Command Line Interface Reference (APPLIANCE)
Purpose

This guide describes each of the commands available in the Solace Router Command Line Interface (CLI). The commands are listed separately for each CLI level.

The Solace Router CLI is the interface to the software that you use whenever you access Solace Systems routers, whether from the management console or through a remote network connection. The Solace router CLI, which automatically starts after the Solace routers finish powering up, provides commands that you use to perform various tasks, including configuring, monitoring and troubleshooting the software, network connectivity, and the router hardware.

Conventions

The following conventions are used in the product documentation:

CLI Commands

CLI Command Tree

 [no] alarm-display 
  cd [<directory>]
  dir [<pattern>]
  enable 
     admin 
        bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto]
           clear-event <event-name>
           disconnect 
        certificate-authority <ca-name>
           refresh-crl 
        client <name> message-vpn <vpn-name> [primary] [backup] [static]
           clear-event <event-name>
           disconnect 
        config-sync 
           assert-master {router | message-vpn <vpn-name>}
           resync-master {router | message-vpn <vpn-name>}
           resync-slave message-vpn <vpn-name>
        cspf 
           neighbor <physical-router-name>
              clear-event <event-name>
        delete-remote-router <router-name>
        disk 
           rebuild 
           rebuild-speed {high | low}
        distributed-cache <name> message-vpn <vpn-name>
           backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
           clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
           delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
           restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
           start [cache-cluster <cluster-name>] [cache-instance <instance-name>]
        gather-diagnostics [days-of-history <days-of-history>]
        interface <phy-interface>
           switch-active 
        message-spool message-vpn <vpn-name>
           commit-transaction xid <xid>
           delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to 
                          <to-msg-id>]]
           delete-transacted-session <name>
           delete-transaction xid <xid>
           queue <name>
              cancel-replay [force-complete]
              start-replay [replay-log <replay-log>] [from-date <from-date>]
           replay-log <name>
              trim-logged-messages older-than-date <older-than-date>
           rollback-transaction xid <xid>
           sequenced-topic <topic> next-sequence-number <seq-num>
           topic-endpoint <name>
              cancel-replay [force-complete]
              start-replay [replay-log <replay-log>] [from-date <from-date>]
       [no] product-key <key-value>
        redundancy 
           revert-activity 
        system 
           message-spool 
              assert-disk-ownership 
              backup-adb-to-disk 
              defragment-spool-files {start | stop}
              next-message-id <message-id>
              override-flash-failure 
              reset [full]
     backup 
     boot {<version> [default-config] | backout}
     clear 
        bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] stats
        cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                      [message-vpn <vpn-name>] stats
        certificate-authority stats
        client <name> [message-vpn <vpn-name>] [primary] [backup] [static] stats
        client-username <name> [message-vpn <vpn-name>] stats
        compression stats
        cspf 
           neighbor <physical-router-name> stats
           stats 
        ldap-profile <profile-name> stats
        log 
           acl [client-connect | publish-topic | subscribe-topic]
           login diag
           no-subscription-match 
           rest rest-delivery-point errors
        message-spool 
           stats 
        message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest 
                   {{rest-delivery-point <rdp-name>} | {rest-consumer 
                   <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2]}} stats*2} 
                   | {mqtt {mqtt-session <client-id-pattern>} stats*3} | oauth provider 
                   <provider> stats*4}
        queue <name> [message-vpn <vpn-name>] stats
        radius-profile <profile-name> stats
        replication stats
        smrp stats [router-name [<router-name>]]
        snmp 
           stats 
        stats 
           client 
           neighbor 
           ssl 
        topic-endpoint <name> [message-vpn <vpn-name>] stats
     configure 
       [create|no] acl-profile <name> message-vpn <vpn-name>
           client-connect 
              default-action {allow | disallow}
             [no] exception <cidr-addr>
           publish-topic 
              default-action {allow | disallow}
             [no] exceptions [smf | mqtt] list <exception-list>
           subscribe-topic 
              default-action {allow | disallow}
             [no] exceptions [smf | mqtt] list <exception-list>
        authentication 
           access-level 
              default 
                 global-access-level <access-level>
                 message-vpn 
                   [create|no] access-level-exception <vpn-name>
                       access-level <access-level>
                    default-access-level <access-level>
              ldap 
                [create|no] group <group-name>
                [no] group-membership-attribute-name <attribute-name>
                 group global-access-level <access-level>
                 group message-vpn 
                [create|no] group message-vpn access-level-exception <vpn-name>
                 group message-vpn access-level-exception access-level <access-level>
                 group message-vpn default-access-level <access-level>
          [no] allow-direct-shell-login [<shell-login-name>]
           auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}
          [create|no] certificate-authority <ca-name>
             [no] certificate {file <ca-certificate> | content <raw-data>}
              revocation-check 
                 crl 
                   [no] refresh-schedule [days <days-of-week> ] times <times-of-day>
                   [no] url <url>
                 ocsp 
                   [no] allow-non-responder-certificate 
                   [no] override-url <ocsp-override-url>
                   [no] responder-common-name {empty | name <common-name>}
                   [no] timeout <seconds>
                [no] shutdown 
           client-certificate-revocation-checking <mode>
           kerberos 
              keytab 
                 add-key <keytab-filename> [index <index>]
                 delete-keytab-entry <index>
          [create|no] ldap-profile <profile-name>
              admin dn <admin-dn> [password <admin-password> ]
             [no] allow-unauthenticated-authentication 
              group-membership-secondary-search 
                 base-dn <distinguished-name>
                 deref {never | search | base | always}
                 filter <filter>
                 filter-attribute-from-primary-search <attribute-name>
                [no] follow-continuation-references 
                 scope {base | one-level | subtree}
                [no] shutdown 
                 timeout <duration>
             [no] ldap-server <ldap-host> index <server-index>
              search 
                 base-dn <distinguished-name>
                 deref {never | search | base | always}
                 filter <filter>
                [no] follow-continuation-references 
                 scope {base | one-level | subtree}
                 timeout <duration>
             [no] shutdown 
             [no] tls 
          [no] radius-domain <radius-domain>
          [create|no] radius-profile <profile-name>
             [no] radius-server <ip-port> index <server-index> [key <shared-secret-key> ]
              retransmit <attempts>
             [no] shutdown 
              timeout <duration>
          [no] replace-duplicate-client-connections 
       [create|no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto]
          [no] max-ttl <ttl-value>
           remote 
              authentication 
                 auth-scheme {basic | client-certificate}
                 basic 
                   [no] client-username <name> [password <password> ]
                 client-certificate 
                   [no] certificate-file <filename> [file-contents <file-contents> ]
              deliver-to-one 
                [no] priority <dto-priority>
             [create|no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface 
                                    <phys-intf>]}
                [no] client-username <name> [password <password> ]
                [no] compressed-data 
                [no] connect-order <number>
                 message-spool 
                   [no] queue <name>
                   [no] window-size <number>
                [no] shutdown 
                [no] ssl 
                 unidirectional 
                   [no] client-profile <name>
              retry 
                [no] count <count>
                [no] delay <seconds>
             [no] subscription-topic <topic> [deliver-always]
          [no] shutdown 
           ssl 
             [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] trusted-common-name {empty | name <common-name>}
       [create|no] client-profile <name> message-vpn <vpn-name>
          [no] allow-bridge-connections 
          [no] allow-shared-subscriptions 
           compression 
             [no] shutdown 
           eliding 
             [no] delay <milliseconds>
             [no] max-topics <num>
             [no] shutdown 
           event 
              client-provisioned-endpoint-spool-usage 
                [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
              connections-per-client-username 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              egress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              endpoints-per-client-username 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              ingress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              service 
                 smf 
                    connections-per-client-username 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 web-transport 
                    connections-per-client-username 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              subscriptions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transacted-sessions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transactions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
          [no] max-connections-per-client-username <value>
          [no] max-subscriptions <value>
           message-spool 
             [no] allow-cut-through-forwarding 
             [no] allow-guaranteed-endpoint-create 
             [no] allow-guaranteed-message-receive 
             [no] allow-guaranteed-message-send 
             [no] allow-transacted-sessions 
              api-queue-management 
                [no] copy-from-on-create <queue-name>
              api-topic-endpoint-management 
                [no] copy-from-on-create <topic-endpoint-name>
             [no] max-egress-flows <value>
             [no] max-endpoints-per-client-username <value>
             [no] max-ingress-flows <value>
             [no] max-transacted-sessions <value>
             [no] max-transactions <value>
             [no] reject-msg-to-sender-on-no-subscription-match 
           queue <type>
             [no] max-depth <depth>
             [no] min-msg-burst <depth>
           replication 
             [no] allow-clients-when-standby 
           service 
              smf 
                [no] max-connections-per-client-username <value>
              web-transport 
                [no] inactive-timeout <seconds>
                [no] max-connections-per-client-username <value>
                [no] max-web-payload <bytes>
           ssl 
             [no] allow-downgrade-to-plain-text 
           tcp 
             [no] initial-cwnd <num-mss>
              keepalive 
                [no] count <num>
                [no] idle <seconds>
                [no] interval <seconds>
             [no] max-wnd <num-kilo-bytes>
             [no] mss <byte-count>
       [create|no] client-username <username> message-vpn <vpn-name>
          [no] acl-profile <name>
          [no] client-profile <name>
          [no] guaranteed-endpoint-permission-override 
          [no] password <password>
          [no] shutdown 
          [no] subscription-manager 
        clock 
           set <time> <day> <month> <year>
           synchronization 
             [no] ntp-server <ip-addr>
             [no] protocol {ntp | ptp}
             [no] shutdown 
           timezone <zone>
        compression 
           mode {optimize-for-size | optimize-for-speed}
        config-sync 
           authentication 
              client-certificate 
                [no] max-certificate-chain-depth <max-depth>
                [no] validate-certificate-date 
           client-profile 
              tcp 
                [no] initial-cwnd <num-mss>
                 keepalive 
                   [no] count <num>
                   [no] idle <seconds>
                   [no] interval <seconds>
                [no] max-wnd <num-kilo-bytes>
                [no] mss <byte-count>
          [no] shutdown 
          [no] ssl 
           synchronize 
             [no] username 
        console 
           baud-rate <baud-rate>
          [no] login-banner {text <banner-text> | file <file-name> | default}
           timeout <idle-timeout>
       [create|no] distributed-cache <name> message-vpn <vpn-name>
          [create|no] cache-cluster <name>
             [create|no] cache-instance <name>
                [no] auto-start 
                [no] shutdown 
                [no] stop-on-lost-message 
             [no] deliver-to-one-override 
              event 
                 data-byte-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 data-message-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 max-memory 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 max-topics 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 request-queue-depth 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 request-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 response-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              global-caching 
                [no] heartbeat <seconds>
                [create|no] home-cache-cluster <name>
                   [no] topic-prefix <topic-prefix>
                [no] shutdown 
                [no] topic-lifetime <seconds>
             [no] max-memory <megabytes>
             [no] max-messages-per-topic <num-messages>
             [no] max-topics <num-topics>
             [no] message-lifetime <seconds>
             [no] new-topic-advertisement 
             [no] request-queue-depth <num-messages>
             [no] shutdown 
             [no] topic <topic-str>
          [no] heartbeat <seconds>
          [no] scheduled-delete-message [days <days-of-week> ] times <times-of-day>
          [no] shutdown 
        dns 
          [no] name-server <ip-addr>
          [no] polled-domain-name <domain-name>
        hardware 
           disk <disk-name> [no-shutdown] [shutdown]
           message-spool 
             [no] disk-array wwn <wwn>
              event 
                 cache-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 delivered-unacked 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 disk-usage 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 egress-flows 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 endpoints 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 ingress-flows 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 message-count 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 spool-files 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 transacted-session-resources 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 transacted-sessions 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 transactions 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] internal-disk 
             [no] max-cache-usage <percent-usage>
             [no] max-spool-usage <size>
             [no] shutdown 
              transaction 
                [no] replication-compatibility-mode {legacy | transacted}
           power-redundancy <type>
           topic-routing 
             [no] acl-topic-matching-mode {legacy | enforce-for-queues}
       [no] hostname <name> [defer]
       [create|no] interface <phy-interface> [<mode>]
           lacp 
              rate {fast | slow}
          [no] member <phy-interface>
          [no] primary-member <phy-interface>
          [no] shutdown 
           traffic-shaping 
              egress 
                [no] rate-limit <mbps>
                [no] shutdown 
        ip 
           vrf <name>
             [create|no] interface <ip-interface> [primary | backup | static]
                [no] ip-address <cidr-addr>
                 kerberos 
                   [no] service-principal-name <name>
                [no] shutdown 
             [no] route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]
        jndi message-vpn <vpn-name>
          [create|no] connection-factory <name>
              property-list <name>
                [no] property <name> <value>
          [create|no] queue <name>
             [no] property <name> <value>
          [no] shutdown 
          [create|no] topic <name>
             [no] property <name> <value>
        logging 
          [no] command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds}
          [no] debug {<subsystem-id> | all} [level <level>] [mask <mask>]
           event 
             [no] publish-system 
             [no] system-tag <tag-string>
          [no] millisecond-timestamp 
       [no] management-message-vpn <vpn-name>
        memory-event 
           nab-buffer-load-factor 
             [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
           physical-memory 
             [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
           subscriptions-memory 
             [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
        message-spool message-vpn <vpn-name>
           event 
              egress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              endpoints 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              ingress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              spool-usage 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transacted-sessions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transactions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
          [no] max-egress-flows <value>
          [no] max-endpoints <value>
          [no] max-ingress-flows <value>
          [no] max-spool-usage <size>
          [no] max-transacted-sessions <value>
          [no] max-transactions <value>
          [create|no] queue <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] owner <owner>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
             [no] shutdown [ingress | egress | full]
             [no] subscription topic <topic>
          [create|no] replay-log <name>
             [no] max-spool-usage <size>
             [no] shutdown [ingress | egress | full]
          [no] sequenced-topic <topic>
          [create|no] topic-endpoint <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] owner <owner>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
             [no] shutdown [ingress | egress | full]
       [create|no] message-vpn <vpn-name>
           authentication 
              basic 
                 auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none }
                [no] radius-domain <radius-domain>
                [no] shutdown 
              client-certificate 
                [no] allow-api-provided-username 
                [no] max-certificate-chain-depth <max-depth>
                [no] revocation-check-mode <permission>
                [no] shutdown 
                [no] username-source <source>
                [no] validate-certificate-date 
              kerberos 
                [no] allow-api-provided-username 
                [no] shutdown 
              oauth 
                [no] default-provider <provider>
                [create|no] provider <provider>
                    audience 
                       claim 
                         [no] name <name>
                         [no] source {access-token | id-token | introspection}
                         [no] value <value>
                      [no] shutdown 
                    authorization-group 
                       claim 
                         [no] name <name>
                         [no] source {access-token | id-token | introspection}
                      [no] shutdown 
                   [no] disconnect-on-token-expiration 
                    jwks 
                      [no] refresh-interval <refresh-interval>
                      [no] uri <uri>
                   [no] shutdown 
                    token 
                      [no] ignore-time-limits 
                       introspection 
                         [no] parameter-name <parameter-name>
                         [no] password <password>
                         [no] timeout <timeout>
                         [no] uri <uri>
                         [no] username <username>
                    username 
                       claim 
                         [no] name <name>
                         [no] source {access-token | id-token | introspection}
                      [no] validate 
                [no] shutdown 
           authorization 
             [create|no] authorization-group <name>
                [no] acl-profile <name>
                [no] client-profile <name>
                 order {before | after} <authorization-group-name>
                [no] shutdown 
              authorization-type {ldap <ldap-profile> | internal }
              ldap 
                [no] group-membership-attribute-name <attribute-name>
                [no] trim-client-username-domain 
           bridging 
              ssl 
                 server-certificate-validation 
                   [no] enforce-trusted-common-name 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
          [no] distributed-cache-management 
           dns 
             [no] prefer-ip-version {ipv4 | ipv6}
           dynamic-message-routing 
             [create|no] dmr-bridge <remote-node-name>
                 remote 
                   [no] message-vpn <vpn-name>
             [no] shutdown 
           event 
              connections 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              egress-message-rate 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              ingress-message-rate 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
             [no] large-message-threshold <size>
             [no] log-tag <tag-string>
             [no] publish-client 
             [no] publish-message-vpn 
             [no] publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}]
             [no] publish-topic-format [smf] [mqtt]
              service 
                 amqp 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 mqtt 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 rest 
                    incoming 
                       connections 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                 smf 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 web-transport 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              subscriptions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
           export-policy 
             [no] export-subscriptions 
          [no] max-connections <value>
          [no] max-subscriptions <value>
           mqtt 
             [create|no] mqtt-session <client-id> [primary | backup]
                [no] owner <owner>
                [create|no] queue 
                   [no] access-type {exclusive | non-exclusive}
                   [no] consumer-ack-propagation 
                   [no] dead-message-queue <dmq-name>
                    event 
                       bind-count 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                       reject-low-priority-msg-limit 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                       spool-usage 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                   [no] max-bind-count <value>
                   [no] max-delivered-unacked-msgs-per-flow <max>
                   [no] max-message-size <size>
                   [no] max-redelivery <value>
                   [no] max-spool-usage <size>
                   [no] max-ttl <ttl>
                   [no] owner <owner>
                   [no] permission all {no-access | read-only | consume | modify-topic | delete}
                   [no] reject-low-priority-msg 
                   [no] reject-low-priority-msg-limit <limit>
                   [no] reject-msg-to-sender-on-discard [including-when-shutdown]
                   [no] respect-ttl 
                   [no] shutdown [ingress | egress | full]
                [no] shutdown 
                [create|no] subscription <topic>
                 subscription-list qos <qos-value> [<topic-list>]
                [no] subscription qos <qos-value>
              retain 
                [create|no] cache <cache-name>
                   [no] message-lifetime <seconds>
                   [no] shutdown 
                [no] max-memory <megabytes>
           replication 
              ack-propagation 
                 interval 
                   [no] messages <num-messages>
              bridge 
                 authentication 
                    auth-scheme {basic | client-certificate}
                    basic 
                      [no] client-username <name> [password <password> ]
                    client-certificate 
                      [no] certificate-file <filename> [file-contents <file-contents> ]
                [no] compressed-data 
                 message-spool 
                   [no] window-size <number>
                [no] retry-delay <seconds>
                [no] ssl 
                 unidirectional 
                   [no] client-profile <name>
              queue 
                [no] max-spool-usage <size>
                [no] reject-msg-to-sender-on-discard 
             [no] reject-msg-when-sync-ineligible 
             [create|no] replicated-topic <topic>
                [no] replication-mode {sync | async}
             [no] shutdown 
              state {active | standby}
             [no] transaction-replication-mode {sync | async}
           rest 
             [create|no] rest-delivery-point <name>
                [no] client-profile <name>
                [create|no] queue-binding <queue-name>
                    gateway 
                      [no] replace-target-authority 
                   [no] post-request-target <post-request-target>
                [create|no] rest-consumer <name>
                    authentication 
                      [no] auth-scheme {none | http-basic | client-certificate}
                       client-certificate 
                         [no] certificate-file <filename> [file-contents <file-contents> ]
                       http-basic 
                         [no] username <name> [password <password> ]
                    local 
                      [no] interface <phys-intf>
                    remote 
                      [no] host <dest-ip-addr-or-host>
                      [no] max-post-wait-time <seconds>
                      [no] outgoing-connection-count <count>
                      [no] port <port>
                       retry 
                         [no] delay <seconds>
                      [no] ssl 
                   [no] shutdown 
                    ssl 
                      [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
                      [no] trusted-common-name {empty | name <common-name>}
                [no] shutdown 
              ssl 
                 server-certificate-validation 
                   [no] enforce-trusted-common-name 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
           semp-over-msgbus 
              admin-cmds 
                 client-cmds 
                   [no] shutdown 
                 distributed-cache-cmds 
                   [no] shutdown 
                [no] shutdown 
              legacy-show-clear-cmds 
                [no] shutdown 
              show-cmds 
                [no] shutdown 
             [no] shutdown 
           service 
              amqp 
                [no] listen-port <port> [ssl]
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
              mqtt 
                [no] listen-port <port> [ssl] [web]
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
                 websocket 
                 websocket-secure 
                   [no] shutdown 
                [no] websocket shutdown 
              rest 
                 incoming 
                   [no] listen-port <port> [ssl]
                   [no] max-connections <value>
                    plain-text 
                      [no] shutdown 
                    ssl 
                      [no] shutdown 
                [no] mode {gateway | messaging}
                 outgoing 
                   [no] max-connections <value>
              smf 
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
              web-transport 
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
          [no] shutdown 
           ssl 
             [no] allow-downgrade-to-plain-text 
        mqtt 
           retain 
             [no] max-memory <megabytes>
        redundancy 
          [no] active-standby-role {primary | backup | none }
           authentication 
              pre-shared-key 
                [no] key <pre-shared-key>
          [no] auto-revert 
          [no] mate-router-name <name>
          [no] release-activity 
          [no] shutdown 
          [no] vrrp-vrid <vrid> {primary | backup}
        replication 
           config-sync 
              bridge 
                 authentication 
                    auth-scheme {basic | client-certificate}
                [no] compressed-data 
                 message-spool 
                   [no] window-size <number>
                [no] retry-delay <seconds>
                [no] shutdown 
                [no] ssl 
                 ssl-server-certificate-validation 
                   [no] enforce-trusted-common-name 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
          [no] interface <phys-intf>
           mate 
             [no] connect-port <port> [compressed] [ssl]
             [no] virtual-router-name <virtual-router-name> connect-via <addr>
           ssl 
             [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] trusted-common-name {empty | name <common-name>}
       [no] router-name <name> [defer]
        routing 
           dynamic-message-routing 
             [create|no] cluster <cluster-name>
                 authentication 
                    basic 
                      [no] auth-type {internal | none}
                      [no] password <password>
                      [no] shutdown 
                    client-certificate 
                      [no] certificate-file <filename> [file-contents <file-contents> ]
                      [no] shutdown 
                [create|no] link <remote-node-name>
                    authentication 
                      [no] auth-scheme {basic | client-certificate}
                       basic 
                         [no] password <password>
                    client-profile 
                       queue <type>
                         [no] max-depth <depth>
                         [no] min-msg-burst <depth>
                       tcp 
                         [no] initial-cwnd <num-mss>
                          keepalive 
                            [no] count <num>
                            [no] idle <seconds>
                            [no] interval <seconds>
                         [no] max-wnd <num-kilo-bytes>
                         [no] mss <byte-count>
                   [no] connect-via <addr-port>
                   [no] initiator {lexical | local | remote}
                    message-spool 
                      [no] window-size <number>
                    queue 
                      [no] dead-message-queue <dmq-name>
                       event 
                          spool-usage 
                            [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                           <set-percentage>] [clear-percentage 
                                           <clear-percentage>]}
                      [no] max-delivered-unacked-msgs-per-flow <max>
                      [no] max-redelivery <value>
                      [no] max-spool-usage <size>
                      [no] max-ttl <ttl>
                      [no] reject-msg-to-sender-on-discard [including-when-shutdown]
                      [no] respect-ttl 
                   [no] shutdown 
                   [no] span {internal | external}
                    ssl 
                      [no] trusted-common-name {empty | name <common-name>}
                    transport 
                      [no] compressed 
                      [no] ssl 
                [no] shutdown 
                 ssl 
                    server-certificate-validation 
                      [no] enforce-trusted-common-name 
                      [no] max-certificate-chain-depth <max-depth>
                      [no] validate-certificate-date 
          [no] interface <phy-interface>
          [no] mode {dynamic-message-routing | multi-node-routing} [defer]
           multi-node-routing 
              cspf 
                [create|no] neighbor <physical-router-name>
                   [no] compressed-data 
                   [no] connect-via <ip-port>
                   [no] control-port <port>
                   [no] link-cost <cost>
                   [no] shutdown 
                    ssl 
                   [no] ssl-data 
                   [no] ssl cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
                   [no] ssl trusted-common-name {empty | name <common-name>}
                    tcp 
                      [no] initial-cwnd <num-mss>
                       keepalive 
                         [no] count <num>
                         [no] idle <seconds>
                         [no] interval <seconds>
                      [no] max-wnd <num-kilo-bytes>
                      [no] mss <byte-count>
                 queue 
                   [no] max-depth <depth>
                   [no] min-msg-burst <depth>
                 ssl 
                    certificate-validation 
                      [no] enforce-trusted-common-name 
                      [no] max-certificate-chain-depth <max-depth>
                      [no] validate-certificate-date 
                    client-certificate 
                      [no] certificate-file <filename> [file-contents <file-contents> ]
             [no] shutdown 
        schedule 
          [no] backup [days <days-of-week>] times <times-of-day> [max-backups <max-backups>]
        service 
           amqp 
             [no] shutdown 
           event 
              connections 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
           health-check 
             [no] listen-port <port>
             [no] shutdown 
           mqtt 
             [no] shutdown 
           msg-backbone 
             [no] shutdown 
           rest 
              event 
                 outgoing 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              incoming 
                [no] shutdown 
              outgoing 
                [no] shutdown 
           semp 
             [no] listen-port <port> [ssl]
             [no] shutdown [ssl] [plain-text]
           smf 
              event 
                 connections 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] listen-port <port> [[compressed] [routing-control] | ssl]
             [no] shutdown 
           ssl 
              event 
                 connections 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
           web-transport 
             [no] listen-port <port> [ssl]
             [no] shutdown 
             [no] web-url-suffix <suffix>
       [no] snmp-server 
          [no] community <name> group <group>
          [no] contact <name>
          [no] group <name> {v2c | v3 {auth | noauth | priv}}
          [no] host <ip-addr> traps [{v2c | v3 {{auth | noauth | priv} user <name>}}] [port <port>] 
                   [community <community-name>]
          [no] location <name>
          [no] shutdown 
          [no] trap 
              connections 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              disk-utilization [disk <disk-name>]
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              egress-msg-rate 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              fan-speed 
                [no] shutdown 
              ingress-msg-rate 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              power-status 
                [no] shutdown 
             [no] shutdown 
              subscriptions 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              temperature 
                [no] shutdown 
              voltage 
                [no] shutdown 
          [no] user <name> group <group> {password <password> }
        ssl 
          [no] allow-tls-version-1.0 
          [no] allow-tls-version-1.1 
           cipher-suite 
             [no] management {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] msg-backbone {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] ssh {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
          [no] crime-exploit-protection 
          [no] server-certificate <filename> [file-contents <file-contents> ]
          [no] tls-session-timeout <seconds>
       [create|no] syslog <name>
          [no] facility {command | event | system }
          [no] host <hostname-or-address> [transport {tcp | udp}]
        system 
           topic-routing 
             [no] acl-topic-matching-mode {legacy | enforce-for-queues}
             [no] subscription-exceptions [defer]
       [create|no] username <name>
          [no] change-password <password>
           global-access-level <access-level>
           message-vpn 
             [create|no] access-level-exception <vpn-name>
                 access-level <access-level>
              default-access-level <access-level>
           rename <name>
     copy <source> <destination>
     delete <file>
     delete-load <version>
     disable 
     disconnect sessionid <session-id>
     power-down 
     reload [default-config | config <config-file>]
     rename <old> <new>
     setup 
     shell <reason>
  end 
  exit 
  help 
  home 
  logout 
  more <pattern>
 [no] paging [size <size>]
  ping <vrf-ip-addr-or-host> [ip-interface <ip-interface>]
  ping6 <ip-addr> [ip-interface <ip-interface>]
  pwd 
  session 
     timeout <idle-timeout>
  show 
     acl-profile <name> [message-vpn <vpn-name>] [{detail [[client-connect ] [publish-topic] 
                [subscribe-topic] ]} | {users } ]
     alarm 
     authentication [user-class cli-semp] [{current-user } | access-level [{default | ldap [group 
                   <group-name-pattern>]}] [detail ]]
     backup 
     bridge <bridge-name-pattern> [message-vpn <vpn-name-pattern>] [remote-message-vpn 
           <remote-vpn-name-pattern>] [remote-router-name <remote-router-name-pattern>] 
           [connect-via <addr-port>] [primary | backup | auto] [subscriptions [local | remote]
            | stats [queues] | connections [wide] | detail | message-spool-stats | ssl | 
           client-certificate]
     cache-cluster <name> [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | topics 
                  [filter <topic-pattern>] [type {local | global [home-cache-cluster 
                  <home-cache-cluster-name>]}] ]
     cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                   [message-vpn <vpn-name>] [detail | remote {status | home-cache-clusters 
                   [<home-cluster-name>] | topics [detail*2] [filter <topic-pattern>] 
                   [type {local | global}] }]
     certificate-authority {ca-name <ca-name> [cert [raw-content] | crl | stats | detail] [count <num-elements>] | 
                          stats*2}
     client <name> [client-username <username>] [message-vpn <vpn-name>] [authorization-group 
           <group-name>] [{[{stats [congestion | queues]} | {connections [wide]}] } | 
           {subscriptions [{subscription <subscription-name>}]} | {{message-spool | 
           message-spool-stats | {transaction-stats [session <session-id>]}} [{{ingress | 
           egress }} [flow <flow-id>]] } | {transacted-session [{session*2 
           <session-name>}]} | {sorted-stats [<stats-to-show>] [sort-by 
           <stats-to-sort-by>] [clear-high-water-marks]} | web-transport ] [detail] [primary] 
           [backup] [static] [slow-subscriber] [connected | disconnected]
     client-profile <name> [message-vpn <vpn-name>] [detail]
     client-username <name> [message-vpn <vpn-name>] [authorization-group <group-name>] [stats | detail
                     ]
     clock [{detail | {timezones [<pattern>]}}]
     cluster <cluster-name-pattern> [detail | link <link-name-pattern> [detail*2 | client-profile | 
            queue | ssl | channel [message-vpn <vpn-name>] [detail*3]]]
     compression 
     config-sync [database [router | message-vpn <vpn-name>] [detail | remote] [count <num-elements>]]
     console [login-banner]
     cspf 
        database 
        neighbor <physical-router-name> [stats [queues | detail] | connections [wide] | detail*2]
        queue 
        route [destination <router-destination>] [source <router-source>]
        ssl 
        stats 
     current-config 
        all 
        message-vpn <vpn-name> [remove]
     debug [process-name <process-name>] [process-instance <process-instance>] [timeout 
          <seconds>] <command> [<parameter-list>]
     deferred-config 
     disk [detail]
     distributed-cache {<name> [message-vpn <vpn-name>] [detail] | summary}
     dns 
     environment 
     hardware [details | post]
     home-cache-cluster <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                       [message-vpn <vpn-name>]
     hostname 
     interface [<phy-interface>] [detail]
     ip 
        route 
        vrf [<name> [link-local-address | {route | interface <interface-pattern>} [detail]]]
     jndi 
        connection-factory <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
                          [detail]
        object <name> [message-vpn <vpn-name>]
        queue <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
             [detail]
        schema [connection-factory | topic | queue]
        summary [message-vpn <vpn-name>]
        topic <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
             [detail]
     kerberos [{keytab | keytab-file <file-name>} [detail]]
     ldap-profile <profile-name> [detail | [index <server-index>] stats | users]
     log 
        acl [client-connect | publish-topic | subscribe-topic] [client-username <username>] [message-vpn 
           <vpn-name>] [wide]
        command [lines <num-lines>] [find <search-string>]
        debug [lines <num-lines>] [find <search-string>]
        event [lines <num-lines>] [find <search-string>]
        login diag [wide]
        no-subscription-match [client-username <username>] [client-name <name>] [message-vpn <vpn-name>] [wide]
        rest rest-delivery-point errors [wide]
        system [lines <num-lines>] [find <search-string>]
     logging 
        command 
        config 
        debug [<subsystem-id>]
        event 
     memory 
     message-spool [message-vpn <vpn-name> [sort-by-messages-spooled]] [stats | detail | rates ]
     message-vpn <vpn-name> {[[detail | stats [detail*2] | service [stats*2]] | subscriptions [primary] 
                [backup] [static] ] | replication [stats*3 | detail*3 | client-certificate] | rest 
                [{rest-delivery-point <rdp-name> [stats*4 | queue-binding 
                <queue-binding-name>] [count*2 <num-elements>*2] [detail*4] | 
                rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ]
                 [stats*5 | outgoing-connections [tcp [wide]] | authentication | 
                client-certificate*2 | ssl | detail*5] [count*3 <num-elements>*3] }] | 
                authorization [authorization-group <name> [detail*6]] [count*4 
                <num-elements>*4] | mqtt [{mqtt-session <client-id-pattern> [owner 
                <owner-pattern>] [primary*2] [backup*2] [detail*7 | subscriptions*2 [qos 
                <qos-value>] | stats*6 | client | queue]} | {retain {cache <cache-name> 
                [detail*8]}}] | bridging | dynamic-message-routing [dmr-bridge 
                <remote-node-name-pattern> ] | oauth provider <provider> [detail*9 
                [stats*7]] }
     mqtt 
     paging 
     process [pid <pid>]
     product-key 
     queue <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest]
           [msg-id <msg-id> | priority <priority>] | subscriptions | rates | 
          sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue 
          <dmq-filter> [dmq-list] | replay] [durable | non-durable] [detail] [replay-state 
          {initializing | active | pending-complete | failed | all}] [count <num-elements>]
     radius-profile <profile-name> [detail | stats]
     redundancy [detail]
     replay-log <name> [message-vpn <vpn-name>] [messages [oldest | newest] [msg-id <msg-id> | 
               priority <priority>] [detail]] [count <num-elements>]
     replicated-topic <topic> [message-vpn <vpn-name>] [replication-mode {sync | async}] [count 
                     <num-elements>]
     replication [stats]
     router-name 
     routing 
     sequenced-topic <topic> [message-vpn <vpn-name>] [count <num-elements>]
     service [web-transport]
     session 
     smrp 
        database [router-name <router-name>] [detail]
        route topic <topic-string> [message-vpn <vpn-name>] [destination-name 
             <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] 
             [backup] [static] [persistent | non-persistent]
        stats [router-name [<router-name>]]
        subscription-block [router-name <router-name>] [block-id <block-id>] [message-vpn <vpn-name>] 
                          [persistent | non-persistent] [detail]
        subscriptions [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] 
                     [topic-endpoint] [remote-router] [primary] [backup] [static] [{[dto-priority 
                     <priority>] [topic <topic-str>] [persistent | non-persistent] } | 
                     {summary }]
     snmp [trap [<name>]]
     ssl 
        allow-tls-version 
        certificate-files [filename <filename>] [detail]
        cipher-suite-list {default | management [default*2] | msg-backbone [default*3] | ssh [default*4]}
        crime-exploit-protection 
        server-certificate [detail]
        supported-cipher-suites [{management | msg-backbone | ssh}]
        supported-tls-versions 
        tls-session-timeout 
     stats 
        client [detail]
        neighbor [detail]
        ssl 
     syslog [<name>]
     system [detail | post]
     topic-endpoint <name> [message-vpn <vpn-name>] [stats [priorities] | messages [oldest | newest] [msg-id
                    <msg-id> | priority <priority>] | topics | rates | 
                   sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue 
                   <dmq-filter> [dmq-list] | replay] [durable | non-durable] [replay-state 
                   {initializing | active | pending-complete | failed | all}] [detail] [flow 
                   <flow-id>] [count <num-elements>]
     transaction [xid <xid>] [message-vpn <vpn-name>] [state <transaction-state>] [replicated] 
                [detail | sort-by-last-state-change | sort-by-messages-spooled] [count 
                <num-elements>]
     username <username-pattern> [detail]
     version 
  source script <script-name> [stop-on-error] [no-prompt]
 [no] strict-column-wrapping 
  tree [all | global]


