit
spool-usage - Configure the event thresholds for the queue spool usage


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter bind-count event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the bind-count event, either as a percentage of max-bind-count or as a count


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the bind-count event, either as a percentage of max-bind-count or as a count

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-bind-count value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-bind-count value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Configure the event thresholds for reject-low-priority-msg-limit

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the reject-low-priority-msg-limit event, either as a percentage of reject-low-priority-msg-limit or as a count.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the reject-low-priority-msg-limit event, either as a percentage of reject-low-priority-msg-limit or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the reject-low-priority-msg-limit value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the reject-low-priority-msg-limit value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the queue spool usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB)


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB)

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Queue.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<value> [0..10000] - Maximum bind-count


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Queue.

The no version of the command returns its value to the default (max value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<max> [1..1000000] - Maximum unacked messages


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the Queue, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..30000000] - Maximum message size in bytes


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<value> [0..255] - Maximum message redelivery attempts


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<ttl> [0..4294967295] - Maximum TTL in seconds


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username that owns the Queue and has permission equivalent to "delete".

The no version of the command returns its value to the default (no owner configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<owner> [0..189 chars] - Client username owner of the Queue


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all client users of the Queue, excluding the owner.

The no version of the command returns its value to the default (no-access).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
all - Apply to all other users excluding the owner
consume - Consume (read and remove) messages in the Queue
delete - Consume messages, modify the topic/selector or delete the client created Queue altogether
modify-topic - Consume messages or modify the topic/selector of the Queue
no-access - Disallows all access
read-only - Read-only access to the messages in the Queue


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<limit> [0..4294967295] - Maximum number of messages


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable the return of negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the flow of messages to/from a queue.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
egress - Egress messages from the spool
full - All messages to and from the spool
ingress - Ingress messages to the spool


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription

COMMAND:
[create | no] subscription <topic>
DESCRIPTION:
Create, delete, or enter configuration mode for a subscription for the MQTT Session. MQTT topic syntax is expected. On creation, the subscription defaults to QoS 0.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<topic> [1..250 chars] - The MQTT subscription topic


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription-list

COMMAND:
subscription-list qos <qos-value> [<topic-list>]
DESCRIPTION:
Create or delete multiple subscriptions for the MQTT Session. MQTT topic syntax is expected. The QoS value is either 0 (deliver at most once) or 1 (deliver at least once). When creating subscriptions (with +), the QoS of an existing subscription with the same topic will be changed to the new QoS value. When deleting subscriptions (with -), the QoS of each existing subscription must match for it to be removed.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<qos-value> [0..1] - Quality of service for the subscriptions
<topic-list> [2..251 chars starting with + or -] - List of +/- MQTT topics, space separated. Maximum of 32 topics.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription <topic> qos

COMMAND:
qos <qos-value>

no qos

DESCRIPTION:
The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<qos-value> [0..1] - Quality of service for the subscription


enable configure message-vpn <vpn-name> mqtt retain

COMMAND:
retain [cache... | max-memory...]
DESCRIPTION:
Configure the MQTT Retain feature for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[create|no] cache - Create, modify, or remove the MQTT Retain Cache for this Message VPN. A retain cache must be disabled before it can be removed. All retained messages are lost when it is removed and all in-flight and subsequent retain requests will be ignored.
[no] max-memory - The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded.

A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational.


enable configure message-vpn <vpn-name> mqtt retain cache

COMMAND:
[create | no] cache <cache-name>
DESCRIPTION:
Create, modify, or remove the MQTT Retain Cache for this Message VPN. A retain cache must be disabled before it can be removed. All retained messages are lost when it is removed and all in-flight and subsequent retain requests will be ignored.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<cache-name> [1..64 chars] - The name of the MQTT Retain Cache.


enable configure message-vpn <vpn-name> mqtt retain cache <cache-name> message-lifetime

COMMAND:
message-lifetime <seconds>

no message-lifetime

DESCRIPTION:
The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<seconds> [0..4294967294] - Lifetime of a message in seconds.


enable configure message-vpn <vpn-name> mqtt retain cache <cache-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this MQTT Retain Cache. When the cache is disabled, neither retain messages nor retain requests will be delivered by the cache. However, live retain messages will continue to be delivered to currently connected MQTT clients.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> mqtt retain max-memory

COMMAND:
max-memory <megabytes>

no max-memory

DESCRIPTION:
The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded.

A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational.