alarm-display

COMMAND:
[no] alarm-display
DESCRIPTION:
Use this command to enable the display of system alarms in the current CLI session on a session-by-session basis. The no version disables the displaying of router system alarms in the current CLI session.

The default value is no alarm-display.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


cd

COMMAND:
cd [<directory>]
DESCRIPTION:
Use this command to change the current working directory on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<directory> [0..255 chars] - directory to change to. If no directory is specified the root ('/') directory is assumed


dir

COMMAND:
dir [<pattern>]
DESCRIPTION:
Use this command to list the contents of a directory on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<pattern> [0..255 chars] - file(s)/directory(s) to display. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files.


enable

COMMAND:
enable
DESCRIPTION:
Use this command to enter the Privileged EXEC level of the CLI to perform router configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


enable admin

COMMAND:
admin
DESCRIPTION:
Use this command to reach the Admin EXEC level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
This command does not take any parameters.


enable admin bridge

COMMAND:
bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto]
DESCRIPTION:
Enter bridge admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is primary, backup and auto.
backup - Only bridges of the backup virtual router. Default is primary, backup and auto.
<bridge-name-pattern> [1..300 chars] - Bridge name; may contain wildcard characters * or ?
primary - Only bridges of the primary virtual router. Default is primary, backup and auto.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<event-name> [string] - The name of the one shot event


enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> disconnect

COMMAND:
disconnect
DESCRIPTION:
Disconnect one or more bridges

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin certificate-authority

COMMAND:
certificate-authority <ca-name>
DESCRIPTION:
Enter certificate-authority admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<ca-name> [1..64 chars] - The name of the certificate authority.


enable admin certificate-authority <ca-name> refresh-crl

COMMAND:
refresh-crl
DESCRIPTION:
Refresh the CRL file

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin client

COMMAND:
client <name> message-vpn <vpn-name> [primary] [backup] [static]
DESCRIPTION:
Enter client admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
backup - Only clients of the backup virtual router
<name> [1..160 chars] - Client name; may contain wildcard characters * or ?
primary - Only clients of the primary virtual router
static - Only clients of the static virtual router
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable admin client <name> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<event-name> [string] - The name of the one shot event


enable admin client <name> message-vpn <vpn-name> disconnect

COMMAND:
disconnect
DESCRIPTION:
Disconnect one or more clients

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable admin config-sync

COMMAND:
config-sync [assert-master... | resync-master... | resync-slave...]
DESCRIPTION:
Enter config-sync admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
assert-master - Assert ownership of the specified config-sync table, forcing any other master's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a master for the selected table.
resync-master - Resync the selected table, forcing this master's content to be overwritten with that from another master. Config-sync must be a master for the selected table.
resync-slave - Resync the selected table, forcing this slave's content to be overwritten with that from a master. Config-sync must be a slave for the selected table.


enable admin config-sync assert-master

COMMAND:
assert-master {router | message-vpn <vpn-name>}
DESCRIPTION:
Assert ownership of the specified config-sync table, forcing any other master's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a master for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
Notes/Exceptions: global/rw is required to run this command with the router parameter.
PARAMETERS:
router - Assert ownership for the router table
<vpn-name> [1..32 chars] - Assert ownership for the named message-vpn table; may contain wildcard characters * or ?


enable admin config-sync resync-master

COMMAND:
resync-master {router | message-vpn <vpn-name>}
DESCRIPTION:
Resync the selected table, forcing this master's content to be overwritten with that from another master. Config-sync must be a master for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
Notes/Exceptions: global/rw is required to run this command with the router parameter.
PARAMETERS:
router - Resync content for the router table
<vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ?


enable admin config-sync resync-slave

COMMAND:
resync-slave message-vpn <vpn-name>
DESCRIPTION:
Resync the selected table, forcing this slave's content to be overwritten with that from a master. Config-sync must be a slave for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ?


enable admin cspf

COMMAND:
cspf [neighbor...]
DESCRIPTION:
Enter cspf admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
neighbor - Enter neighbor admin mode


enable admin cspf neighbor

COMMAND:
neighbor <physical-router-name>
DESCRIPTION:
Enter neighbor admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?


enable admin cspf neighbor <physical-router-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<event-name> [string] - The name of the one shot event.


enable admin delete-remote-router

COMMAND:
delete-remote-router <router-name>
DESCRIPTION:
Delete remote router from the SMRP and/or Message Spool database and remove all subscriptions (persistent and non-persistent) received from it

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


enable admin disk

COMMAND:
disk
DESCRIPTION:
Enter disk admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin disk rebuild

COMMAND:
rebuild
DESCRIPTION:
Trigger a disk rebuild after disk replacement

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin disk rebuild-speed

COMMAND:
rebuild-speed {high | low}
DESCRIPTION:
Configure speed at which disk is rebuilt after disk replacement

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
high - Rebuild at high speed.
low - Rebuild at low speed (default).


enable admin distributed-cache

COMMAND:
distributed-cache <name> message-vpn <vpn-name>
DESCRIPTION:
Enter distributed-cache admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<name> [1..200 chars] - The distributed-cache name. Must be a valid topic without hierarchy, whitespace, or ?.
<vpn-name> [1..32 chars] - The message VPN name.


enable admin distributed-cache <name> message-vpn <vpn-name> backup-cached-messages

COMMAND:
backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
DESCRIPTION:
Backup cached messages of the selected cache-instance to disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
cancel - Cancel the backup/restore operation currently in progress
<filename> [1..255 chars] - Filename for backup/restore of cached messages
<instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?.


enable admin distributed-cache <name> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Clear an event of selected cache-instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<event-name> [lost-message] - Name of the event, or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?


enable admin distributed-cache <name> message-vpn <vpn-name> delete-messages

COMMAND:
delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Delete message contents covered by given topic in selected cache-instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?
<topic> [1..250 chars] - Delete messages covered by this topic


enable admin distributed-cache <name> message-vpn <vpn-name> restore-cached-messages

COMMAND:
restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
DESCRIPTION:
Restore cached messages for the selected cache-instance from disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
cancel - Cancel the backup/restore operation currently in progress
<filename> [1..255 chars] - Filename for backup/restore of cached messages
<instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?.


enable admin distributed-cache <name> message-vpn <vpn-name> start

COMMAND:
start [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Start selected cache instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?


enable admin gather-diagnostics

COMMAND:
gather-diagnostics [days-of-history <days-of-history>]
DESCRIPTION:
Gather a number of diagnostic files and command output into a single diagnostics file

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<days-of-history> [1..65535] - Number of days of history that should be gathered for diagnostics. Default is 1.


enable admin interface

COMMAND:
interface <phy-interface>
DESCRIPTION:
Enter interface admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable admin interface <phy-interface> switch-active

COMMAND:
switch-active
DESCRIPTION:
switch active link

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin message-spool

COMMAND:
message-spool message-vpn <vpn-name>
DESCRIPTION:
Enter message spool admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the message-spool belongs to


enable admin message-spool message-vpn <vpn-name> commit-transaction

COMMAND:
commit-transaction xid <xid>
DESCRIPTION:
Commit the transaction identified by the XID. The transaction is heuristically committed and thus is not deleted upon completing the commit. To delete, use the delete-transaction command.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> delete-messages

COMMAND:
delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to <to-msg-id>]]
DESCRIPTION:
Delete spooled messages

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<msg-id> [1..18446744073709551615] - Message id to be deleted
<queue-name> [1..200 chars] - Queue name; may contain wildcard characters * or ?
<te-name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ?
<to-msg-id> [1..18446744073709551615] - End of range of message ids to be deleted


enable admin message-spool message-vpn <vpn-name> delete-transacted-session

COMMAND:
delete-transacted-session <name>
DESCRIPTION:
Delete the transacted-session identified by the name. The client that is connected to the session is disconnected, and all transactions associated with the session are rolled back and deleted.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..63 chars] - Transacted session name; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> delete-transaction

COMMAND:
delete-transaction xid <xid>
DESCRIPTION:
Delete the transaction identified by the XID. The transaction must be in the Heuristically Completed state.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> queue

COMMAND:
queue <name>
DESCRIPTION:
Enter message spool queue admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - Queue name


enable admin message-spool message-vpn <vpn-name> queue <name> cancel-replay

COMMAND:
cancel-replay [force-complete]
DESCRIPTION:
Cancel all replays to this queue

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
force-complete - force cancellation without waiting for client unbind ack


enable admin message-spool message-vpn <vpn-name> queue <name> start-replay

COMMAND:
start-replay [replay-log <replay-log>] [from-date <from-date>]
DESCRIPTION:
Start a replay to this queue

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<from-date> [string] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second
<replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;"


enable admin message-spool message-vpn <vpn-name> replay-log

COMMAND:
replay-log <name>
DESCRIPTION:
Enter message spool replay log admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..185 chars] - Name of Replay Log. Invalid characters are "'<>*?&;"


enable admin message-spool message-vpn <vpn-name> replay-log <name> trim-logged-messages

COMMAND:
trim-logged-messages older-than-date <older-than-date>
DESCRIPTION:
Trim messages from this replay log

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<older-than-date> [string] - All messages before this date will be removed. Specify using the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second


enable admin message-spool message-vpn <vpn-name> rollback-transaction

COMMAND:
rollback-transaction xid <xid>
DESCRIPTION:
Rollback the transaction identified by the XID. The transaction is heuristically rolled back and thus is not deleted upon completing the rollback. To delete, use the delete-transaction command.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> sequenced-topic

COMMAND:
sequenced-topic <topic> next-sequence-number <seq-num>
DESCRIPTION:
Set the next sequence number for the sequenced topic

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seq-num> [1..9223372036854775807] - Next sequence number for the sequenced topic
<topic> [1..250 chars] - Topic for applying sequence numbers


enable admin message-spool message-vpn <vpn-name> topic-endpoint

COMMAND:
topic-endpoint <name>
DESCRIPTION:
Enter message spool topic endpoint admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..250 chars] - Topic Endpoint name


enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> cancel-replay

COMMAND:
cancel-replay [force-complete]
DESCRIPTION:
Cancel all replays to this topic endpoint

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
force-complete - force cancellation without waiting for client unbind ack


enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> start-replay

COMMAND:
start-replay [replay-log <replay-log>] [from-date <from-date>]
DESCRIPTION:
Start a replay to this topic endpoint

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<from-date> [string] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second
<replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;"


enable admin product-key

COMMAND:
[no] product-key <key-value>
DESCRIPTION:
Configure a product key to unlock feature content

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<key-value> [40..255 chars] - Product key value


enable admin redundancy

COMMAND:
redundancy [revert-activity]
DESCRIPTION:
Enter redundancy mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
revert-activity - Force backup router to give up activity if primary router is ready to provide service


enable admin redundancy revert-activity

COMMAND:
revert-activity
DESCRIPTION:
Force backup router to give up activity if primary router is ready to provide service

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system

COMMAND:
system [message-spool]
DESCRIPTION:
Enter system admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
message-spool - Enter message-spool admin mode


enable admin system message-spool

COMMAND:
message-spool [assert-disk-ownership | backup-adb-to-disk | defragment-spool-files... | next-message-id... | override-flash-failure | reset...]
DESCRIPTION:
Enter message-spool admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
assert-disk-ownership - Assert ownership over the message-spool external disk.
backup-adb-to-disk - Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore.
defragment-spool-files - Start a spool file defragmentation run
next-message-id - Set the message-id to be assigned to the next message that is spooled. This should be done immediately after the message spool has been reset.
override-flash-failure - Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages.
reset - Reset the message spooling facility on a Solace appliance (without affecting the rest of the appliance configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state.


enable admin system message-spool assert-disk-ownership

COMMAND:
assert-disk-ownership
DESCRIPTION:
Assert ownership over the message-spool external disk.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system message-spool backup-adb-to-disk

COMMAND:
backup-adb-to-disk
DESCRIPTION:
Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system message-spool defragment-spool-files

COMMAND:
defragment-spool-files {start | stop}
DESCRIPTION:
Start a spool file defragmentation run

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
start - initiate spool file defragmentation operation
stop - halt the spool file defragmentation operation


enable admin system message-spool next-message-id

COMMAND:
next-message-id <message-id>
DESCRIPTION:
Set the message-id to be assigned to the next message that is spooled. This should be done immediately after the message spool has been reset.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<message-id> [1..18446744073709551615] - The message-id assigned to the next spooled message.


enable admin system message-spool override-flash-failure

COMMAND:
override-flash-failure
DESCRIPTION:
Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system message-spool reset

COMMAND:
reset [full]
DESCRIPTION:
Reset the message spooling facility on a Solace appliance (without affecting the rest of the appliance configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
full - including reset the message-id assigned to the next spooled message.


enable backup

COMMAND:
backup
DESCRIPTION:
Use this command to immediately create a manual local backup of your configuration database file on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable boot

COMMAND:
boot {<version> [default-config] | backout}
DESCRIPTION:
Use this command to upgrade or downgrade the router software to a new or old SolOS software load and activate it, or to revert to and run the previous SolOS software version that was running before the last upgrade.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
backout - Revert to previous load.
default-config - Boots the router to a default configuration.
<version> [string] - Load version to boot to


enable clear

COMMAND:
clear [bridge... | cache-instance... | certificate-authority... | client... | client-username... | compression... | cspf | ldap-profile... | log | message-spool | message-vpn... | queue... | radius-profile... | replication... | smrp... | snmp | stats | topic-endpoint...]
DESCRIPTION:
Use this command to clear various statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bridge - Clear the statistics for one or more bridges.
cache-instance - Clear statistics for one or more cache-instances.
certificate-authority - Clear global level statistics for certificate authorities.
Also clears individual certificate authority stats.
client - Clear statistics for one or more clients.
client-username - Clear statistics for one or more client-usernames.
compression - Clear statistics for compression.
cspf - Clear specified CSPF information.
ldap-profile - Clear ldap-profile statistics for one or all profiles.
log - Clear logs.
message-spool - Clear message-spool statistics.
message-vpn - Clear statistics for one or more message VPNs.
queue - Clear statistics for one or more queues.
radius-profile - Clear radius-profile statistics for one or all profiles.
replication - Clear the global replication statistics.
smrp - Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared.
snmp - Clear SNMP statistics.
stats - Clear global level statistics.
topic-endpoint - Clear statistics for one or more topic-endpoints.


enable clear bridge

COMMAND:
bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] stats
DESCRIPTION:
Clear the statistics for one or more bridges.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is primary, backup and auto.
backup - Only bridges of the backup virtual router. Default is primary, backup and auto.
<bridge-name-pattern> [string] - Bridge name; may contain wildcard characters * or ?
primary - Only bridges of the primary virtual router. Default is primary, backup and auto.
stats - Specify this keyword to clear statistics.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear cache-instance

COMMAND:
cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more cache-instances.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ?
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?
stats - Clears cache-instance statistics
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear certificate-authority

COMMAND:
certificate-authority stats
DESCRIPTION:
Clear global level statistics for certificate authorities.
Also clears individual certificate authority stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable clear client

COMMAND:
client <name> [message-vpn <vpn-name>] [primary] [backup] [static] stats
DESCRIPTION:
Clear statistics for one or more clients.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
backup - If specified, clients associated with the backup virtual router will be cleared.
<name> [1..160 chars] - Client name; may contain wildcard characters * or ?
primary - If specified, clients associated with the primary virtual router will be cleared.
static - If specified, clients associated with the static virtual router will be cleared.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear client-username

COMMAND:
client-username <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more client-usernames.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..189 chars] - Client name; may contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear compression

COMMAND:
compression stats
DESCRIPTION:
Clear statistics for compression.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear cspf

COMMAND:
cspf [neighbor... | stats]
DESCRIPTION:
Clear specified CSPF information.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
neighbor - Clear statistics related to neighbors
stats - Clear statistics related to the CSPF protocol


enable clear cspf neighbor

COMMAND:
neighbor <physical-router-name> stats
DESCRIPTION:
Clear statistics related to neighbors

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<physical-router-name> [1..66 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?
stats - Clear neighbor stats


enable clear cspf stats

COMMAND:
stats
DESCRIPTION:
Clear statistics related to the CSPF protocol

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear ldap-profile

COMMAND:
ldap-profile <profile-name> stats
DESCRIPTION:
Clear ldap-profile statistics for one or all profiles.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name. May contain wildcard characters * and ?.


enable clear log

COMMAND:
log [acl... | login... | no-subscription-match | rest...]
DESCRIPTION:
Clear logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
acl - Clear ACL logs.
login - Clear login logs
no-subscription-match - Clear no-subscription-match logs.
rest - Clear REST logs.


enable clear log acl

COMMAND:
acl [client-connect | publish-topic | subscribe-topic]
DESCRIPTION:
Clear ACL logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
client-connect - Clear only logs relating to client-connect ACLs
publish-topic - Clear only logs relating to publish-topic ACLs
subscribe-topic - Clear only logs relating to subscribe-topic ACLs


enable clear log login

COMMAND:
login diag
DESCRIPTION:
Clear login logs

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
diag - Clear logs relating to login diagnostics


enable clear log no-subscription-match

COMMAND:
no-subscription-match
DESCRIPTION:
Clear no-subscription-match logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear log rest

COMMAND:
rest rest-delivery-point errors
DESCRIPTION:
Clear REST logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
errors - Clear logs relating to REST errors
rest-delivery-point - Clear logs relating to REST Delivery Points


enable clear message-spool

COMMAND:
message-spool [stats]
DESCRIPTION:
Clear message-spool statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
stats - Clear message-spool statistics


enable clear message-spool stats

COMMAND:
stats
DESCRIPTION:
Clear message-spool statistics

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear message-vpn

COMMAND:
message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest {{rest-delivery-point <rdp-name>} | {rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2]}} stats*2} | {mqtt {mqtt-session <client-id-pattern>} stats*3} | oauth provider <provider> stats*4}
DESCRIPTION:
Clear statistics for one or more message VPNs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<client-id-pattern> [string] - The pattern that filters the mqtt-session selected. May contain wildcard characters * and ?.
message-spool-stats - Clear message-spool statistics.
mqtt - MQTT related clear commands
oauth - Clear OAuth related information.
<provider> [1..31 chars] - The name of the provider, which may include wildcards * or ?
<rdp-name> [string] - The pattern that filters the RDP selected. May contain wildcard characters * and ?.
<rdp-name>*2 - The pattern that filters the RDP selected. May contain wildcard characters * and ?.
replication-stats - Clear replication statistics.
rest - REST related clear commands
<rest-consumer-name> [string] - The pattern that filters the REST Consumer selected. May contain wildcard characters * and ?.
service-stats - Clear SMF service statistics for message VPN.
stats - Clears the statistics for the specified message VPN
stats*2 - Specify this keyword to clear REST Delivery Point statistics.
stats*3 - Specify this keyword to clear MQTT statistics.
stats*4 - Clear OAuth stats.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear queue

COMMAND:
queue <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more queues.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - Queue name; may contain wildcard characters * or ?
stats - Clears the statistics for the specified queue.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear radius-profile

COMMAND:
radius-profile <profile-name> stats
DESCRIPTION:
Clear radius-profile statistics for one or all profiles.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name. May contain wildcard characters * and ?.


enable clear replication

COMMAND:
replication stats
DESCRIPTION:
Clear the global replication statistics.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
stats - Clear stats.


enable clear smrp

COMMAND:
smrp stats [router-name [<router-name>]]
DESCRIPTION:
Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


enable clear snmp

COMMAND:
snmp [stats]
DESCRIPTION:
Clear SNMP statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
stats - Clear SNMP statistics


enable clear snmp stats

COMMAND:
stats
DESCRIPTION:
Clear SNMP statistics

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear stats

COMMAND:
stats [client | neighbor | ssl]
DESCRIPTION:
Clear global level statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
client - Clear global level statistics for clients.
Also clears individual client stats.
neighbor - Clear global level statistics for neighbors.
Also clears individual neighbor stats.
ssl - Clear global level statistics related to SSL.


enable clear stats client

COMMAND:
client
DESCRIPTION:
Clear global level statistics for clients.
Also clears individual client stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear stats neighbor

COMMAND:
neighbor
DESCRIPTION:
Clear global level statistics for neighbors.
Also clears individual neighbor stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear stats ssl

COMMAND:
ssl
DESCRIPTION:
Clear global level statistics related to SSL.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear topic-endpoint

COMMAND:
topic-endpoint <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more topic-endpoints.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ?
stats - Clears the statistics for the specified topic-endpoint.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable configure

COMMAND:
configure
DESCRIPTION:
Use this command to reach the Global CONFIG level by entering configure from the privileged EXEC level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


enable configure acl-profile

COMMAND:
[no] acl-profile <name> message-vpn <vpn-name>

create acl-profile <name> message-vpn <vpn-name> [allow-client-connect] [allow-publish-topic] [allow-subscribe-topic]

DESCRIPTION:
Create, modify, or delete a ACL Profile.

An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The name of the ACL Profile.
<vpn-name> [1..32 chars] - The name of the Message VPN.
allow-client-connect - Set the default action for a client connect attempt to "allow".
allow-publish-topic - Set the default action for a publish topic attempt to "allow".
allow-subscribe-topic - Set the default action for a subscribe topic attempt to "allow".


enable configure acl-profile <name> message-vpn <vpn-name> client-connect

COMMAND:
client-connect [default-action... | exception...]
DESCRIPTION:
Enter the "client-connect" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile connects to the Message VPN.
[no] exception - Create or delete a Client Connect Exception.

A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.


enable configure acl-profile <name> message-vpn <vpn-name> client-connect default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile connects to the Message VPN.

The default is default-action "disallow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow client connection unless an exception is found for it.
disallow - Disallow client connection unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> client-connect exception

COMMAND:
[no] exception <cidr-addr>
DESCRIPTION:
Create or delete a Client Connect Exception.

A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cidr-addr> [nnn.nnn.nnn.nnn/dd] - The IP address/netmask of the client connect exception in CIDR form.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic

COMMAND:
publish-topic [default-action... | exceptions...]
DESCRIPTION:
Enter the "publish-topic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN.
[no] exceptions - Create or delete a Publish Topic Exception.

A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN.

The default is default-action "disallow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow topic unless an exception is found for it.
disallow - Disallow topic unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic exceptions

COMMAND:
[no] exceptions [smf | mqtt] list <exception-list>
DESCRIPTION:
Create or delete a Publish Topic Exception.

A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<exception-list> [1..250 chars] - List of exceptions
mqtt - Exception list uses MQTT topic syntax.
smf - Exception list uses SMF topic syntax.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic

COMMAND:
subscribe-topic [default-action... | exceptions...]
DESCRIPTION:
Enter the "subscribe-topic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN.
[no] exceptions - Create or delete a Subscribe Topic Exception.

A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN.

The default is default-action "disallow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow topic unless an exception is found for it.
disallow - Disallow topic unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic exceptions

COMMAND:
[no] exceptions [smf | mqtt] list <exception-list>
DESCRIPTION:
Create or delete a Subscribe Topic Exception.

A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<exception-list> [1..250 chars] - List of exceptions
mqtt - Exception list uses MQTT topic syntax.
smf - Exception list uses SMF topic syntax.


enable configure authentication

COMMAND:
authentication [access-level | allow-direct-shell-login... | auth-type... | certificate-authority... | client-certificate-revocation-checking... | kerberos | ldap-profile... | radius-domain... | radius-profile... | replace-duplicate-client-connections]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
access-level - Enter sub-mode to configure parameters related to CLI access levels.
[no] allow-direct-shell-login - Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access.
auth-type - Assign authentication mechanisms.
[create|no] certificate-authority - Create, modify, or delete a Certificate Authority.

Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.
client-certificate-revocation-checking - The client certificate revocation checking mode used when a client authenticates with a client certificate.
kerberos - Configure Kerberos Authentication.
[create|no] ldap-profile - Create, edit and delete LDAP profiles.
[no] radius-domain - Assign radius-domain string.
[create|no] radius-profile - Create, edit and delete RADIUS profiles.
[no] replace-duplicate-client-connections - Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections.


enable configure authentication access-level

COMMAND:
access-level [default | ldap]
DESCRIPTION:
Enter sub-mode to configure parameters related to CLI access levels.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
default - Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.
ldap - Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP.


enable configure authentication access-level default

COMMAND:
default [global-access-level... | message-vpn]
DESCRIPTION:
Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
global-access-level - Set the global-scope access-level of a CLI username.
message-vpn - Enter sub-mode to configure the access level at Message VPN level for CLI users.


enable configure authentication access-level default global-access-level

COMMAND:
global-access-level <access-level>
DESCRIPTION:
Set the global-scope access-level of a CLI username.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<access-level> [none | read-only | read-write | admin] - CLI global access level


enable configure authentication access-level default message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.


enable configure authentication access-level default message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured.


enable configure authentication access-level default message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level <access-level>
DESCRIPTION:
vpn-scope access-level to assign to CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level


enable configure authentication access-level default message-vpn default-access-level

COMMAND:
default-access-level <access-level>
DESCRIPTION:
The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN


enable configure authentication access-level ldap

COMMAND:
ldap [group... | group-membership-attribute-name...]
DESCRIPTION:
Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] group - The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.
[no] group-membership-attribute-name - The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level.


enable configure authentication access-level ldap group

COMMAND:
[create | no] group <group-name>
DESCRIPTION:
The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<group-name> [1..256 chars] - LDAP group name.


enable configure authentication access-level ldap group-membership-attribute-name

COMMAND:
group-membership-attribute-name <attribute-name>

no group-membership-attribute-name

DESCRIPTION:
The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attribute-name> [1..64 chars] - LDAP attribute name.


enable configure authentication access-level ldap group <group-name> global-access-level

COMMAND:
global-access-level <access-level>
DESCRIPTION:
Set the global-scope access-level of CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<access-level> [none | read-only | read-write | admin] - CLI global access level


enable configure authentication access-level ldap group <group-name> message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.


enable configure authentication access-level ldap group <group-name> message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured.


enable configure authentication access-level ldap group <group-name> message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level <access-level>
DESCRIPTION:
vpn-scope access-level to assign to CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level


enable configure authentication access-level ldap group <group-name> message-vpn default-access-level

COMMAND:
default-access-level <access-level>
DESCRIPTION:
The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN


enable configure authentication allow-direct-shell-login

COMMAND:
[no] allow-direct-shell-login [<shell-login-name>]
DESCRIPTION:
Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access.

By default, the support user is allowed direct access to the SolOS shell.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<shell-login-name> [1..32 chars] - Any valid SolOS shell user.


enable configure authentication auth-type

COMMAND:
auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}
DESCRIPTION:
Assign authentication mechanisms.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
internal - Internal database.
ldap - LDAP authentication.
<ldap-profile> [1..32 chars] - LDAP profile name.
radius - RADIUS authentication.
<radius-profile> [1..32 chars] - RADIUS profile name.


enable configure authentication certificate-authority

COMMAND:
[create | no] certificate-authority <ca-name>
DESCRIPTION:
Create, modify, or delete a Certificate Authority.

Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-name> [1..64 chars] - The name of the Certificate Authority.


enable configure authentication certificate-authority <ca-name> certificate

COMMAND:
certificate {file <ca-certificate> | content <raw-data>}

no certificate

DESCRIPTION:
The trusted root certificate for a certificate authority. The file must be located in the /certs directory and must be PEM formatted.

The no version of the command returns its value to the default (no certificate configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-certificate> [1..127 chars] - The CA certificate file.
<raw-data> [0..24576 chars] - The CA certificate content.


enable configure authentication certificate-authority <ca-name> revocation-check

COMMAND:
revocation-check [crl | ocsp | shutdown]
DESCRIPTION:
Enter the "revocation-check" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
crl - Enter the "crl" mode.
ocsp - Enter the "ocsp" mode.
[no] shutdown - Enable or disable Certificate Authority revocation checking.


enable configure authentication certificate-authority <ca-name> revocation-check crl

COMMAND:
crl [refresh-schedule... | url...]
DESCRIPTION:
Enter the "crl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] refresh-schedule - The schedule for refreshing the CRL by downloading a new copy.
[no] url - The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included.


enable configure authentication certificate-authority <ca-name> revocation-check crl refresh-schedule

COMMAND:
refresh-schedule [days <days-of-week> ] times <times-of-day>

no refresh-schedule

DESCRIPTION:
The schedule for refreshing the CRL by downloading a new copy.

The default is refresh-schedule "daily 3:00".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<days-of-week> [list of days] - Comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc. Default is daily.
<times-of-day> [list of times] - Hourly or comma-separated list of times of the form hh:mm where hh is [0..23] and mm is [0..59].


enable configure authentication certificate-authority <ca-name> revocation-check crl url

COMMAND:
url <url>

no url

DESCRIPTION:
The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<url> [0..2048 chars] - The value to set.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp

COMMAND:
ocsp [allow-non-responder-certificate | override-url... | responder-common-name... | timeout...]
DESCRIPTION:
Enter the "ocsp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] allow-non-responder-certificate - Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses.
[no] override-url - The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included.
[no] responder-common-name - Create or delete a OCSP Responder Trusted Common Name.

When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.
[no] timeout - The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp allow-non-responder-certificate

COMMAND:
[no] allow-non-responder-certificate
DESCRIPTION:
Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses.

The default value is no allow-non-responder-certificate.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp override-url

COMMAND:
override-url <ocsp-override-url>

no override-url

DESCRIPTION:
The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ocsp-override-url> [0..2048 chars] - The value to set.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp responder-common-name

COMMAND:
responder-common-name {empty | name <common-name>}

no responder-common-name name <common-name>

DESCRIPTION:
Create or delete a OCSP Responder Trusted Common Name.

When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate.
empty - Removes all common names from the list.


enable configure authentication certificate-authority <ca-name> revocation-check ocsp timeout

COMMAND:
timeout <seconds>

no timeout

DESCRIPTION:
The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<seconds> [1..86400] - The value to set.


enable configure authentication certificate-authority <ca-name> revocation-check shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Certificate Authority revocation checking.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication client-certificate-revocation-checking

COMMAND:
client-certificate-revocation-checking <mode>
DESCRIPTION:
The client certificate revocation checking mode used when a client authenticates with a client certificate.

The default is client-certificate-revocation-checking "none".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<mode> [none | ocsp | crl | ocsp-crl] - The value to set.

none - Do not perform any certificate revocation checking.

ocsp - Use the Open Certificate Status Protcol (OCSP) for certificate revocation checking.

crl - Use Certificate Revocation Lists (CRL) for certificate revocation checking.

ocsp-crl - Use OCSP first, but if OCSP fails to return an unambiguous result, then check via CRL.


enable configure authentication kerberos

COMMAND:
kerberos [keytab]
DESCRIPTION:
Configure Kerberos Authentication.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
keytab - Configure Kerberos keytab entries.


enable configure authentication kerberos keytab

COMMAND:
keytab [add-key... | delete-keytab-entry...]
DESCRIPTION:
Configure Kerberos keytab entries.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
add-key - Add a Kerberos key to the router keytab store.
delete-keytab-entry - Delete a Kerberos key from the router keytab store.


enable configure authentication kerberos keytab add-key

COMMAND:
add-key <keytab-filename> [index <index>]
DESCRIPTION:
Add a Kerberos key to the router keytab store.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<index> [1..65535] - Index of the key in the keytab file.
<keytab-filename> [Filename of keytab in /keytab directory.] - Kerberos keytab file used to get the key from.


enable configure authentication kerberos keytab delete-keytab-entry

COMMAND:
delete-keytab-entry <index>
DESCRIPTION:
Delete a Kerberos key from the router keytab store.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<index> [1..65535] - Index of the key in the keytab store.


enable configure authentication ldap-profile

COMMAND:
[create | no] ldap-profile <profile-name>
DESCRIPTION:
Create, edit and delete LDAP profiles.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name.


enable configure authentication ldap-profile <profile-name> admin

COMMAND:
admin dn <admin-dn> [password <admin-password> ]
DESCRIPTION:
Configure the router's credentials when connecting to an LDAP server in this profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<admin-dn> [0..1024 chars] - The distinguished name to bind as.
<admin-password> [0..128 chars] - The password to provide during the bind.


enable configure authentication ldap-profile <profile-name> allow-unauthenticated-authentication

COMMAND:
[no] allow-unauthenticated-authentication
DESCRIPTION:
This command allows clients connecting to the router without passwords to have those empty passwords forwarded to the LDAP server(s) for authentication. By disabling this attribute the login attempt is immediately rejected by the router without consulting the LDAP server.
Important: Unauthenticated authentication permits password-less logins for all users of this profile if such authentications are also permitted by the LDAP server. As such enabling this attibute can result in a significant security hole.

The default value is no allow-unauthenticated-authentication.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search

COMMAND:
group-membership-secondary-search [base-dn... | deref... | filter... | filter-attribute-from-primary-search... | follow-continuation-references | scope... | shutdown | timeout...]
DESCRIPTION:
Configure the group membership secondary search parameters.

The intent for this search is to indirectly determine the groups the user belongs to. The "group-membership-attribute-name" is not used when this feature is enabled.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base-dn - Sets the base node for searches.
deref - Configure the dereferencing behavior of searches.
filter - Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.
filter-attribute-from-primary-search - The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search.
[no] follow-continuation-references - Enable or disable the following of continuation references.
scope - Configure the scope of directory searches.
[no] shutdown - Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.
timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search base-dn

COMMAND:
base-dn <distinguished-name>
DESCRIPTION:
Sets the base node for searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search deref

COMMAND:
deref {never | search | base | always}
DESCRIPTION:
Configure the dereferencing behavior of searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
always - Always dereference aliases. Default setting.
base - Only dereference alias when locating the base node.
never - Don't dereference aliases.
search - Only dereference aliases when searching.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter

COMMAND:
filter <filter>
DESCRIPTION:
Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter-attribute-from-primary-search

COMMAND:
filter-attribute-from-primary-search <attribute-name>
DESCRIPTION:
The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attribute-name> [0..64 chars] - LDAP attribute name.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search follow-continuation-references

COMMAND:
[no] follow-continuation-references
DESCRIPTION:
Enable or disable the following of continuation references.

The default value is follow-continuation-references.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search scope

COMMAND:
scope {base | one-level | subtree}
DESCRIPTION:
Configure the scope of directory searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base - Search only the base node.
one-level - Search only 1 level deep.
subtree - Search the entire subtree. Default setting.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..20] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails.


enable configure authentication ldap-profile <profile-name> ldap-server

COMMAND:
ldap-server <ldap-host> index <server-index>

no ldap-server {<ldap-host> | index <server-index>}

DESCRIPTION:
Configures or removes LDAP servers in a given LDAP profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ldap-host> [0..256 chars] - LDAP host. Examples:
ldap://ldap.solace.com
ldap://192.168.123.4:389
ldap://ldap.solace.com:389
<server-index> [1..3] - A positive integer indicating server preference. A value of "1" indicates first choice, "2" indicates second choice, etc. Up to a maximum of "3".


enable configure authentication ldap-profile <profile-name> search

COMMAND:
search [base-dn... | deref... | filter... | follow-continuation-references | scope... | timeout...]
DESCRIPTION:
Configure search parameters.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base-dn - Sets the base node for searches.
deref - Configure the dereferencing behavior of searches.
filter - Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.
[no] follow-continuation-references - Enable or disable the following of continuation references.
scope - Configure the scope of directory searches.
timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.


enable configure authentication ldap-profile <profile-name> search base-dn

COMMAND:
base-dn <distinguished-name>
DESCRIPTION:
Sets the base node for searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"


enable configure authentication ldap-profile <profile-name> search deref

COMMAND:
deref {never | search | base | always}
DESCRIPTION:
Configure the dereferencing behavior of searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
always - Always dereference aliases. Default setting.
base - Only dereference alias when locating the base node.
never - Don't dereference aliases.
search - Only dereference aliases when searching.


enable configure authentication ldap-profile <profile-name> search filter

COMMAND:
filter <filter>
DESCRIPTION:
Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"


enable configure authentication ldap-profile <profile-name> search follow-continuation-references

COMMAND:
[no] follow-continuation-references
DESCRIPTION:
Enable or disable the following of continuation references.

The default value is follow-continuation-references.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> search scope

COMMAND:
scope {base | one-level | subtree}
DESCRIPTION:
Configure the scope of directory searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base - Search only the base node.
one-level - Search only 1 level deep.
subtree - Search the entire subtree. Default setting.


enable configure authentication ldap-profile <profile-name> search timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..20] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails.


enable configure authentication ldap-profile <profile-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the LDAP profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> tls

COMMAND:
[no] tls
DESCRIPTION:
Enables or disables TLS for this profile.

The default value is no tls.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication radius-domain

COMMAND:
radius-domain <radius-domain>

no radius-domain

DESCRIPTION:
Assign radius-domain string.

The no version of the command returns its value to the default (no radius-domain configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<radius-domain> [0..64 chars] - RADIUS domain string


enable configure authentication radius-profile

COMMAND:
[create | no] radius-profile <profile-name>
DESCRIPTION:
Create, edit and delete RADIUS profiles.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name.


enable configure authentication radius-profile <profile-name> radius-server

COMMAND:
radius-server <ip-port> index <server-index> [key <shared-secret-key> ]

no radius-server {<ip-port> | index <server-index>}

DESCRIPTION:
Configures or removes RADIUS servers in a given RADIUS profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ip-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn]] - FQDN or IP address (and optional port).Ex.
192.1.2.3:12345
solace.com
<server-index> [1..3] - Priority index for the server. Default: next available index
<shared-secret-key> [0..64 chars] - The shared secret between the router and the RADIUS server
( no ) <ip-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn]] - FQDN or IP address (and optional port). Ex.
192.1.2.3:12345
solace.com


enable configure authentication radius-profile <profile-name> retransmit

COMMAND:
retransmit <attempts>
DESCRIPTION:
Sets the number of times to retry a request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attempts> [1..10] - The number of attempts to retry a request.


enable configure authentication radius-profile <profile-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the RADIUS profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication radius-profile <profile-name> timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Sets the time to wait before retrying a request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..10] - The time in seconds to wait.


enable configure authentication replace-duplicate-client-connections

COMMAND:
[no] replace-duplicate-client-connections
DESCRIPTION:
Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections.

The default value is replace-duplicate-client-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure bridge

COMMAND:
[create | no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto]
DESCRIPTION:
Create, modify, or delete a Bridge.

Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auto - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
backup - The Bridge is used for the backup virtual router.
<bridge-name> [1..150 chars] - The name of the Bridge.
primary - The Bridge is used for the primary virtual router.
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> max-ttl

COMMAND:
max-ttl <ttl-value>

no max-ttl

DESCRIPTION:
The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value.

The no version of the command returns its value to the default (8).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl-value> [1..255] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote

COMMAND:
remote [authentication | deliver-to-one | message-vpn... | retry | subscription-topic...]
DESCRIPTION:
Enter the "remote" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
authentication - Enter the "authentication" mode.
deliver-to-one - Enter the "deliver-to-one" mode.
[create|no] message-vpn - Create, modify, or delete a Remote Message VPN.

The Remote Message VPN is the Message VPN that the Bridge connects to.
retry - Enter the "retry" mode.
[no] subscription-topic - Create or delete a Remote Subscription.

A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication

COMMAND:
authentication [auth-scheme... | basic | client-certificate]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auth-scheme - The authentication scheme for the remote Message VPN.
basic - Enter the "basic" mode.
client-certificate - Enter the "client-certificate" mode.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication auth-scheme

COMMAND:
auth-scheme {basic | client-certificate}
DESCRIPTION:
The authentication scheme for the remote Message VPN.

The default is auth-scheme "basic".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
basic - Basic Authentication Scheme (via username and password).
client-certificate - Client Certificate Authentication Scheme (via certificate file or content).


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic

COMMAND:
basic [client-username...]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] client-username - The Client Username and password the Bridge uses to login to the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The Client Username and password the Bridge uses to login to the remote Message VPN.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] certificate-file - The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> [file-contents <file-contents> ]

no certificate-file

DESCRIPTION:
The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<file-contents> [string] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one

COMMAND:
deliver-to-one [priority...]
DESCRIPTION:
Enter the "deliver-to-one" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] priority - The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one priority

COMMAND:
priority <dto-priority>

no priority

DESCRIPTION:
The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN.

The no version of the command returns its value to the default ("P1").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dto-priority> [P1 | P2 | P3 | P4 | DA] - The value to set.

P1 - The 1st or highest priority.

P2 - The 2nd highest priority.

P3 - The 3rd highest priority.

P4 - The 4th highest priority.

DA - Ignore priority and deliver always.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn

COMMAND:
[create | no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface <phys-intf>]}
DESCRIPTION:
Create, modify, or delete a Remote Message VPN.

The Remote Message VPN is the Message VPN that the Bridge connects to.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<addr> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn]] - FQDN or IP address (and optional port) where the remote router should be reached. This may be a static or virtual address of the remote-router. DNS name lookup is supported. For bridges that are looping back to a message-vpn on this router, the IP address '127.0.0.1' must be used.
<phys-intf> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"
<virtual-router-name> [1..66 chars] - name of the virtual remote-router where the message-vpn is located. All virtual remote-router names start with 'v:', for e.g. v:lab-128-97.
<vpn-name> [1..32 chars] - remote message-vpn name


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The Client Username and password the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } compressed-data

COMMAND:
[no] compressed-data
DESCRIPTION:
Enable or disable data compression for the remote Message VPN connection.

The default value is no compressed-data.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } connect-order

COMMAND:
connect-order <number>

no connect-order

DESCRIPTION:
The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority).

The no version of the command returns its value to the default (4).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<number> [1..4] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool

COMMAND:
message-spool [queue... | window-size...]
DESCRIPTION:
Enter the "message-spool" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] queue - The queue binding of the Bridge in the remote Message VPN.
[no] window-size - The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgement is received.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool queue

COMMAND:
queue <name>

no queue

DESCRIPTION:
The queue binding of the Bridge in the remote Message VPN.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..200 chars] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool window-size

COMMAND:
window-size <number>

no window-size

DESCRIPTION:
The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgement is received.

The no version of the command returns its value to the default (255).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<number> [0..65535] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the remote Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable or disable encryption (TLS) for the remote Message VPN connection.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional

COMMAND:
unidirectional [client-profile...]
DESCRIPTION:
Enter the "unidirectional" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] client-profile - The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2MB.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2MB.

The no version of the command returns its value to the default ("#client-profile").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry

COMMAND:
retry [count... | delay...]
DESCRIPTION:
Enter the "retry" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] count - The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever.
[no] delay - The number of seconds to delay before retrying to connect to the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry count

COMMAND:
count <count>

no count

DESCRIPTION:
The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<count> [0..255] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry delay

COMMAND:
delay <seconds>

no delay

DESCRIPTION:
The number of seconds to delay before retrying to connect to the remote Message VPN.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..255] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote subscription-topic

COMMAND:
subscription-topic <topic> [deliver-always]

no subscription-topic <topic>

DESCRIPTION:
Create or delete a Remote Subscription.

A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
deliver-always - Enable or disable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both.
<topic> [1..250 chars] - The topic of the Bridge remote subscription.


enable configure bridge <bridge-name> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Bridge.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl

COMMAND:
ssl [cipher-suite... | trusted-common-name...]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] cipher-suite - The list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure.
[no] trusted-common-name - Create or delete a Trusted Common Name.

The Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl cipher-suite

COMMAND:
cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no cipher-suite name <suite-name>

DESCRIPTION:
The list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure.

The default is cipher-suite "default".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list.
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl trusted-common-name

COMMAND:
trusted-common-name {empty | name <common-name>}

no trusted-common-name name <common-name>

DESCRIPTION:
Create or delete a Trusted Common Name.

The Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate.
empty - Removes all common names from the list.


enable configure client-profile

COMMAND:
[create | no] client-profile <name> message-vpn <vpn-name>
DESCRIPTION:
Create, modify, or delete a Client Profile.

Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure client-profile <name> message-vpn <vpn-name> allow-bridge-connections

COMMAND:
[no] allow-bridge-connections
DESCRIPTION:
Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections.

The default value is no allow-bridge-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> allow-shared-subscriptions

COMMAND:
[no] allow-shared-subscriptions
DESCRIPTION:
Enable or disable allowing shared subscriptions. Changing this setting does not affect existing subscriptions.