The no version of the command returns its value to the default (-1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<megabytes> [-1..2147483647] - The number of megabytes, where 1 MB = 1024 x 1024 bytes.


enable configure message-vpn <vpn-name> replication

COMMAND:
replication [ack-propagation | bridge | queue | reject-msg-when-sync-ineligible | replicated-topic... | shutdown | state... | transaction-replication-mode...]
DESCRIPTION:
Enter Message VPN replication configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
ack-propagation - Enter replication ack-propagation configuration mode for this Message VPN.
bridge - Enter replication bridge configuration mode for this Message VPN.
queue - Enter replication queue configuration mode for this Message VPN.
[no] reject-msg-when-sync-ineligible - Enable or disable sync mode ineligible behavior. If enabled and sync replication becomes ineligible, guaranteed messages published to sync replicated topics will be rejected to the sender. If disabled, sync replication will revert to async mode.
[create|no] replicated-topic - Creates/deletes the replicated-topic for this Message VPN.
[no] shutdown - Enable or disable the replication feature for the Message VPN.
state - The replication state for this Message VPN.
[no] transaction-replication-mode - The transaction replication mode for all transactions within a Message VPN. When mode is async, all transactions originated by clients are replicated to the standby site using async-replication. When mode is sync, all transactions originated by clients are replicated to the standby site using sync-replication.

Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.


enable configure message-vpn <vpn-name> replication ack-propagation

COMMAND:
ack-propagation [interval]
DESCRIPTION:
Enter replication ack-propagation configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
interval - Enter ack-propagation interval configuration mode for this Message VPN.


enable configure message-vpn <vpn-name> replication ack-propagation interval

COMMAND:
interval [messages...]
DESCRIPTION:
Enter ack-propagation interval configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] messages - The ack-propagation interval, in number of replicated messages.


enable configure message-vpn <vpn-name> replication ack-propagation interval messages

COMMAND:
messages <num-messages>

no messages

DESCRIPTION:
The ack-propagation interval, in number of replicated messages.

The no version of the command returns its value to the default (20).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<num-messages> [1..65535] - Number of messages


enable configure message-vpn <vpn-name> replication bridge

COMMAND:
bridge [authentication | compressed-data | message-spool | retry-delay... | ssl | unidirectional]
DESCRIPTION:
Enter replication bridge configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
authentication - Enter authentication configuration mode for the replication bridge.
[no] compressed-data - Enable or disable use of compression for the bridge.
message-spool - Enter replication bridge message-spool configuration mode for this Message VPN.
[no] retry-delay - Number of seconds that must pass before retrying a connection.
[no] ssl - Enable or disable use of SSL for the bridge connection.
unidirectional - Configure the unidirectional parameters used when the bridge connects.


enable configure message-vpn <vpn-name> replication bridge authentication

COMMAND:
authentication [auth-scheme... | basic | client-certificate]
DESCRIPTION:
Enter authentication configuration mode for the replication bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
auth-scheme - The authentication scheme for the replication bridge.
basic - Enter basic authentication configuration mode for the replication bridge
client-certificate - Enter client-certificate authentication configuration mode for the replication bridge.


enable configure message-vpn <vpn-name> replication bridge authentication auth-scheme

COMMAND:
auth-scheme {basic | client-certificate}
DESCRIPTION:
The authentication scheme for the replication bridge.

The no version of the command returns its value to the default (basic).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
basic - Basic Authentication Scheme (via username and password).
client-certificate - Client Certificate Authentication Scheme (via certificate file or content).


enable configure message-vpn <vpn-name> replication bridge authentication basic

COMMAND:
basic [client-username...]
DESCRIPTION:
Enter basic authentication configuration mode for the replication bridge

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] client-username - The client username the replication bridge uses to login to the Remote Message VPN on the replication mate.


enable configure message-vpn <vpn-name> replication bridge authentication basic client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The client username the replication bridge uses to login to the Remote Message VPN on the replication mate.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> - The password associated with the client-username used for authentication on the remote-router.


enable configure message-vpn <vpn-name> replication bridge authentication client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter client-certificate authentication configuration mode for the replication bridge.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] certificate-file - The client certificate used by this bridge to login to the Remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.


enable configure message-vpn <vpn-name> replication bridge authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> {[file-contents <file-contents> ]}

no certificate-file

DESCRIPTION:
The client certificate used by this bridge to login to the Remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<file-contents> [string] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure message-vpn <vpn-name> replication bridge compressed-data

COMMAND:
[no] compressed-data
DESCRIPTION:
Enable or disable use of compression for the bridge.

The default value is no compressed-data.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> replication bridge message-spool

COMMAND:
message-spool [window-size...]
DESCRIPTION:
Enter replication bridge message-spool configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] window-size - The window size of outstanding guaranteed messages.


enable configure message-vpn <vpn-name> replication bridge message-spool window-size

COMMAND:
window-size <number>

no window-size

DESCRIPTION:
The window size of outstanding guaranteed messages.