The default value is no allow-shared-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> compression

COMMAND:
compression [shutdown]
DESCRIPTION:
Enter the "compression" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Enable or disable allowing clients using the Client Profile to use compression.


enable configure client-profile <name> message-vpn <vpn-name> compression shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to use compression.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> eliding

COMMAND:
eliding [delay... | max-topics... | shutdown]
DESCRIPTION:
Enter the "eliding" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] delay - The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients.
[no] max-topics - The maximum number of topics tracked for message eliding per client connection using the Client Profile.
[no] shutdown - Enable or disable message eliding for clients using the Client Profile.


enable configure client-profile <name> message-vpn <vpn-name> eliding delay

COMMAND:
delay <milliseconds>

no delay

DESCRIPTION:
The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<milliseconds> [0..60000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> eliding max-topics

COMMAND:
max-topics <num>

no max-topics

DESCRIPTION:
The maximum number of topics tracked for message eliding per client connection using the Client Profile.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num> [1..32000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> eliding shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable message eliding for clients using the Client Profile.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> event

COMMAND:
event [client-provisioned-endpoint-spool-usage | connections-per-client-username | egress-flows | endpoints-per-client-username | ingress-flows | service | subscriptions | transacted-sessions | transactions]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
client-provisioned-endpoint-spool-usage - Enter the "client-provisioned-endpoint-spool-usage" mode.
connections-per-client-username - Enter the "connections-per-client-username" mode.
egress-flows - Enter the "egress-flows" mode.
endpoints-per-client-username - Enter the "endpoints-per-client-username" mode.
ingress-flows - Enter the "ingress-flows" mode.
service - Enter the "service" mode.
subscriptions - Enter the "subscriptions" mode.
transacted-sessions - Enter the "transacted-sessions" mode.
transactions - Enter the "transactions" mode.


enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage

COMMAND:
client-provisioned-endpoint-spool-usage [thresholds...]
DESCRIPTION:
Enter the "client-provisioned-endpoint-spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of Queues and Topic Endpoints provisioned by clients, relative to max-spool-usage for these Queues and Topic Endpoints. Changing these values during operation does not affect existing sessions. For provisioned durable Queues and Topic Endpoints, this value applies when initially provisioned, but can then be changed afterwards by configuring the Queue or Topic Endpoint.


enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of Queues and Topic Endpoints provisioned by clients, relative to max-spool-usage for these Queues and Topic Endpoints. Changing these values during operation does not affect existing sessions. For provisioned durable Queues and Topic Endpoints, this value applies when initially provisioned, but can then be changed afterwards by configuring the Queue or Topic Endpoint.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Enter the "connections-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Client Username connection count event of the Client Profile, relative to max-connections-per-client-username.


enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username connection count event of the Client Profile, relative to max-connections-per-client-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Enter the "egress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the transmit flow count event of the Client Profile, relative to max-egress-flows.


enable configure client-profile <name> message-vpn <vpn-name> event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transmit flow count event of the Client Profile, relative to max-egress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username

COMMAND:
endpoints-per-client-username [thresholds...]
DESCRIPTION:
Enter the "endpoints-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Client Username endpoint count event of the Client Profile, relative to max-endpoints.


enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username endpoint count event of the Client Profile, relative to max-endpoints.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Enter the "ingress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the receive flow count event of the Client Profile, relative to max-ingress-flows.


enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the receive flow count event of the Client Profile, relative to max-ingress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event service

COMMAND:
service [smf | web-transport]
DESCRIPTION:
Enter the "service" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
smf - Enter the "smf" mode.
web-transport - Enter the "web-transport" mode.


enable configure client-profile <name> message-vpn <vpn-name> event service smf

COMMAND:
smf [connections-per-client-username]
DESCRIPTION:
Enter the "smf" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode.


enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Enter the "connections-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Client Username SMF connection count event of the Client Profile, relative to max-connections-per-client-username.


enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username SMF connection count event of the Client Profile, relative to max-connections-per-client-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..30000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..30000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport

COMMAND:
web-transport [connections-per-client-username]
DESCRIPTION:
Enter the "web-transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Enter the "connections-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Client Username Web Transport connection count event of the Client Profile, relative to max-connections-per-client-username.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username Web Transport connection count event of the Client Profile, relative to max-connections-per-client-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event subscriptions

COMMAND:
subscriptions [thresholds...]
DESCRIPTION:
Enter the "subscriptions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the subscription count event of the Client Profile, relative to max-subscriptions.


enable configure client-profile <name> message-vpn <vpn-name> event subscriptions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the subscription count event of the Client Profile, relative to max-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Enter the "transacted-sessions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the transacted session count event of the Client Profile, relative to max-transacted-sessions.


enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transacted session count event of the Client Profile, relative to max-transacted-sessions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Enter the "transactions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the transaction count event of the Client Profile, relative to max-transactions.


enable configure client-profile <name> message-vpn <vpn-name> event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transaction count event of the Client Profile, relative to max-transactions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> max-subscriptions

COMMAND:
max-subscriptions <value>

no max-subscriptions

DESCRIPTION:
The maximum number of subscriptions per client using the Client Profile.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..4294967295] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool

COMMAND:
message-spool [allow-cut-through-forwarding | allow-guaranteed-endpoint-create | allow-guaranteed-message-receive | allow-guaranteed-message-send | allow-transacted-sessions | api-queue-management | api-topic-endpoint-management | max-egress-flows... | max-endpoints-per-client-username... | max-ingress-flows... | max-transacted-sessions... | max-transactions... | reject-msg-to-sender-on-no-subscription-match]
DESCRIPTION:
Enter the "message-spool" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] allow-cut-through-forwarding - Enable or disable allowing clients using the Client Profile to bind to endpoints with the cut-through forwarding delivery mode. Changing this value does not affect existing client connections.
[no] allow-guaranteed-endpoint-create - Enable or disable allowing clients using the Client Profile to create topic endponts or queues. Changing this value does not affect existing client connections.
[no] allow-guaranteed-message-receive - Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections.
[no] allow-guaranteed-message-send - Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections.
[no] allow-transacted-sessions - Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections.
api-queue-management - Enter the "api-queue-management" mode.
api-topic-endpoint-management - Enter the "api-topic-endpoint-management" mode.
[no] max-egress-flows - The maximum number of transmit flows that can be created by one client using the Client Profile.
[no] max-endpoints-per-client-username - The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile.
[no] max-ingress-flows - The maximum number of receive flows that can be created by one client using the Client Profile.
[no] max-transacted-sessions - The maximum number of transacted sessions that can be created by one client using the Client Profile.
[no] max-transactions - The maximum number of transactions that can be created by one client using the Client Profile.
[no] reject-msg-to-sender-on-no-subscription-match - Enable or disable the sending of a negative acknowledgement (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-cut-through-forwarding

COMMAND:
[no] allow-cut-through-forwarding
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to bind to endpoints with the cut-through forwarding delivery mode. Changing this value does not affect existing client connections.

The default value is no allow-cut-through-forwarding.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-endpoint-create

COMMAND:
[no] allow-guaranteed-endpoint-create
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to create topic endponts or queues. Changing this value does not affect existing client connections.

The default value is no allow-guaranteed-endpoint-create.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-receive

COMMAND:
[no] allow-guaranteed-message-receive
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections.

The default value is no allow-guaranteed-message-receive.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-send

COMMAND:
[no] allow-guaranteed-message-send
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections.

The default value is no allow-guaranteed-message-send.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-transacted-sessions

COMMAND:
[no] allow-transacted-sessions
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections.

The default value is no allow-transacted-sessions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management

COMMAND:
api-queue-management [copy-from-on-create...]
DESCRIPTION:
Enter the "api-queue-management" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] copy-from-on-create - The name of a queue to copy settings from when a new queue is created by a client using the Client Profile. The referenced queue must exist in the Message VPN.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management copy-from-on-create

COMMAND:
copy-from-on-create <queue-name>

no copy-from-on-create

DESCRIPTION:
The name of a queue to copy settings from when a new queue is created by a client using the Client Profile. The referenced queue must exist in the Message VPN.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<queue-name> [0..200 chars] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management

COMMAND:
api-topic-endpoint-management [copy-from-on-create...]
DESCRIPTION:
Enter the "api-topic-endpoint-management" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] copy-from-on-create - The name of a topic endpoint to copy settings from when a new topic endpoint is created by a client using the Client Profile. The referenced topic endpoint must exist in the Message VPN.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management copy-from-on-create

COMMAND:
copy-from-on-create <topic-endpoint-name>

no copy-from-on-create

DESCRIPTION:
The name of a topic endpoint to copy settings from when a new topic endpoint is created by a client using the Client Profile. The referenced topic endpoint must exist in the Message VPN.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<topic-endpoint-name> [0..200 chars] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-egress-flows

COMMAND:
max-egress-flows <value>

no max-egress-flows

DESCRIPTION:
The maximum number of transmit flows that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-endpoints-per-client-username

COMMAND:
max-endpoints-per-client-username <value>

no max-endpoints-per-client-username

DESCRIPTION:
The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-ingress-flows

COMMAND:
max-ingress-flows <value>

no max-ingress-flows

DESCRIPTION:
The maximum number of receive flows that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..1000000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transacted-sessions

COMMAND:
max-transacted-sessions <value>

no max-transacted-sessions

DESCRIPTION:
The maximum number of transacted sessions that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..16000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transactions

COMMAND:
max-transactions <value>

no max-transactions

DESCRIPTION:
The maximum number of transactions that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..50000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool reject-msg-to-sender-on-no-subscription-match

COMMAND:
[no] reject-msg-to-sender-on-no-subscription-match
DESCRIPTION:
Enable or disable the sending of a negative acknowledgement (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found.

The default value is no reject-msg-to-sender-on-no-subscription-match.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> queue

COMMAND:
queue <type>
DESCRIPTION:
Enter the "queue" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<type> [G-1 | D-1 | D-2 | D-3 | C-1] - The type of queue to configure (G-Guaranteed, D-Direct, C-Control).


enable configure client-profile <name> message-vpn <vpn-name> queue <type> max-depth

COMMAND:
max-depth <depth>

no max-depth

DESCRIPTION:
The maximum depth of the specified priority queue, in work units. Each work unit is 2048 bytes of message data.

The no version of the command returns its value to the default (20000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<depth> [2..262144] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> queue <type> min-msg-burst

COMMAND:
min-msg-burst <depth>

no min-msg-burst

DESCRIPTION:
The number of messages that are always allowed entry into the specified priority queue, regardless of the max-depth value.

The no version of the command returns its value to the default. The default depends on the priority queue type.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<depth> [0..262144] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> replication

COMMAND:
replication [allow-clients-when-standby]
DESCRIPTION:
Enter the "replication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] allow-clients-when-standby - Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby.


enable configure client-profile <name> message-vpn <vpn-name> replication allow-clients-when-standby

COMMAND:
[no] allow-clients-when-standby
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby.

The default value is no allow-clients-when-standby.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> service

COMMAND:
service [smf | web-transport]
DESCRIPTION:
Enter the "service" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
smf - Enter the "smf" mode.
web-transport - Enter the "web-transport" mode.


enable configure client-profile <name> message-vpn <vpn-name> service smf

COMMAND:
smf [max-connections-per-client-username...]
DESCRIPTION:
Enter the "smf" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] max-connections-per-client-username - The maximum number of SMF client connections per Client Username using the Client Profile.


enable configure client-profile <name> message-vpn <vpn-name> service smf max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of SMF client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..30000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport

COMMAND:
web-transport [inactive-timeout... | max-connections-per-client-username... | max-web-payload...]
DESCRIPTION:
Enter the "web-transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] inactive-timeout - The timeout for inactive Web Transport client sessions using the Client Profile, in seconds.
[no] max-connections-per-client-username - The maximum number of Web Transport client connections per Client Username using the Client Profile.
[no] max-web-payload - The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport inactive-timeout

COMMAND:
inactive-timeout <seconds>

no inactive-timeout

DESCRIPTION:
The timeout for inactive Web Transport client sessions using the Client Profile, in seconds.

The no version of the command returns its value to the default (30).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [1..4294967295] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of Web Transport client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-web-payload

COMMAND:
max-web-payload <bytes>

no max-web-payload

DESCRIPTION:
The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included.

The no version of the command returns its value to the default (1000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<bytes> [300..10000000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> ssl

COMMAND:
ssl [allow-downgrade-to-plain-text]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] allow-downgrade-to-plain-text - Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text.


enable configure client-profile <name> message-vpn <vpn-name> ssl allow-downgrade-to-plain-text

COMMAND:
[no] allow-downgrade-to-plain-text
DESCRIPTION:
Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text.

The default value is allow-downgrade-to-plain-text.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter the "tcp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support before changing this value.
keepalive - Enter the "keepalive" mode.
[no] max-wnd - The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.
[no] mss - The TCP maximum segment size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.


enable configure client-profile <name> message-vpn <vpn-name> tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support before changing this value.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num-mss> [2..7826] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter the "keepalive" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num> [2..5] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [3..120] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [1..30] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num-kilo-bytes> [16..65536] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
The TCP maximum segment size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<byte-count> [256..1460] - The value to set.


enable configure client-username

COMMAND:
[create | no] client-username <username> message-vpn <vpn-name>
DESCRIPTION:
Create, modify, or delete a Client Username.

A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<username> [1..189 chars] - The name of the Client Username.
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure client-username <username> message-vpn <vpn-name> acl-profile

COMMAND:
acl-profile <name>

no acl-profile

DESCRIPTION:
The ACL Profile of the Client Username.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure client-username <username> message-vpn <vpn-name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the Client Username.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure client-username <username> message-vpn <vpn-name> guaranteed-endpoint-permission-override

COMMAND:
[no] guaranteed-endpoint-permission-override
DESCRIPTION:
Enable or disable guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner.

The default value is no guaranteed-endpoint-permission-override.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-username <username> message-vpn <vpn-name> password

COMMAND:
password <password>

no password

DESCRIPTION:
The password for the Client Username.

The no version of the command returns its value to the default (no password configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<password> [0..128 chars] - The value to set.


enable configure client-username <username> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Client Username. When disabled, all clients currently connected as the Client Username are disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-username <username> message-vpn <vpn-name> subscription-manager

COMMAND:
[no] subscription-manager
DESCRIPTION:
Enable or disable the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames.

The default value is no subscription-manager.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure clock

COMMAND:
clock [set... | synchronization | timezone...]
DESCRIPTION:
Use this command to configure the system clock on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
set - Sets the system clock
synchronization - Use this command to configure the system synchronization on the router.
timezone - Sets the system time zone


enable configure clock set

COMMAND:
set <time> <day> <month> <year>
DESCRIPTION:
Sets the system clock

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<day> [1..31] - The current day by date
<month> [January | February | March | April | May | June | July | August | September | October | November | December] - The current month by name (e.g. January)
<time> [string] - The current time in 24-hour format (hh:mm:ss)
<year> [1970..2037] - The current year, no abbreviation


enable configure clock synchronization

COMMAND:
synchronization [ntp-server... | protocol... | shutdown]
DESCRIPTION:
Use this command to configure the system synchronization on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] ntp-server - Use this command to configure the Network Time Protocol (NTP) server. The no version turns off NTP server synchronization.
[no] protocol - Set the synchronization protocol
[no] shutdown - Enable or disable clock synchronization


enable configure clock synchronization ntp-server

COMMAND:
ntp-server <ip-addr>

no ntp-server

DESCRIPTION:
Use this command to configure the Network Time Protocol (NTP) server. The no version turns off NTP server synchronization.

The no version of the command returns its value to the default (no ntp-server configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<ip-addr> [1..253 chars: or nnn.nnn.nnn.nnn] - FQDN/IP address


enable configure clock synchronization protocol

COMMAND:
protocol {ntp | ptp}

no protocol

DESCRIPTION:
Set the synchronization protocol

The no version of the command returns its value to the default ("ntp").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
ntp - Use NTP for system clock synchronization.
ptp - Use PTP protocal for system clock synchronization.


enable configure clock synchronization shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable clock synchronization

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure clock timezone

COMMAND:
timezone <zone>
DESCRIPTION:
Sets the system time zone

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<zone> [0..32 chars] - The time zone name (e.g. EST, Europe/London, Etc/GMT-5). If unsure, use UTC or see 'show clock timezones' for list of supported time zones.


enable configure compression

COMMAND:
compression [mode...]
DESCRIPTION:
Use this command to set on a global basis the compression mode for data sent from routers. The router compression mode can be configured globally for data sent from the router to one of two types: optimized for size (the default) or optimized for speed. In general, optimized for size yields a higher compression ratio with lower throughput, while optimized for-speed yields a higher throughput with lower compression ratio.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
mode - This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio.


enable configure compression mode

COMMAND:
mode {optimize-for-size | optimize-for-speed}
DESCRIPTION:
This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
optimize-for-size - optimize-for-size tends to yield higher compression ratio with lower throughput.
optimize-for-speed - optimize-for-speed tends to yield higher throughput with lower compression ratio.


enable configure config-sync

COMMAND:
config-sync [authentication | client-profile | shutdown... | ssl | synchronize]
DESCRIPTION:
Enter Config-Sync configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
authentication - Enter authentication configuration mode
client-profile - Enter client-profile configuration mode
[no] shutdown - This command disables the Config-Sync feature.
[no] ssl - Enable use of encryption by config-sync. If enabled, config-sync connections initiated by this router will be encrypted, and all incoming config-sync connections must be encrypted. If disabled, config-sync connections initiated by this router will be plain-text and the incoming connection from the HA-mate must be plain-text, but the incoming connection from the DR-site may be plain-text or encrypted.

If enabled, and redundancy is enabled, a redundancy pre-shared-key must be configured in order for config-sync to be operational.

If enabled, this setting overrides the replication config-sync setting for encryption.
synchronize - Enter synchronization configuration mode.


enable configure config-sync authentication

COMMAND:
authentication [client-certificate]
DESCRIPTION:
Enter authentication configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
client-certificate - Enter client-certificate configuration mode


enable configure config-sync authentication client-certificate

COMMAND:
client-certificate [max-certificate-chain-depth... | validate-certificate-date]
DESCRIPTION:
Enter client-certificate configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] max-certificate-chain-depth - Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.


enable configure config-sync authentication client-certificate max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8


enable configure config-sync authentication client-certificate validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure config-sync client-profile

COMMAND:
client-profile [tcp]
DESCRIPTION:
Enter client-profile configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
tcp - Enter tcp configuration mode


enable configure config-sync client-profile tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter tcp configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] initial-cwnd - Configure the TCP initial congestion window size.
keepalive - Enter configuration of tcp keepalives.
[no] max-wnd - Configure the TCP maximum window size.
[no] mss - Configure the TCP maximum segment size.


enable configure config-sync client-profile tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
Configure the TCP initial congestion window size.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num-mss> [2..7826] - The size of the initial congestion window measured in number of MSS.


enable configure config-sync client-profile tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter configuration of tcp keepalives.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.


enable configure config-sync client-profile tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num> [2..5] - The maximum number of keepalive probes TCP should send before dropping the connection.


enable configure config-sync client-profile tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [3..120] - The time (in seconds) the connection needs to be idle before TCP starts sending keepalive probes.


enable configure config-sync client-profile tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [1..30] - The time (in seconds) between individual keepalive probes.


enable configure config-sync client-profile tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
Configure the TCP maximum window size.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num-kilo-bytes> [16..65536] - The size of the maximum TCP window size in KB.


enable configure config-sync client-profile tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
Configure the TCP maximum segment size.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<byte-count> [256..1460] - The size in bytes of MSS.


enable configure config-sync shutdown

COMMAND:
shutdown

no shutdown

DESCRIPTION:
This command disables the Config-Sync feature.

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure config-sync ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable use of encryption by config-sync. If enabled, config-sync connections initiated by this router will be encrypted, and all incoming config-sync connections must be encrypted. If disabled, config-sync connections initiated by this router will be plain-text and the incoming connection from the HA-mate must be plain-text, but the incoming connection from the DR-site may be plain-text or encrypted.

If enabled, and redundancy is enabled, a redundancy pre-shared-key must be configured in order for config-sync to be operational.

If enabled, this setting overrides the replication config-sync setting for encryption.

The default value is no ssl.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure config-sync synchronize

COMMAND:
synchronize [username]
DESCRIPTION:
Enter synchronization configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] username - Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync.


enable configure config-sync synchronize username

COMMAND:
[no] username
DESCRIPTION:
Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync.

The default value is username.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure console

COMMAND:
console [baud-rate... | login-banner... | timeout...]
DESCRIPTION:
Use this command to configure console parameters on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
baud-rate - Configure the baud rate for the serial console port.
[no] login-banner - Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.

Example input for printing Hello World across 2 lines:
"Hello\nWorld"

Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.

Banners can be a maximum of 2048 characters in length.

The default banner is a product specific description.

The 'no' version of this command returns to the default login banner.
timeout - Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions.


enable configure console baud-rate

COMMAND:
baud-rate <baud-rate>
DESCRIPTION:
Configure the baud rate for the serial console port.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<baud-rate> [110 | 300 | 1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200] - Baud rate in bps.


enable configure console login-banner

COMMAND:
login-banner {text <banner-text> | file <file-name> | default}

no login-banner

DESCRIPTION:
Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.

Example input for printing Hello World across 2 lines:
"Hello\nWorld"

Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.

Banners can be a maximum of 2048 characters in length.

The default banner is a product specific description.

The 'no' version of this command returns to the default login banner.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<banner-text> [0..2048 chars] - Text to display on user logins
default - Use the product description as the banner text
file - Load the banner text from a file
<file-name> [0..255 chars] - Name of the file to load from the jail directory
text - Enter the banner text directly on the command line


enable configure console timeout

COMMAND:
timeout <idle-timeout>
DESCRIPTION:
Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<idle-timeout> [0..43200] - timeout value in minutes (0 to disable)


enable configure distributed-cache

COMMAND:
[create | no] distributed-cache <name> message-vpn <vpn-name>
DESCRIPTION:
Create, modify, or delete a Distributed Cache.

A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Distributed Cache.
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster

COMMAND:
[create | no] cache-cluster <name>
DESCRIPTION:
Create, modify, or delete a Cache Cluster.

A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Cache Cluster.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance

COMMAND:
[create | no] cache-instance <name>
DESCRIPTION:
Create, modify, or delete a Cache Instance.

A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Cache Instance.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> auto-start

COMMAND:
[no] auto-start
DESCRIPTION:
Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker.

The default value is no auto-start.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Cache Instance.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> stop-on-lost-message

COMMAND:
[no] stop-on-lost-message
DESCRIPTION:
Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages.

The default value is stop-on-lost-message.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> deliver-to-one-override

COMMAND:
[no] deliver-to-one-override
DESCRIPTION:
Enable or disable deliver-to-one override for the Cache Cluster.

The default value is deliver-to-one-override.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event

COMMAND:
event [data-byte-rate | data-message-rate | max-memory | max-topics | request-queue-depth | request-rate | response-rate]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
data-byte-rate - Enter the "data-byte-rate" mode.
data-message-rate - Enter the "data-message-rate" mode.
max-memory - Enter the "max-memory" mode.
max-topics - Enter the "max-topics" mode.
request-queue-depth - Enter the "request-queue-depth" mode.
request-rate - Enter the "request-rate" mode.
response-rate - Enter the "response-rate" mode.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate

COMMAND:
data-byte-rate [thresholds...]
DESCRIPTION:
Enter the "data-byte-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cached data incoming byte rate event, in bytes per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cached data incoming byte rate event, in bytes per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate

COMMAND:
data-message-rate [thresholds...]
DESCRIPTION:
Enter the "data-message-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cached data incoming message rate event, in messages per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cached data incoming message rate event, in messages per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory

COMMAND:
max-memory [thresholds...]
DESCRIPTION:
Enter the "max-memory" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the memory usage per instance event, relative to `maxMemory`.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the memory usage per instance event, relative to `maxMemory`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics

COMMAND:
max-topics [thresholds...]
DESCRIPTION:
Enter the "max-topics" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the topics per instance event, relative to `maxTopicCount`.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the topics per instance event, relative to `maxTopicCount`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth

COMMAND:
request-queue-depth [thresholds...]
DESCRIPTION:
Enter the "request-queue-depth" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the request queue depth event, relative to `maxRequestQueueDepth`.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the request queue depth event, relative to `maxRequestQueueDepth`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate

COMMAND:
request-rate [thresholds...]
DESCRIPTION:
Enter the "request-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cache request message rate event, in messages per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cache request message rate event, in messages per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate

COMMAND:
response-rate [thresholds...]
DESCRIPTION:
Enter the "response-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cache response message rate event, in messages per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cache response message rate event, in messages per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching

COMMAND:
global-caching [heartbeat... | home-cache-cluster... | shutdown | topic-lifetime...]
DESCRIPTION:
Enter the "global-caching" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] heartbeat - The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters.
[create|no] home-cache-cluster - Create, modify, or delete a Home Cache Cluster.

A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.
[no] shutdown - Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters.
[no] topic-lifetime - The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching heartbeat

COMMAND:
heartbeat <seconds>

no heartbeat

DESCRIPTION:
The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [1..255] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster

COMMAND:
[create | no] home-cache-cluster <name>
DESCRIPTION:
Create, modify, or delete a Home Cache Cluster.

A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the remote Home Cache Cluster.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster <name> topic-prefix

COMMAND:
[no] topic-prefix <topic-prefix>
DESCRIPTION:
Create or delete a Topic Prefix.

A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic-prefix> [1..250 chars] - A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching topic-lifetime

COMMAND:
topic-lifetime <seconds>

no topic-lifetime

DESCRIPTION:
The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging.

The no version of the command returns its value to the default (3600).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..4294967295] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-memory

COMMAND:
max-memory <megabytes>

no max-memory

DESCRIPTION:
The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster.

The no version of the command returns its value to the default (2048).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<megabytes> [128..2147483647] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-messages-per-topic

COMMAND:
max-messages-per-topic <num-messages>

no max-messages-per-topic

DESCRIPTION:
The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-messages> [1..2147483647] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-topics

COMMAND:
max-topics <num-topics>

no max-topics

DESCRIPTION:
The maximum number of topics for each Cache Instance in the Cache Cluster.

The no version of the command returns its value to the default (2000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-topics> [1..4294967294] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> message-lifetime

COMMAND:
message-lifetime <seconds>

no message-lifetime

DESCRIPTION:
The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely.

The no version of the command returns its value to the default (no message-lifetime configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..4294967294] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> new-topic-advertisement

COMMAND:
[no] new-topic-advertisement
DESCRIPTION:
Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster.

The default value is no new-topic-advertisement.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> request-queue-depth

COMMAND:
request-queue-depth <num-messages>

no request-queue-depth

DESCRIPTION:
The maximum queue depth for cache requests received by the Cache Cluster.

The no version of the command returns its value to the default (100000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-messages> [1..200000] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Cache Cluster.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> topic

COMMAND:
[no] topic <topic-str>
DESCRIPTION:
Create or delete a Topic.

The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic-str> [1..250 chars] - The value of the Topic in the form a/b/c.


enable configure distributed-cache <name> message-vpn <vpn-name> heartbeat

COMMAND:
heartbeat <seconds>

no heartbeat

DESCRIPTION:
The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [3..60] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> scheduled-delete-message

COMMAND:
scheduled-delete-message [days <days-of-week> ] times <times-of-day>

no scheduled-delete-message

DESCRIPTION:
The schedule for deleting messages from the cache.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<days-of-week> [list of days] - Comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc. Default is daily.
<times-of-day> [list of times] - Hourly or comma-separated list of times of the form hh:mm where hh is [0..23] and mm is [0..59].


enable configure distributed-cache <name> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Distributed Cache.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure dns

COMMAND:
dns [name-server... | polled-domain-name...]
DESCRIPTION:
Use this command to enter Domain Name System (DNS) configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] name-server - Use this command to provision a DNS server. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. A maximum of 3 name servers is allowed.
[no] polled-domain-name - Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value.


enable configure dns name-server

COMMAND:
[no] name-server <ip-addr>
DESCRIPTION:
Use this command to provision a DNS server. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. A maximum of 3 name servers is allowed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<ip-addr> [nnn.nnn.nnn.nnn] - IP address


enable configure dns polled-domain-name

COMMAND:
polled-domain-name <domain-name>

no polled-domain-name

DESCRIPTION:
Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value.

The no version of the command returns its value to the default ("www.solacesystems.com").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<domain-name> [1..256 chars] - The domain name looked-up in order to determine the status of the name servers


enable configure hardware

COMMAND:
hardware [disk... | message-spool | power-redundancy... | topic-routing]
DESCRIPTION:
Use this command to configure routing modules and disks on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
disk - Enable/disable hard disk
message-spool - Configure message spool hardware options
power-redundancy - Configure power-redundancy.
topic-routing - Configure topic routing hardware options


enable configure hardware disk

COMMAND:
disk <disk-name> [no-shutdown] [shutdown]
DESCRIPTION:
Enable/disable hard disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<disk-name> [1..4] - The name of the top disk is 1; and increments to the bottom slot.
no-shutdown - Enable the disk
shutdown - Disable the disk


enable configure hardware message-spool

COMMAND:
message-spool [disk-array... | event | internal-disk | max-cache-usage... | max-spool-usage... | shutdown... | transaction]
DESCRIPTION:
Configure message spool hardware options

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] disk-array - Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.

The "no disk-array" command resets the WWN to its default value of Null.

This command only affects the system behavior if configured to spool to an external disk.

The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.
event - Enter message spool event configuration mode.
[no] internal-disk - Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.

This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.

This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.

internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".
[no] max-cache-usage - Configure guaranteed message cache usage limit.
[no] max-spool-usage - Configure message spool usage limit.
[no] shutdown - Enable/disable message-spooling for the router
transaction - Enter message spool transaction configuration mode.


enable configure hardware message-spool disk-array

COMMAND:
disk-array wwn <wwn>

no disk-array

DESCRIPTION:
Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.

The "no disk-array" command resets the WWN to its default value of Null.

This command only affects the system behavior if configured to spool to an external disk.

The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<wwn> [1..64 chars] - If the WWN is in NAA format it is either an 8 or 16 byte number represented as a string of hex characters separated by colons starting with 1,2,5 or 6.
For example:
50:00:2a:c0:00:f1:33:74
60:06:01:60:bf:51:12:00:9a:fb:40:97:83:3f:dc:11
If it is not in NAA format it can be any string without colons.


enable configure hardware message-spool event

COMMAND:
event [cache-usage | delivered-unacked | disk-usage | egress-flows | endpoints | ingress-flows | message-count | spool-files | spool-usage | transacted-session-resources | transacted-sessions | transactions]
DESCRIPTION:
Enter message spool event configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
cache-usage - Configure the event thresholds for the cache usage
delivered-unacked - Configure the event thresholds for the total number of delivered but unacked messages at system level.
disk-usage - Configure the event thresholds for the active disk partition usage at system level.
egress-flows - Configure the event thresholds for the egress flows at system level.
endpoints - Configure the event thresholds for the number of queues and topic endpoints at system level
ingress-flows - Configure the event thresholds for the ingress flows at system level.
message-count - Configure the event thresholds for the total number of spooled messages at system level.
spool-files - Configure the event thresholds for the spool files at system level.
spool-usage - Configure the event thresholds for the system level spool usage.
transacted-session-resources - Configure the event thresholds for the total number of transacted session resources at system level.
transacted-sessions - Configure the event thresholds for guaranteed data transacted sessions allowed at the system level.
transactions - Configure the event thresholds for guaranteed data transactions allowed at the system level.


enable configure hardware message-spool event cache-usage

COMMAND:
cache-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the cache usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly


enable configure hardware message-spool event cache-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-cache-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-cache-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event delivered-unacked

COMMAND:
delivered-unacked [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of delivered but unacked messages at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event delivered-unacked thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value


enable configure hardware message-spool event disk-usage

COMMAND:
disk-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the active disk partition usage at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event disk-usage thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the active disk partition usage value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the active disk partition usage value


enable configure hardware message-spool event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the egress flows at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count.


enable configure hardware message-spool event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of egress flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of egress flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event endpoints

COMMAND:
endpoints [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of queues and topic endpoints at system level

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count.


enable configure hardware message-spool event endpoints thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the ingress flows at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count.


enable configure hardware message-spool event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of ingress flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of ingress flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event message-count

COMMAND:
message-count [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of spooled messages at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event message-count thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool messages value


enable configure hardware message-spool event spool-files

COMMAND:
spool-files [thresholds...]
DESCRIPTION:
Configure the event thresholds for the spool files at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event spool-files thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool files value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool files value


enable configure hardware message-spool event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the system level spool usage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB)


enable configure hardware message-spool event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB)

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event transacted-session-resources

COMMAND:
transacted-session-resources [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of transacted session resources at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event transacted-session-resources thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value


enable configure hardware message-spool event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transacted sessions allowed at the system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count.


enable configure hardware message-spool event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transacted-sessions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transacted-sessions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transactions allowed at the system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count.


enable configure hardware message-spool event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transactions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transactions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool internal-disk

COMMAND:
[no] internal-disk
DESCRIPTION:
Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.

This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.

This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.

internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".

The default value is no internal-disk.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure hardware message-spool max-cache-usage

COMMAND:
max-cache-usage <percent-usage>

no max-cache-usage

DESCRIPTION:
Configure guaranteed message cache usage limit.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<percent-usage> [0..50] - Maximum percentage of the NAB's egress queueing resources that the guaranteed message cache is allowed to use


enable configure hardware message-spool max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
Configure message spool usage limit.

The no version of the command returns its value to the default (60000).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure hardware message-spool shutdown

COMMAND:
shutdown

no shutdown [primary | backup]

DESCRIPTION:
Enable/disable message-spooling for the router

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
backup - enable spooling for backup router instead of primary
primary - enable spooling for primary router


enable configure hardware message-spool transaction

COMMAND:
transaction [replication-compatibility-mode...]
DESCRIPTION:
Enter message spool transaction configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] replication-compatibility-mode - Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.


enable configure hardware message-spool transaction replication-compatibility-mode

COMMAND:
replication-compatibility-mode {legacy | transacted}

no replication-compatibility-mode

DESCRIPTION:
Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.

The no version of the command returns its value to the default ("legacy").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
legacy - All transactions originated by clients are replicated to the standby site without using transactions.
transacted - All transactions originated by clients are replicated to the standby site using transactions.


enable configure hardware power-redundancy

COMMAND:
power-redundancy <type>
DESCRIPTION:
Configure power-redundancy.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<type> [1+1 | 1+2 | 2+2] - Expected power supply redundancy


enable configure hardware topic-routing

COMMAND:
topic-routing [acl-topic-matching-mode...]
DESCRIPTION:
Configure topic routing hardware options

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] acl-topic-matching-mode - Sets the ACL topic-matching mode for the special #P2P topics used by the Solace appliance. If the ACL topic-matching mode changes from legacy to enforce-for-queues (either when the SolOS version used by the appliance is upgraded or through a manual configuration) some #P2P topics which previously bypassed ACL enforcement may be blocked. To specifically allow a topic that is denied after the change add an appropriate topic-exception to the acl-profile used by the client.


enable configure hardware topic-routing acl-topic-matching-mode

COMMAND:
acl-topic-matching-mode {legacy | enforce-for-queues}

no acl-topic-matching-mode

DESCRIPTION:
Sets the ACL topic-matching mode for the special #P2P topics used by the Solace appliance. If the ACL topic-matching mode changes from legacy to enforce-for-queues (either when the SolOS version used by the appliance is upgraded or through a manual configuration) some #P2P topics which previously bypassed ACL enforcement may be blocked. To specifically allow a topic that is denied after the change add an appropriate topic-exception to the acl-profile used by the client.

The no version of the command returns its value to the default ("enforce-for-queues").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
enforce-for-queues - Ignore publish or subscribe ACL rules for any topics matching '#P2P/v:*' or '#P2P/v:*/>' (default as of SolOS 7.1). This mode is more restrictive than legacy mode.
legacy - Ignore publish or subscribe ACL rules for any topics matching '#P2P' or '#P2P/>' (default prior to SolOS 7.1). This mode is less restrictive than enforce-for-queues mode.


enable configure hostname

COMMAND:
hostname <name> [defer]

no hostname [defer]

DESCRIPTION:
Config the host name.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart.
<name> [1..64 chars] - The hostname to assign to the router. Cannot start with "v:", which stands for virtual router. The "no" version of the command resets the host name to the default value (solace).


enable configure interface

COMMAND:
[create] interface <phy-interface> [<mode>]

no interface <phy-interface>

DESCRIPTION:
Use this command to enter interface configuration mode to configure ethernet or Link Aggregation Group (LAG) parameters for physical interfaces on routers, on an interface by interface basis.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<mode> [lacp | active-backup] - (lacp | active-backup)
Examples: "lacp", "active-backup"
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"
( no ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"
( create ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"


enable configure interface <phy-interface> lacp

COMMAND:
lacp [rate...]
DESCRIPTION:
Enter LACP configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
rate - Configure the rate at which the appliance requests LACP PDU from peers.


enable configure interface <phy-interface> lacp rate

COMMAND:
rate {fast | slow}
DESCRIPTION:
Configure the rate at which the appliance requests LACP PDU from peers.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
fast - Fast LACP PDU rate (1 second intervals).
slow - Slow LACP PDU rate (30 seconds intervals).


enable configure interface <phy-interface> member

COMMAND:
[no] member <phy-interface>
DESCRIPTION:
Add/remove LAG interface members

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure interface <phy-interface> primary-member

COMMAND:
primary-member <phy-interface>

no primary-member

DESCRIPTION:
Primary member for active-backup mode.

The no version of the command returns its value to the default (no primary-member configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure interface <phy-interface> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this interface

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure interface <phy-interface> traffic-shaping

COMMAND:
traffic-shaping [egress]
DESCRIPTION:
Enter traffic shaping configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
egress - Enter egress traffic shaping configuration.


enable configure interface <phy-interface> traffic-shaping egress

COMMAND:
egress [rate-limit... | shutdown]
DESCRIPTION:
Enter egress traffic shaping configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] rate-limit - The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value.
[no] shutdown - Enable or disable this interface


enable configure interface <phy-interface> traffic-shaping egress rate-limit

COMMAND:
rate-limit <mbps>

no rate-limit

DESCRIPTION:
The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value.