The no version of the command returns its value to the default (255).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<number> [0..65535] - The transport window size for guaranteed messaging in messages.


enable configure message-vpn <vpn-name> replication bridge retry-delay

COMMAND:
retry-delay <seconds>

no retry-delay

DESCRIPTION:
Number of seconds that must pass before retrying a connection.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<seconds> [0..255] - Number of seconds


enable configure message-vpn <vpn-name> replication bridge ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable or disable use of SSL for the bridge connection.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> replication bridge unidirectional

COMMAND:
unidirectional [client-profile...]
DESCRIPTION:
Configure the unidirectional parameters used when the bridge connects.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
[no] client-profile - The client-profile for the unidirectional replication bridge for the Message VPN. The client-profile must exist in the local Message VPN, and it is used only for the TCP parameters.


enable configure message-vpn <vpn-name> replication bridge unidirectional client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The client-profile for the unidirectional replication bridge for the Message VPN. The client-profile must exist in the local Message VPN, and it is used only for the TCP parameters.

The no version of the command returns its value to the default (#client-profile).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.


enable configure message-vpn <vpn-name> replication queue

COMMAND:
queue [max-spool-usage... | reject-msg-to-sender-on-discard]
DESCRIPTION:
Enter replication queue configuration mode for this Message VPN.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] max-spool-usage - The max spool usage of the replication queue.
[no] reject-msg-to-sender-on-discard - The message discard behavior.


enable configure message-vpn <vpn-name> replication queue max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The max spool usage of the replication queue.

The no version of the command returns its value to the default (60000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
<size> [1..2000000] - Message spool usage in MB.


enable configure message-vpn <vpn-name> replication queue reject-msg-to-sender-on-discard

COMMAND:
[no] reject-msg-to-sender-on-discard
DESCRIPTION:
The message discard behavior.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> replication reject-msg-when-sync-ineligible

COMMAND:
[no] reject-msg-when-sync-ineligible
DESCRIPTION:
Enable or disable sync mode ineligible behavior. If enabled and sync replication becomes ineligible, guaranteed messages published to sync replicated topics will be rejected to the sender. If disabled, sync replication will revert to async mode.

The default value is no reject-msg-when-sync-ineligible.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> replication replicated-topic

COMMAND:
[create | no] replicated-topic <topic>
DESCRIPTION:
Creates/deletes the replicated-topic for this Message VPN.

The no version of the command returns its value to the default (no replicated-topic configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<topic> [1..250 chars] - Topic for applying replication. Published messages matching this topic will be replicated to the standby site.


enable configure message-vpn <vpn-name> replication replicated-topic <topic> replication-mode

COMMAND:
replication-mode {sync | async}

no replication-mode

DESCRIPTION:
Choose the replication-mode for the Replicated Topic.

The no version of the command returns its value to the default (async).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
async - Asynchronous replication-mode. Published messages are acknowledged when they are spooled locally.
sync - Synchronous replication-mode. Published messages are acknowledged when they are spooled on the standby site.


enable configure message-vpn <vpn-name> replication shutdown

COMMAND:
shutdown

no shutdown [fail-on-existing-queue | force-use-existing-queue | force-recreate-queue]

DESCRIPTION:
Enable or disable the replication feature for the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
fail-on-existing-queue - The data replication queue must not already exist (default).
force-recreate-queue - Any data messages on the pre-existing data replication queue will be discarded. IMPORTANT: Before using this option be certain that the messages on the pre-existing data replication queue are not needed by interested applications.
force-use-existing-queue - Any data messages on the pre-existing data replication queue will be forwarded to interested applications. IMPORTANT: Before using this option be certain that the messages are not stale or otherwise unsuitable to be forwarded. This option can only be specified when the pre-existing queue is configured the same as is currently specified under replication configuration otherwise the "no shutdown" command will continue to fail.


enable configure message-vpn <vpn-name> replication state

COMMAND:
state {active | standby}
DESCRIPTION:
The replication state for this Message VPN.

The no version of the command returns its value to the default (standby).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/readwrite
PARAMETERS:
active - Configure the VPN replication state to be active
standby - Configure the VPN replication state to be standby


enable configure message-vpn <vpn-name> replication transaction-replication-mode

COMMAND:
transaction-replication-mode {sync | async}

no transaction-replication-mode

DESCRIPTION:
The transaction replication mode for all transactions within a Message VPN. When mode is async, all transactions originated by clients are replicated to the standby site using async-replication. When mode is sync, all transactions originated by clients are replicated to the standby site using sync-replication.

Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.

The no version of the command returns its value to the default (async).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
async - Asynchronous replication-mode. Published messages are acknowledged when they are spooled locally.
sync - Synchronous replication-mode. Published messages are acknowledged when they are spooled on the standby site.


enable configure message-vpn <vpn-name> rest

COMMAND:
rest [rest-delivery-point... | ssl]
DESCRIPTION:
Enter Message VPN REST configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[create|no] rest-delivery-point - Create, delete or enter configuration mode for a named REST Delivery Point. A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.
ssl - Enter Message VPN REST configuration mode for SSL outgoing connections.


enable configure message-vpn <vpn-name> rest rest-delivery-point

COMMAND:
[create | no] rest-delivery-point <name>
DESCRIPTION:
Create, delete or enter configuration mode for a named REST Delivery Point. A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..100 chars] - The name of the REST Delivery Point.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP.

The no version of the command returns its value to the default (default).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding

COMMAND:
[create | no] queue-binding <queue-name>
DESCRIPTION:
The queue binding for the REST Delivery Point. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding.

When a queue is deleted from the system, its queue binding in the RDP is not deleted. The queue binding fails until the queue is recreated or the queue binding is deleted. Removing the queue binding does not delete the queue itself.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<queue-name> [1..200 chars] - The name of a queue in the Message VPN.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> gateway

COMMAND:
gateway [replace-target-authority]
DESCRIPTION:
Enter configuration applicable to this queue binding when the Message VPN is in REST gateway mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] replace-target-authority - Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> gateway replace-target-authority

COMMAND:
[no] replace-target-authority
DESCRIPTION:
Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode.

The default value is no replace-target-authority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
This command does not take any parameters


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> post-request-target

COMMAND:
post-request-target <post-request-target>

no post-request-target

DESCRIPTION:
The POST request-target string to use when sending requests. It identifies the target resource on the far-end REST Consumer upon which to apply the POST request. There are generally two common forms for the request-target. The origin-form is most often used in practice and contains the path and query components of the target URI. If the path component is empty then the client must generally send a "/" as the path. When making a request to a proxy, most often the absolute-form is required. This configuration is only applicable when the Message VPN is in REST messaging mode.

The no version of the command returns its value to the default (no post-request-target configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<post-request-target> [0..200 chars] - string containing a POST request target. The POST request target is used in the REST HTTP POST request that is sent to the REST Consumer.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer

COMMAND:
[create | no] rest-consumer <name>
DESCRIPTION:
Create, delete or enter configuration mode for a named REST Consumer. A REST Consumer is a specific TCP endpoint to which messages are to be delivered. This could be a process on a particular host when no HTTP load balancers are used or could be an HTTP load balancer acting as an intermediary in front of the actual consuming processes.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<name> [1..32 chars] - The name of the REST Consumer.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication

COMMAND:
authentication [auth-scheme... | client-certificate | http-basic]
DESCRIPTION:
Enter authentication configuration mode for the REST Consumer.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] auth-scheme - The authentication scheme used by the REST Consumer to login to the REST host.
client-certificate - Enter client-certificate authentication configuration mode for the REST Consumer.
http-basic - Enter basic authentication configuration mode for the REST Consumer.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication auth-scheme

COMMAND:
auth-scheme {none | http-basic | client-certificate}

no auth-scheme

DESCRIPTION:
The authentication scheme used by the REST Consumer to login to the REST host.

The no version of the command returns its value to the default (none).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
client-certificate - Login with a client TLS certificate as per RFC5246. Client certificate authentication is only available on TLS connections.
http-basic - Login with a username and optional password according to HTTP Basic authentication as per RFC2616.
none - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter client-certificate authentication configuration mode for the REST Consumer.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] certificate-file - The client-certificate that the REST Consumer will present to the REST host. The certificate file must be in the /certs directory and must be PEM formatted (have a .pem extension). If no certificate-file is associated with a REST Consumer configured to use the client-certificate auth-scheme then the server-certificate of the broker is used instead.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> {[file-contents <file-contents> ]}

no certificate-file

DESCRIPTION:
The client-certificate that the REST Consumer will present to the REST host. The certificate file must be in the /certs directory and must be PEM formatted (have a .pem extension). If no certificate-file is associated with a REST Consumer configured to use the client-certificate auth-scheme then the server-certificate of the broker is used instead.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
<file-contents> [string] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-basic

COMMAND:
http-basic [username...]
DESCRIPTION:
Enter basic authentication configuration mode for the REST Consumer.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/readwrite
PARAMETERS:
[no] username - The username that the REST Consumer will use to login to the REST host. If a password is required for authentication, it can also be provided. Normally a username is only configured when basic authentication is selected for the REST Consumer.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-basic username

COMMAND:
username <name> [password <password> ]

no username