The no version of the command returns its value to the default (1000000000).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<mbps> [2..4294967295] - maximum sustained egress rate in mega bits per second


enable configure interface <phy-interface> traffic-shaping egress shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this interface

The default value is no shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ip

COMMAND:
ip [vrf...]
DESCRIPTION:
Use this command to configure IP VPN parameters on routers.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
vrf - Configure Virtual Routing and Forwarding instances


enable configure ip vrf

COMMAND:
vrf <name>
DESCRIPTION:
Configure Virtual Routing and Forwarding instances

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [string] - VRF name


enable configure ip vrf <name> interface

COMMAND:
[create | no] interface <ip-interface> [primary | backup | static]
DESCRIPTION:
Add an IP interface to this VRF routing domain and configure it

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
backup - interface for backup virtual router
<ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"
primary - interface for primary virtual router
static - static interface irrespective of virtual router


enable configure ip vrf <name> interface <ip-interface> ip-address

COMMAND:
ip-address <cidr-addr>

no ip-address [<cidr-addr>]

DESCRIPTION:
Configure ip addresses

The no version of the command returns its value to the default (no ip-address configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<cidr-addr> [nnn.nnn.nnn.nnn/dd or nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn/ddd] - IP address/prefix length combination in CIDR form


enable configure ip vrf <name> interface <ip-interface> kerberos

COMMAND:
kerberos [service-principal-name...]
DESCRIPTION:
Configure kerberos attributes on the interface

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] service-principal-name - Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address


enable configure ip vrf <name> interface <ip-interface> kerberos service-principal-name

COMMAND:
service-principal-name <name>

no service-principal-name

DESCRIPTION:
Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address

The no version of the command returns its value to the default (no service-principal-name configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [string] - Kerberos Service Principal Name (SPN) of the form host/<fully-qualified-domain-name>@<Kerberos Realm>


enable configure ip vrf <name> interface <ip-interface> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Shutdown this IP interface

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ip vrf <name> route

COMMAND:
route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]

no route {default | default6 | <cidr-addr>} [<interface>]

DESCRIPTION:
Add/Delete IP routes

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<cidr-addr> [nnn.nnn.nnn.nnn/dd or nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn/ddd] - IP address/prefix length combination in CIDR form
default - default ipv4 route
default6 - default ipv6 route
<interface> [1..15 chars] - IP interface (for management VRF) or
physical interface (for msg-backbone VRF).
IP interface has format as
(eth<port>:<ip> | chassis/lag1:1
Examples: "eth1:1", "chassis/lag1:1"
Physical interface has format as
<cartridge>/<slot>/<port> |
<cartridge>/<slot>/lag<N>
Examples: "1/5/2", "1/6/lag1"
<ip-addr> [nnn.nnn.nnn.nnn or nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn] - IP address


enable configure jndi

COMMAND:
jndi message-vpn <vpn-name>
DESCRIPTION:
Use this command to configure standard Java Naming and Directory Interface (JNDI) objects Connection Factory, Topic, and Queue on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the JNDI is configured against.


enable configure jndi message-vpn <vpn-name> connection-factory

COMMAND:
[create | no] connection-factory <name>
DESCRIPTION:
Configure JNDI connection-factory object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The name of the JMS Connection Factory


enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list

COMMAND:
property-list <name>
DESCRIPTION:
Configure a property list of the object

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property-list name


enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the property-list

The default depends on the property name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure jndi message-vpn <vpn-name> queue

COMMAND:
[create | no] queue <name>
DESCRIPTION:
Configure JNDI queue object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Queue


enable configure jndi message-vpn <vpn-name> queue <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the object

The default depends on the property name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure jndi message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable/disable JNDI access for clients

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure jndi message-vpn <vpn-name> topic

COMMAND:
[create | no] topic <name>
DESCRIPTION:
Configure JNDI topic object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Topic


enable configure jndi message-vpn <vpn-name> topic <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the object

The default depends on the property name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure logging

COMMAND:
logging [command... | debug... | event | millisecond-timestamp]
DESCRIPTION:
Enter logging configuration mode, to configure command and debug logging parameters

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] command - Configure command logging
[no] debug - Configure debug logging
event - Enter system event configuration.
[no] millisecond-timestamp - Enables millisecond in logging record timestamp. The no version resets back to default.


enable configure logging command

COMMAND:
command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds}

no command {cli | semp-mgmt | semp-msgbus | all}

DESCRIPTION:
Configure command logging

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
all - Configure cli and semp command logging
all-cmds - log all commands to the command log
cli - Configure cli command logging
config-cmds - log only configuration commands
mode - Set the logging mode to one of the following:
semp-mgmt - Configure semp/mgmt command logging
semp-msgbus - Configure semp/msgbus command logging
shutdown - do not log any commands


enable configure logging debug

COMMAND:
debug {<subsystem-id> | all} [level <level>] [mask <mask>]

no debug {<subsystem-id> | all}

DESCRIPTION:
Configure debug logging

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
all - Configure all Sub System IDs at once
<level> [UNKNOWN | DEBUG | INFO | WARN | ERROR | FATAL | OFF] - Change the logging level for given Sub System ID
<mask> [string] - Change the mask for given Sub System ID
<subsystem-id> [string] - Sub System ID


enable configure logging event

COMMAND:
event [publish-system | system-tag...]
DESCRIPTION:
Enter system event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] publish-system - Enable system level event message publishing. The no version of the command disables system level event message publishing.
[no] system-tag - Configure a tag string to prefix system publish events.


enable configure logging event publish-system

COMMAND:
[no] publish-system
DESCRIPTION:
Enable system level event message publishing. The no version of the command disables system level event message publishing.

The default value is no publish-system.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure logging event system-tag

COMMAND:
system-tag <tag-string>

no system-tag

DESCRIPTION:
Configure a tag string to prefix system publish events.

The no version of the command returns its value to the default (no system-tag configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<tag-string> [0..32 chars] - String with no whitespace, '?', '*', or quote chars.


enable configure logging millisecond-timestamp

COMMAND:
[no] millisecond-timestamp
DESCRIPTION:
Enables millisecond in logging record timestamp. The no version resets back to default.

The default value is no millisecond-timestamp.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure management-message-vpn

COMMAND:
management-message-vpn <vpn-name>

no management-message-vpn

DESCRIPTION:
Designate this Message VPN as the management Message VPN for system level SEMP get requests and system level event publishing.

The no version of the command returns its value to the default (no management-message-vpn configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [0..32 chars] - The name of the message vpn to become the management message vpn


enable configure memory-event

COMMAND:
memory-event [nab-buffer-load-factor | physical-memory | subscriptions-memory]
DESCRIPTION:
Use this command to configure the threshold values for memory usage events on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
nab-buffer-load-factor - Configure the event for NAB buffer load factor.
physical-memory - Configure the event for physical memory utilization as percentage.
subscriptions-memory - Configure the event for subscriptions memory utilization as percentage.


enable configure memory-event nab-buffer-load-factor

COMMAND:
nab-buffer-load-factor [thresholds...]
DESCRIPTION:
Configure the event for NAB buffer load factor.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the NAB buffer load factor event


enable configure memory-event nab-buffer-load-factor thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the NAB buffer load factor event

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the nab-buffer-load-factor value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the nab-buffer-load-factor value


enable configure memory-event physical-memory

COMMAND:
physical-memory [thresholds...]
DESCRIPTION:
Configure the event for physical memory utilization as percentage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the physical memory utilization event.


enable configure memory-event physical-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the physical memory utilization event.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..100] - Threshold clear value.
<set-value> [0..100] - Threshold set value.


enable configure memory-event subscriptions-memory

COMMAND:
subscriptions-memory [thresholds...]
DESCRIPTION:
Configure the event for subscriptions memory utilization as percentage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the subscriptions memory utilization event


enable configure memory-event subscriptions-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the subscriptions memory utilization event

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..100] - Threshold clear value.
<set-value> [0..100] - Threshold set value.


enable configure message-spool

COMMAND:
message-spool message-vpn <vpn-name>
DESCRIPTION:
Use this command to configure message spool parameters for Guaranteed Messaging on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure message-spool message-vpn <vpn-name> event

COMMAND:
event [egress-flows | endpoints | ingress-flows | spool-usage | transacted-sessions | transactions]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress-flows - Enter the "egress-flows" mode.
endpoints - Enter the "endpoints" mode.
ingress-flows - Enter the "ingress-flows" mode.
spool-usage - Enter the "spool-usage" mode.
transacted-sessions - Enter the "transacted-sessions" mode.
transactions - Enter the "transactions" mode.


enable configure message-spool message-vpn <vpn-name> event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Enter the "egress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the egress flow count event of the Message VPN, relative to max-egress-flows.


enable configure message-spool message-vpn <vpn-name> event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the egress flow count event of the Message VPN, relative to max-egress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event endpoints

COMMAND:
endpoints [thresholds...]
DESCRIPTION:
Enter the "endpoints" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Queues and Topic Endpoints count event of the Message VPN, relative to max-endpoints.


enable configure message-spool message-vpn <vpn-name> event endpoints thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Queues and Topic Endpoints count event of the Message VPN, relative to max-endpoints.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Enter the "ingress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the ingress flow count event of the Message VPN, relative to max-ingress-flows.


enable configure message-spool message-vpn <vpn-name> event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the ingress flow count event of the Message VPN, relative to max-ingress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Message VPN, relative to max-spool-usage.


enable configure message-spool message-vpn <vpn-name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Message VPN, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Enter the "transacted-sessions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the transacted session count event of the Message VPN, relative to max-transacted-sessions.


enable configure message-spool message-vpn <vpn-name> event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transacted session count event of the Message VPN, relative to max-transacted-sessions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Enter the "transactions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the transaction count event of the Message VPN, relative to max-transactions.


enable configure message-spool message-vpn <vpn-name> event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transaction count event of the Message VPN, relative to max-transactions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> max-egress-flows

COMMAND:
max-egress-flows <value>

no max-egress-flows

DESCRIPTION:
The maximum number of transmit flows that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-endpoints

COMMAND:
max-endpoints <value>

no max-endpoints

DESCRIPTION:
The maximum number of Queues and Topic Endpoints that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-ingress-flows

COMMAND:
max-ingress-flows <value>

no max-ingress-flows

DESCRIPTION:
The maximum number of receive flows that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage by the Message VPN, in megabytes.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-transacted-sessions

COMMAND:
max-transacted-sessions <value>

no max-transacted-sessions

DESCRIPTION:
The maximum number of transacted sessions that can be created in the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..100000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-transactions

COMMAND:
max-transactions <value>

no max-transactions

DESCRIPTION:
The maximum number of transactions that can be created in the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..100000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue

COMMAND:
queue <name>

no queue <name>

create queue <name>

DESCRIPTION:
Create, modify, or delete a Queue.

A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Queue.
<size>*2
<value>*10
<value>*11
<value>*12
<value>*13
<value>*14
<value>*15
<value>*2
<value>*3
<value>*4
<value>*5
<value>*6
<value>*7
<value>*8
<value>*9


enable configure message-spool message-vpn <vpn-name> queue <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to consumer flows bound to the Queue.

The no version of the command returns its value to the default ("exclusive").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.


enable configure message-spool message-vpn <vpn-name> queue <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Queue.

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to max-bind-count.


enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Queue consumer flows event, relative to max-bind-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Enter the "reject-low-priority-msg-limit" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.


enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.


enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Queue.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Queue.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the Queue, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username that owns the Queue and has permission equivalent to "delete".

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<owner> [0..189 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all consumers of the Queue, excluding the owner.

The no version of the command returns its value to the default ("no-access").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
all - Apply to all other users excluding the owner.
consume - Consume (read and remove) messages.
delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
modify-topic - Consume messages or modify the topic/selector.
no-access - Disallows all access.
read-only - Read-only access to the messages.


enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable whether to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> queue <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). MQTT queues do not support enabling message priority.

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the transmission of messages from the Queue and the reception of messages to the Queue.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress - Enable the reception of messages to the Queue.
full - Enable transmission of messages from the Queue and the reception of messages to the Queue.
ingress - Enable the transmission of messages from the Queue.
( no ) egress - Disable the reception of messages to the Queue.
( no ) full - Disable transmission of messages from the Queue and the reception of messages to the Queue.
( no ) ingress - Disable the transmission of messages from the Queue.


enable configure message-spool message-vpn <vpn-name> queue <name> subscription

COMMAND:
[no] subscription topic <topic>
DESCRIPTION:
Create or delete a Queue Subscription.

One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - The topic of the Subscription.


enable configure message-spool message-vpn <vpn-name> replay-log

COMMAND:
[create | no] replay-log <name>
DESCRIPTION:
Create, modify, or delete a Replay Log.

When the Message Replay feature is enabled enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
Notes/Exceptions: global/read-write is required to create or delete instances of this object.
PARAMETERS:
<name> [1..185 chars] - The name of the Replay Log.


enable configure message-spool message-vpn <vpn-name> replay-log <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> replay-log <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the transmission of messages from the Replay Log and the reception of messages to the Replay Log.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress - Enable the reception of messages to the Replay Log.
full - Enable transmission of messages from the Replay Log and the reception of messages to the Replay Log.
ingress - Enable the transmission of messages from the Replay Log.
( no ) egress - Disable the reception of messages to the Replay Log.
( no ) full - Disable transmission of messages from the Replay Log and the reception of messages to the Replay Log.
( no ) ingress - Disable the transmission of messages from the Replay Log.


enable configure message-spool message-vpn <vpn-name> sequenced-topic

COMMAND:
[no] sequenced-topic <topic>
DESCRIPTION:
Create or delete a Sequenced Topic.

A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - Topic for applying sequence numbers.


enable configure message-spool message-vpn <vpn-name> topic-endpoint

COMMAND:
topic-endpoint <name>

no topic-endpoint <name>

create topic-endpoint <name>

DESCRIPTION:
Create, modify, or delete a Topic Endpoint.

A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..250 chars] - The name of the Topic Endpoint.
<size>*2
<value>*10
<value>*11
<value>*12
<value>*13
<value>*14
<value>*15
<value>*16
<value>*17
<value>*2
<value>*3
<value>*4
<value>*5
<value>*6
<value>*7
<value>*8
<value>*9


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to consumer flows bound to the Topic Endpoint.

The no version of the command returns its value to the default ("exclusive").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Topic Endpoint.

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Enter the "reject-low-priority-msg-limit" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Topic Endpoint.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the Topic Endpoint, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username which owns the Topic Endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<owner> [0..189 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all consumers of the Topic Endpoint, excluding the owner.

The no version of the command returns its value to the default ("no-access").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
all - Apply to all other users excluding the owner.
consume - Consume (read and remove) messages.
delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
modify-topic - Consume messages or modify the topic/selector.
no-access - Disallows all access.
read-only - Read-only access to the messages.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable if low priority messages are subject to reject-low-priority-msg-limit checking. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable whether to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.

The default value is no reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest).

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress - Enable the reception of messages to the Topic Endpoint.
full - Enable transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint.
ingress - Enable the transmission of messages from the Topic Endpoint.
( no ) egress - Disable the reception of messages to the Topic Endpoint.
( no ) full - Disable transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint.
( no ) ingress - Disable the transmission of messages from the Topic Endpoint.


enable configure message-vpn

COMMAND:
[create | no] message-vpn <vpn-name>
DESCRIPTION:
Create, modify, or delete a Message VPN.

Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
Notes/Exceptions: global/read-write is required to create or delete instances of this object.
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure message-vpn <vpn-name> authentication

COMMAND:
authentication [basic | client-certificate | kerberos | oauth]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
basic - Enter the "basic" mode.
client-certificate - Enter the "client-certificate" mode.
kerberos - Enter the "kerberos" mode.
oauth - Enter the "oauth" mode.


enable configure message-vpn <vpn-name> authentication basic

COMMAND:
basic [auth-type... | radius-domain... | shutdown]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
auth-type - The authentication mechanism to be used for basic authentication of clients connecting to this Message VPN.
[no] radius-domain - The RADIUS domain to use for basic authentication.
[no] shutdown - Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable.


enable configure message-vpn <vpn-name> authentication basic auth-type

COMMAND:
auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none }
DESCRIPTION:
The authentication mechanism to be used for basic authentication of clients connecting to this Message VPN.

The default is auth-type "radius".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
internal - Internal database.
ldap - LDAP authentication.
<ldap-profile> [1..32 chars] - LDAP profile name.
none - No authentication.
radius - RADIUS authentication.
<radius-profile> [1..32 chars] - RADIUS profile name.


enable configure message-vpn <vpn-name> authentication basic radius-domain

COMMAND:
radius-domain <radius-domain>

no radius-domain

DESCRIPTION:
The RADIUS domain to use for basic authentication.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<radius-domain> [0..64 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication basic shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate

COMMAND:
client-certificate [allow-api-provided-username | max-certificate-chain-depth... | revocation-check-mode... | shutdown | username-source... | validate-certificate-date]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] allow-api-provided-username - Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used.
[no] max-certificate-chain-depth - The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] revocation-check-mode - The desired behavior for client certificate revocation checking.
[no] shutdown - Enable or disable client certificate authentication in the Message VPN.
[no] username-source - The field from the client certificate to use as the client username.
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate.


enable configure message-vpn <vpn-name> authentication client-certificate allow-api-provided-username

COMMAND:
[no] allow-api-provided-username
DESCRIPTION:
Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used.

The default value is no allow-api-provided-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<max-depth> [0..8] - The value to set.


enable configure message-vpn <vpn-name> authentication client-certificate revocation-check-mode

COMMAND:
revocation-check-mode <permission>

no revocation-check-mode

DESCRIPTION:
The desired behavior for client certificate revocation checking.

The no version of the command returns its value to the default ("allow-valid").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<permission> [allow-all | allow-unknown | allow-valid] - The value to set.

allow-all - Allow the client to authenticate, the result of client certificate revocation check is ignored.

allow-unknown - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.

allow-valid - Allow the client to authenticate only when the revocation check returned an explicit positive response.


enable configure message-vpn <vpn-name> authentication client-certificate shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable client certificate authentication in the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate username-source

COMMAND:
username-source <source>

no username-source

DESCRIPTION:
The field from the client certificate to use as the client username.

The no version of the command returns its value to the default ("common-name").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<source> [common-name | subject-alternate-name-msupn] - The value to set.

common-name - The username is extracted from the certificate's Common Name.

subject-alternate-name-msupn - The username is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.


enable configure message-vpn <vpn-name> authentication client-certificate validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication kerberos

COMMAND:
kerberos [allow-api-provided-username | shutdown]
DESCRIPTION:
Enter the "kerberos" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] allow-api-provided-username - Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used.
[no] shutdown - Enable or disable Kerberos authentication in the Message VPN.


enable configure message-vpn <vpn-name> authentication kerberos allow-api-provided-username

COMMAND:
[no] allow-api-provided-username
DESCRIPTION:
Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used.

The default value is no allow-api-provided-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication kerberos shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Kerberos authentication in the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth

COMMAND:
oauth [default-provider... | provider... | shutdown]
DESCRIPTION:
Enter the "oauth" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] default-provider - The name of the provider to use when the client does not supply a provider name.
[create|no] provider - Manage OAuth providers.
[no] shutdown - Enable or disable OAuth authentication.


enable configure message-vpn <vpn-name> authentication oauth default-provider

COMMAND:
default-provider <provider>

no default-provider

DESCRIPTION:
The name of the provider to use when the client does not supply a provider name.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<provider> [0..31 chars] - The name of the OAuth provider.


enable configure message-vpn <vpn-name> authentication oauth provider

COMMAND:
[create | no] provider <provider>
DESCRIPTION:
Manage OAuth providers.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<provider> [1..31 chars] - The name of the OAuth provider.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> audience

COMMAND:
audience [claim | shutdown]
DESCRIPTION:
Enter the "audience" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
claim - Settings related to the audience claim.
[no] shutdown - Enable or disable audience validation.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> audience claim

COMMAND:
claim [name... | source... | value...]
DESCRIPTION:
Settings related to the audience claim.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] name - Which part of the object is used to determine the audience.
[no] source - Where to search for the audience value. If set to "access-token" or "id-token" the broker will decode the token as a JWT and it will be searched for the audience value. If set to "introspection", an introspection of the "access_token" will be performed and the result will be searched for the audience value.
[no] value - The required audience value for a token to be considered valid.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> audience claim name

COMMAND:
name <name>

no name

DESCRIPTION:
Which part of the object is used to determine the audience.

The no version of the command returns its value to the default ("aud").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..32 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> audience claim source

COMMAND:
source {access-token | id-token | introspection}

no source

DESCRIPTION:
Where to search for the audience value. If set to "access-token" or "id-token" the broker will decode the token as a JWT and it will be searched for the audience value. If set to "introspection", an introspection of the "access_token" will be performed and the result will be searched for the audience value.

The no version of the command returns its value to the default ("id-token").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
access-token - The OAuth v2 access_token.
id-token - The OpenID Connect id_token.
introspection - The introspection result that comes back from the introspection uri.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> audience claim value

COMMAND:
value <value>

no value

DESCRIPTION:
The required audience value for a token to be considered valid.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..32 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> audience shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable audience validation.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> authorization-group

COMMAND:
authorization-group [claim | shutdown]
DESCRIPTION:
Enter the "authorization-group" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
claim - Enter the "claim" mode.
[no] shutdown - Enable or disable OAuth based authorization. Enabling this overrides the configured authorization-type for OAuth clients.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> authorization-group claim

COMMAND:
claim [name... | source...]
DESCRIPTION:
Enter the "claim" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] name - Which part of the object is used to determine the authorization-group.
[no] source - Where to search for the authorization-group name. If set to "access-token" or "id-token" the broker will decode the token as a JWT and it will be searched for the authorization-group name. If set to "introspection", an introspection of the access token will be performed and the result will be searched for the authorization-group name.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> authorization-group claim name

COMMAND:
name <name>

no name

DESCRIPTION:
Which part of the object is used to determine the authorization-group.

The no version of the command returns its value to the default ("scope").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..32 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> authorization-group claim source

COMMAND:
source {access-token | id-token | introspection}

no source

DESCRIPTION:
Where to search for the authorization-group name. If set to "access-token" or "id-token" the broker will decode the token as a JWT and it will be searched for the authorization-group name. If set to "introspection", an introspection of the access token will be performed and the result will be searched for the authorization-group name.

The no version of the command returns its value to the default ("id-token").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
access-token - The OAuth v2 access_token.
id-token - The OpenID Connect id_token.
introspection - The introspection result that comes back from the introspection uri.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> authorization-group shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable OAuth based authorization. Enabling this overrides the configured authorization-type for OAuth clients.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> disconnect-on-token-expiration

COMMAND:
[no] disconnect-on-token-expiration
DESCRIPTION:
If true, clients will be disconnected when their tokens expire. This setting is only applied when clients connect. Changing this will not affect clients that are already connected.

The default value is disconnect-on-token-expiration.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> jwks

COMMAND:
jwks [refresh-interval... | uri...]
DESCRIPTION:
Enter the "jwks" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] refresh-interval - The number of seconds between forced public key refreshes.
[no] uri - The URI where the OAuth provider publishes its public keys.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> jwks refresh-interval

COMMAND:
refresh-interval <refresh-interval>

no refresh-interval

DESCRIPTION:
The number of seconds between forced public key refreshes.

The no version of the command returns its value to the default (86400).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<refresh-interval> [60..31536000]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> jwks uri

COMMAND:
uri <uri>

no uri

DESCRIPTION:
The URI where the OAuth provider publishes its public keys.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<uri> [0..2048 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable support for OAuth client authentication.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token

COMMAND:
token [ignore-time-limits | introspection]
DESCRIPTION:
Enter the "token" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] ignore-time-limits - If true, tokens will be accepted even if they are not valid yet, or are no longer valid.
introspection - Enter the "introspection" mode.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token ignore-time-limits

COMMAND:
[no] ignore-time-limits
DESCRIPTION:
If true, tokens will be accepted even if they are not valid yet, or are no longer valid.

The default value is no ignore-time-limits.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token introspection

COMMAND:
introspection [parameter-name... | password... | timeout... | uri... | username...]
DESCRIPTION:
Enter the "introspection" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] parameter-name - The parameter name used to identify the token during access_token introspection. A standards compliant OAuth introspection server expects "token".
[no] password - The password to use when logging into the introspection URI.
[no] timeout - The maximum time (in seconds) an introspection is allowed to take.
[no] uri - The introspection URI of the OAuth authentication server.
[no] username - The username to use when logging into the introspection URI.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token introspection parameter-name

COMMAND:
parameter-name <parameter-name>

no parameter-name

DESCRIPTION:
The parameter name used to identify the token during access_token introspection. A standards compliant OAuth introspection server expects "token".

The no version of the command returns its value to the default ("token").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<parameter-name> [0..32 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token introspection password

COMMAND:
password <password>

no password

DESCRIPTION:
The password to use when logging into the introspection URI.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<password> [0..64 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token introspection timeout

COMMAND:
timeout <timeout>

no timeout

DESCRIPTION:
The maximum time (in seconds) an introspection is allowed to take.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<timeout> [1..60]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token introspection uri

COMMAND:
uri <uri>

no uri

DESCRIPTION:
The introspection URI of the OAuth authentication server.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<uri> [0..2048 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> token introspection username

COMMAND:
username <username>

no username

DESCRIPTION:
The username to use when logging into the introspection URI.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<username> [0..32 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> username

COMMAND:
username [claim | validate]
DESCRIPTION:
Enter the "username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
claim - Enter the "claim" mode.
[no] validate - If true, API provided username will be validated against the username calculated from the token(s) and if they are different, the connection attempt will be rejected. If false, the username provided by the API is completely ignored.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> username claim

COMMAND:
claim [name... | source...]
DESCRIPTION:
Enter the "claim" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] name - Which part of the object is used to determine the username.
[no] source - Where to search for the username value. If set to "access-token" or "id-token" the broker will decode the token as a JWT and it will be searched for the username value. If set to "introspection", an introspection of the access token will be performed and the result will be searched for the username value.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> username claim name

COMMAND:
name <name>

no name

DESCRIPTION:
Which part of the object is used to determine the username.

The no version of the command returns its value to the default ("sub").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..32 chars]


enable configure message-vpn <vpn-name> authentication oauth provider <provider> username claim source

COMMAND:
source {access-token | id-token | introspection}

no source

DESCRIPTION:
Where to search for the username value. If set to "access-token" or "id-token" the broker will decode the token as a JWT and it will be searched for the username value. If set to "introspection", an introspection of the access token will be performed and the result will be searched for the username value.

The no version of the command returns its value to the default ("id-token").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
access-token - The OAuth v2 access_token.
id-token - The OpenID Connect id_token.
introspection - The introspection result that comes back from the introspection uri.


enable configure message-vpn <vpn-name> authentication oauth provider <provider> username validate

COMMAND:
[no] validate
DESCRIPTION:
If true, API provided username will be validated against the username calculated from the token(s) and if they are different, the connection attempt will be rejected. If false, the username provided by the API is completely ignored.

The default value is no validate.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable OAuth authentication.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authorization

COMMAND:
authorization [authorization-group... | authorization-type... | ldap]
DESCRIPTION:
Enter the "authorization" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] authorization-group - Create, modify, or delete a LDAP Authorization Group.

To use client authorization groups configured on an external LDAP server to provide client authorizations, LDAP Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the LDAP server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.
authorization-type - The authorization mechanism to be used for clients connecting to this Message VPN.
ldap - Enter the "ldap" mode.


enable configure message-vpn <vpn-name> authorization authorization-group

COMMAND:
[create | no] authorization-group <name>
DESCRIPTION:
Create, modify, or delete a LDAP Authorization Group.

To use client authorization groups configured on an external LDAP server to provide client authorizations, LDAP Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the LDAP server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..256 chars] - The name of the LDAP Authorization Group. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.


enable configure message-vpn <vpn-name> authorization authorization-group <name> acl-profile

COMMAND:
acl-profile <name>

no acl-profile

DESCRIPTION:
The ACL Profile of the LDAP Authorization Group.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure message-vpn <vpn-name> authorization authorization-group <name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the LDAP Authorization Group.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure message-vpn <vpn-name> authorization authorization-group <name> order

COMMAND:
order {before | after} <authorization-group-name>
DESCRIPTION:
Arrange the priority of this group relative to another group.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
after - Move current authorization group after existing authorization group name.
<authorization-group-name> [1..256 chars] - Authorization group name.
before - Move current authorization group before existing authorization group name.


enable configure message-vpn <vpn-name> authorization authorization-group <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the LDAP Authorization Group in the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authorization authorization-type

COMMAND:
authorization-type {ldap <ldap-profile> | internal }
DESCRIPTION:
The authorization mechanism to be used for clients connecting to this Message VPN.

The default is authorization-type "internal".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
internal - Use information from the internal client-username database to determine access.
ldap - LDAP authorization.
<ldap-profile> [1..32 chars] - LDAP profile name.


enable configure message-vpn <vpn-name> authorization ldap

COMMAND:
ldap [group-membership-attribute-name... | trim-client-username-domain]
DESCRIPTION:
Enter the "ldap" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] group-membership-attribute-name - The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN.
[no] trim-client-username-domain - Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurance of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed.


enable configure message-vpn <vpn-name> authorization ldap group-membership-attribute-name

COMMAND:
group-membership-attribute-name <attribute-name>

no group-membership-attribute-name

DESCRIPTION:
The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN.

The no version of the command returns its value to the default ("memberOf").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<attribute-name> [0..64 chars] - The value to set.


enable configure message-vpn <vpn-name> authorization ldap trim-client-username-domain

COMMAND:
[no] trim-client-username-domain
DESCRIPTION:
Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurance of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed.

The default value is no trim-client-username-domain.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> bridging

COMMAND:
bridging [ssl]
DESCRIPTION:
Enter the "bridging" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
ssl - Enter the "ssl" mode.


enable configure message-vpn <vpn-name> bridging ssl

COMMAND:
ssl [server-certificate-validation]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
server-certificate-validation - Enter the "server-certificate-validation" mode.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation

COMMAND:
server-certificate-validation [enforce-trusted-common-name | max-certificate-chain-depth... | validate-certificate-date]
DESCRIPTION:
Enter the "server-certificate-validation" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] enforce-trusted-common-name - Enable or disable validation of the Common Name (CN) in the server certificate from the remote broker. If enabled, the Common Name is checked against the list of Trusted Common Names configured for the Bridge.
[no] max-certificate-chain-depth - The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation enforce-trusted-common-name

COMMAND:
[no] enforce-trusted-common-name
DESCRIPTION:
Enable or disable validation of the Common Name (CN) in the server certificate from the remote broker. If enabled, the Common Name is checked against the list of Trusted Common Names configured for the Bridge.

The default value is enforce-trusted-common-name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<max-depth> [0..8] - The value to set.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> distributed-cache-management

COMMAND:
[no] distributed-cache-management
DESCRIPTION:
Enable or disable managing of cache instances over the message bus.

The default value is distributed-cache-management.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> dns

COMMAND:
dns [prefer-ip-version...]
DESCRIPTION:
Enter the "dns" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] prefer-ip-version - IP version to use if DNS lookup contains both an IPv4 and IPv6 address.


enable configure message-vpn <vpn-name> dns prefer-ip-version

COMMAND:
prefer-ip-version {ipv4 | ipv6}

no prefer-ip-version

DESCRIPTION:
IP version to use if DNS lookup contains both an IPv4 and IPv6 address.

The no version of the command returns its value to the default ("ipv6").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
ipv4 - Use IPv4 address when DNS lookup contains both an IPv4 and IPv6 address.
ipv6 - Use IPv6 address when DNS lookup contains both an IPv4 and IPv6 address.


enable configure message-vpn <vpn-name> dynamic-message-routing

COMMAND:
dynamic-message-routing [dmr-bridge... | shutdown]
DESCRIPTION:
Enter the "dynamic-message-routing" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] dmr-bridge - Create, modify, or delete a DMR Bridge.

A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.
[no] shutdown - Enable or disable Dynamic Message Routing (DMR) for the Message VPN.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge

COMMAND:
[create | no] dmr-bridge <remote-node-name>
DESCRIPTION:
Create, modify, or delete a DMR Bridge.

A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<remote-node-name> [1..64 chars] - The name of the node at the remote end of the DMR Bridge.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote

COMMAND:
remote [message-vpn...]
DESCRIPTION:
Enter the "remote" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] message-vpn - The remote Message VPN of the DMR Bridge.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote message-vpn

COMMAND:
message-vpn <vpn-name>

no message-vpn

DESCRIPTION:
The remote Message VPN of the DMR Bridge.

The no version of the command returns its value to the default (no message-vpn configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> dynamic-message-routing shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Dynamic Message Routing (DMR) for the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> event

COMMAND:
event [connections | egress-message-rate | ingress-message-rate | large-message-threshold... | log-tag... | publish-client | publish-message-vpn | publish-subscription... | publish-topic-format... | service | subscriptions]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.
egress-message-rate - Enter the "egress-message-rate" mode.
ingress-message-rate - Enter the "ingress-message-rate" mode.
[no] large-message-threshold - The threshold, in kilobytes, after which a message is considered to be large for the Message VPN.
[no] log-tag - A prefix applied to all published Events in the Message VPN.
[no] publish-client - Enable or disable Client level Event message publishing.
[no] publish-message-vpn - Enable or disable Message VPN level Event message publishing.
[no] publish-subscription - Enable or disable subscription level event message publishing. When enabling subscription level event message publishing, if the event topic format is not specified, it defaults to v1.
[no] publish-topic-format - Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.
service - Enter the "service" mode.
subscriptions - Enter the "subscriptions" mode.


enable configure message-vpn <vpn-name> event connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the client connection count event of the Message VPN, relative to max-connections.


enable configure message-vpn <vpn-name> event connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the client connection count event of the Message VPN, relative to max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event egress-message-rate

COMMAND:
egress-message-rate [thresholds...]
DESCRIPTION:
Enter the "egress-message-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the egress message rate event of the Message VPN.


enable configure message-vpn <vpn-name> event egress-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the egress message rate event of the Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event ingress-message-rate

COMMAND:
ingress-message-rate [thresholds...]
DESCRIPTION:
Enter the "ingress-message-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the receive message rate event of the Message VPN.


enable configure message-vpn <vpn-name> event ingress-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the receive message rate event of the Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event large-message-threshold

COMMAND:
large-message-threshold <size>

no large-message-threshold

DESCRIPTION:
The threshold, in kilobytes, after which a message is considered to be large for the Message VPN.

The no version of the command returns its value to the default (1024).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> event log-tag

COMMAND:
log-tag <tag-string>

no log-tag

DESCRIPTION:
A prefix applied to all published Events in the Message VPN.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<tag-string> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> event publish-client

COMMAND:
[no] publish-client
DESCRIPTION:
Enable or disable Client level Event message publishing.

The default value is no publish-client.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> event publish-message-vpn

COMMAND:
[no] publish-message-vpn
DESCRIPTION:
Enable or disable Message VPN level Event message publishing.

The default value is no publish-message-vpn.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> event publish-subscription

COMMAND:
publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}]

no publish-subscription

DESCRIPTION:
Enable or disable subscription level event message publishing. When enabling subscription level event message publishing, if the event topic format is not specified, it defaults to v1.

The default value is no publish-subscription.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
event-topic-format - Specify the format of the topic used for publishing the subscription event
no-unsubscribe-events-on-disconnect - Do not generate unsubscribe events for each of a client's subscriptions when the client disconnects
v1 - The publish topic is of form: #LOG/INFO/SUB_ADD|SUB_DEL/<subscribedTopic>
v2 - The publish topic is of form: #LOG/INFO/SUB/<routerName>/ADD|DEL/<vpnName>/<clientName>/<subscribedTopic>


enable configure message-vpn <vpn-name> event publish-topic-format

COMMAND:
publish-topic-format [smf] [mqtt]

no publish-topic-format

DESCRIPTION:
Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.

The default is publish-topic-format "smf".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
mqtt - publish MQTT topic format
smf - publish SMF topic format


enable configure message-vpn <vpn-name> event service

COMMAND:
service [amqp | mqtt | rest | smf | web-transport]
DESCRIPTION:
Enter the "service" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
amqp - Enter the "amqp" mode.
mqtt - Enter the "mqtt" mode.
rest - Enter the "rest" mode.
smf - Enter the "smf" mode.
web-transport - Enter the "web-transport" mode.


enable configure message-vpn <vpn-name> event service amqp

COMMAND:
amqp [connections]
DESCRIPTION:
Enter the "amqp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service amqp connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the AMQP client connection count event of the Message VPN, relative to service amqp max-connections.


enable configure message-vpn <vpn-name> event service amqp connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the AMQP client connection count event of the Message VPN, relative to service amqp max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service mqtt

COMMAND:
mqtt [connections]
DESCRIPTION:
Enter the "mqtt" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service mqtt connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the MQTT client connection count event of the Message VPN, relative to service mqtt max-connections.


enable configure message-vpn <vpn-name> event service mqtt connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the MQTT client connection count event of the Message VPN, relative to service mqtt max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service rest

COMMAND:
rest [incoming]
DESCRIPTION:
Enter the "rest" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
incoming - Enter the "incoming" mode.


enable configure message-vpn <vpn-name> event service rest incoming

COMMAND:
incoming [connections]
DESCRIPTION:
Enter the "incoming" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service rest incoming connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the incoming REST client connection count event of the Message VPN, relative to service rest incoming max-connections.


enable configure message-vpn <vpn-name> event service rest incoming connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the incoming REST client connection count event of the Message VPN, relative to service rest incoming max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service smf

COMMAND:
smf [connections]
DESCRIPTION:
Enter the "smf" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service smf connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the SMF client connection count event of the Message VPN, relative to service smf max-connections.


enable configure message-vpn <vpn-name> event service smf connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the SMF client connection count event of the Message VPN, relative to service smf max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..30000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..30000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service web-transport

COMMAND:
web-transport [connections]
DESCRIPTION:
Enter the "web-transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service web-transport connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Web Transport client connection count event of the Message VPN, relative to service web-transport max-connections.


enable configure message-vpn <vpn-name> event service web-transport connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Web Transport client connection count event of the Message VPN, relative to service web-transport max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event subscriptions

COMMAND:
subscriptions [thresholds...]
DESCRIPTION:
Enter the "subscriptions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the subscription count event of the Message VPN, relative to max-subscriptions.


enable configure message-vpn <vpn-name> event subscriptions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the subscription count event of the Message VPN, relative to max-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> export-policy

COMMAND:
export-policy [export-subscriptions]
DESCRIPTION:
Enter the "export-policy" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] export-subscriptions - Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links.


enable configure message-vpn <vpn-name> export-policy export-subscriptions

COMMAND:
[no] export-subscriptions
DESCRIPTION:
Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links.

The default value is no export-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of client connections to the Message VPN.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> max-subscriptions

COMMAND:
max-subscriptions <value>

no max-subscriptions

DESCRIPTION:
The maximum number of local client subscriptions (both primary and backup) that can be added to the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> mqtt

COMMAND:
mqtt [mqtt-session... | retain]
DESCRIPTION:
Enter the "mqtt" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] mqtt-session - Create, modify, or delete a MQTT Session.

An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages). On creation, the virtual router defaults to primary.
retain - Enter the "retain" mode.


enable configure message-vpn <vpn-name> mqtt mqtt-session

COMMAND:
mqtt-session <client-id> [primary | backup]

no mqtt-session <client-id> [primary | backup]

create mqtt-session <client-id> [primary | backup]

DESCRIPTION:
Create, modify, or delete a MQTT Session.

An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages). On creation, the virtual router defaults to primary.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
backup - The MQTT Session belongs to the backup virtual router.
<client-id> [1..128 chars] - The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.
primary - The MQTT Session belongs to the primary virtual router.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<owner> [0..189 chars] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue

COMMAND:
[create | no] queue
DESCRIPTION:
Enter the "queue" mode.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to consumer flows bound to the Queue.

The no version of the command returns its value to the default ("exclusive").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Queue.

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to max-bind-count.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Queue consumer flows event, relative to max-bind-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Enter the "reject-low-priority-msg-limit" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Queue.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Queue.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the Queue, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username that owns the Queue and has permission equivalent to "delete".

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<owner> [0..189 chars] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all consumers of the Queue, excluding the owner.

The no version of the command returns its value to the default ("no-access").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
all - Apply to all other users excluding the owner.
consume - Consume (read and remove) messages.
delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
modify-topic - Consume messages or modify the topic/selector.
no-access - Disallows all access.
read-only - Read-only access to the messages.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable whether to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the transmission of messages from the Queue and the reception of messages to the Queue.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress - Enable the reception of messages to the Queue.
full - Enable transmission of messages from the Queue and the reception of messages to the Queue.
ingress - Enable the transmission of messages from the Queue.
( no ) egress - Disable the reception of messages to the Queue.
( no ) full - Disable transmission of messages from the Queue and the reception of messages to the Queue.
( no ) ingress - Disable the transmission of messages from the Queue.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription

COMMAND:
[create | no] subscription <topic>
DESCRIPTION:
Create, modify, or delete a Subscription.

An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - The MQTT subscription topic.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription-list

COMMAND:
subscription-list qos <qos-value> [<topic-list>]
DESCRIPTION:
Create or delete multiple subscriptions for the MQTT Session. MQTT topic syntax is expected. The QoS value is either 0 (deliver at most once) or 1 (deliver at least once). When creating subscriptions (with +), the QoS of an existing subscription with the same topic will be changed to the new QoS value. When deleting subscriptions (with -), the QoS of each existing subscription must match for it to be removed.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<qos-value> [0..1] - Quality of service for the subscriptions
<topic-list> [2..251 chars starting with + or -] - List of +/- MQTT topics, space separated. Maximum of 32 topics.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription <topic> qos

COMMAND:
qos <qos-value>

no qos

DESCRIPTION:
The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<qos-value> [0..1] - The value to set.


enable configure message-vpn <vpn-name> mqtt retain

COMMAND:
retain [cache... | max-memory...]
DESCRIPTION:
Enter the "retain" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] cache - Create, modify, or delete a MQTT Retain Cache.

Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.
[no] max-memory - The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational.


enable configure message-vpn <vpn-name> mqtt retain cache

COMMAND:
[create | no] cache <cache-name>
DESCRIPTION:
Create, modify, or delete a MQTT Retain Cache.

Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.