Command Line Interface Reference (APPLIANCE)PurposeThis guide describes each of the commands available in the Solace Router Command Line Interface (CLI). The commands are listed separately for each CLI level.
The Solace Router CLI is the interface to the software that you use whenever you access Solace Systems routers, whether from the management console or through a remote network connection. The Solace router CLI, which automatically starts after the Solace routers finish powering up, provides commands that you use to perform various tasks, including configuring, monitoring and troubleshooting the software, network connectivity, and the router hardware.
ConventionsThe following conventions are used in the product documentation:
- In place of lengthy instructions, a condensed form is used:
ExampleClick File. Click New. becomes Click File > New.- "Click" means clicking the left mouse button. "Right-click" means clicking the right mouse button. If working with a left-handed mouse or a mouse with three buttons, make the necessary adjustments.
- Examples of CLI entries and responses are written in the following manner:
Examplesolace(config)#- When an item is enclosed with < > symbols, the information requested is a variable and required.
Exampleinterface <interface-id>- When an item is enclosed with [ ] symbols, the information requested is optional.
Exampleshow logging debug [<subsystem-id>]- When an item is enclosed by { } symbols, the information requested is a variable of which only one is required.
Exampleboot {<version> | backout}- When an item is not enclosed by < >, [ ], or { } symbols, the item is a required keyword.
Exampleshow csmp stats- When two or more options are separated by a | symbol, you may at most enter one of the options as part of the command.
Exampletree [all | global]CLI CommandsCLI Command Tree
[no] alarm-display cd [<directory>] dir [<pattern>] enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] clear-event <event-name> disconnect client <name> message-vpn <vpn-name> [primary] [backup] [static] clear-event <event-name> disconnect client-certificate-authority <ca-name> refresh-crl config-sync assert-leader {router | message-vpn <vpn-name>} resync-follower message-vpn <vpn-name> resync-leader {router | message-vpn <vpn-name>} cspf neighbor <physical-router-name> clear-event <event-name> delete-remote-router <router-name> disk rebuild rebuild-speed {high | low} distributed-cache <name> message-vpn <vpn-name> backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel] clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>] delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>] restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel] start [cache-cluster <cluster-name>] [cache-instance <instance-name>] gather-diagnostics [days-of-history <days-of-history>] interface <phy-interface> switch-active message-spool message-vpn <vpn-name> commit-transaction xid <xid> copy-message {source {{queue <queue-name>} | {topic-endpoint <te-name>} | {replay-log <replay-log-name>}}} {destination {{queue*2 <queue-name>*2} | {topic-endpoint*2 <te-name>*2}}} {message <replication-group-msg-id>} delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to <to-msg-id>]] delete-transacted-session <name> delete-transaction xid <xid> queue <name> cancel-replay [force-complete] start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg <replication-group-msg-id>}] replay-log <name> trim-logged-messages older-than-date <older-than-date> rollback-transaction xid <xid> sequenced-topic <topic> next-sequence-number <seq-num> topic-endpoint <name> cancel-replay [force-complete] start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg <replication-group-msg-id>}] [no] product-key <key-value> redundancy revert-activity semp-session session-username <username-pattern> [session-id <session-id-value>] delete system message-spool assert-disk-ownership backup-adb-to-disk defragment-spool-files {start | stop} override-flash-failure reset backup boot {<version> [default-config] | backout} clear bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] stats cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] stats client <name> [message-vpn <vpn-name>] [primary] [backup] [static] stats client-certificate-authority stats client-username <name> [message-vpn <vpn-name>] stats compression stats cspf neighbor <physical-router-name> stats stats ldap-profile <profile-name> stats log acl [client-connect | publish-topic | subscribe-topic] login diag no-subscription-match rest rest-delivery-point errors message-spool stats message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest {{rest-delivery-point <rdp-name> } | {rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ]}} stats*2} | {mqtt {mqtt-session <client-id-pattern> } [primary | backup | auto] stats*3} | oauth {{profile <profile>} } stats*4} oauth-profile <profile-name> stats queue <name> [message-vpn <vpn-name>] stats radius-profile <profile-name> stats replication stats smrp stats [router-name <router-name>] snmp stats stats client neighbor ssl topic-endpoint <name> [message-vpn <vpn-name>] stats configure [create|no] acl-profile <name> message-vpn <vpn-name> client-connect default-action {allow | disallow} [no] exception <cidr-addr> publish-topic default-action {allow | disallow} [no] exceptions [smf | mqtt] list <exception-list> subscribe-share-name default-action {allow | disallow} [no] exceptions [smf | mqtt] list <exception-list> subscribe-topic default-action {allow | disallow} [no] exceptions [smf | mqtt] list <exception-list> authentication access-level default global-access-level <access-level> message-vpn [create|no] access-level-exception <vpn-name> access-level <access-level> default-access-level <access-level> ldap [create|no] group <group-name> global-access-level <access-level> message-vpn [create|no] access-level-exception <vpn-name> access-level <access-level> default-access-level <access-level> [no] group-membership-attribute-name <attribute-name> [no] allow-direct-shell-login [<shell-login-name>] auth-type {radius <radius-profile> | ldap <ldap-profile> | internal} brute-force-protection [no] shutdown [create|no] client-certificate-authority <ca-name> [no] certificate {file <ca-certificate> | content <raw-data>} revocation-check crl [no] refresh-schedule [days <days-of-week> ] times <times-of-day> [no] url <url> ocsp [no] allow-non-responder-certificate [no] override-url <ocsp-override-url> [no] responder-common-name {empty | name <common-name>} [no] timeout <seconds> [no] shutdown client-certificate-revocation-checking <mode> kerberos keytab add-key <keytab-filename> [index <index>] delete-keytab-entry <index> [create|no] ldap-profile <profile-name> admin dn <admin-dn> [password <admin-password> ] [no] allow-unauthenticated-authentication group-membership-secondary-search base-dn <distinguished-name> deref {never | search | base | always} filter <filter> filter-attribute-from-primary-search <attribute-name> [no] follow-continuation-references scope {base | one-level | subtree} [no] shutdown timeout <duration> [no] ldap-server <ldap-host> index <server-index> search base-dn <distinguished-name> deref {never | search | base | always} filter <filter> [no] follow-continuation-references scope {base | one-level | subtree} timeout <duration> [no] shutdown [no] starttls [create|no] oauth-profile <oauth-profile> access-level default [no] global-access-level {none | read-only | mesh-manager | read-write | admin} message-vpn [create|no] access-level-exception <vpn-name> [no] access-level {none | read-only | read-write} [no] default-access-level {none | read-only | read-write} [create|no] group <group-name> [no] description <value> [no] global-access-level {none | read-only | mesh-manager | read-write | admin} message-vpn [create|no] access-level-exception <vpn-name> [no] access-level {none | read-only | read-write} [no] default-access-level {none | read-only | read-write} [no] access-level-groups-claim-name <value> [no] access-level-groups-claim-string-format {single | space-delimited} client {create|no} allowed-host <host> [create|no] authorization-parameter <param-name> [no] value <value> [no] redirect-uri <value> {create|no} required-claim <name> [no] required-type <value> [no] scope <value> [no] validate-type [no] client-id <value> [no] client-secret <value> [no] display-name <value> endpoints [no] authorization <value> [no] discovery <value> [no] discovery-refresh-interval <value> [no] introspection <value> [no] introspection-timeout <value> [no] jwks <value> [no] jwks-refresh-interval <value> [no] token <value> [no] token-timeout <value> [no] userinfo <value> [no] userinfo-timeout <value> [no] interactive [no] issuer <value> [no] oauth-role {client | resource-server} [no] prompt-for-expired-session <value> [no] prompt-for-new-session <value> [no] proxy <proxy-name> resource-server [no] parse-access-token [no] required-audience <value> {create|no} required-claim <name> [no] required-issuer <value> [no] required-scope <value> [no] required-type <value> [no] validate-audience [no] validate-issuer [no] validate-scope [no] validate-type [no] semp [no] shutdown [no] username-claim-name <value> [no] oauth-profile-default <value> [no] radius-domain <radius-domain> [create|no] radius-profile <profile-name> [no] radius-server <ip-port> index <server-index> [key <shared-secret-key> ] retransmit <attempts> [no] shutdown timeout <duration> [no] replace-duplicate-client-connections [create|no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto] [no] max-ttl <ttl-value> remote authentication auth-scheme {basic | client-certificate} basic [no] client-username <name> [password <password> ] client-certificate [no] certificate-file <filename> [file-contents <file-contents> ] deliver-to-one [no] priority <dto-priority> [create|no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface <phys-intf>]} [no] client-username <name> [password <password> ] [no] compressed-data [no] connect-order <number> message-spool [no] queue <name> [no] window-size <number> [no] shutdown [no] ssl unidirectional [no] client-profile <name> retry [no] count <count> [no] delay <seconds> [no] subscription-topic <topic> [deliver-always] [no] shutdown ssl [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] } [create|no] client-profile <name> message-vpn <vpn-name> [no] allow-bridge-connections [no] allow-shared-subscriptions compression [no] shutdown eliding [no] delay <milliseconds> [no] max-topics <num> [no] shutdown event client-provisioned-endpoint-spool-usage [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>] connections-per-client-username [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} egress-flows [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} endpoints-per-client-username [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} ingress-flows [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} service smf connections-per-client-username [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} web-transport connections-per-client-username [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} subscriptions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} transacted-sessions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} transactions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-connections-per-client-username <value> [no] max-subscriptions <value> message-spool [no] allow-guaranteed-endpoint-create [no] allow-guaranteed-endpoint-create-durability {all | durable | non-durable} [no] allow-guaranteed-message-receive [no] allow-guaranteed-message-send [no] allow-transacted-sessions api-queue-management [no] copy-from-template-on-create <queue-template-name> api-topic-endpoint-management [no] copy-from-template-on-create <topic-endpoint-template-name> [no] max-egress-flows <value> [no] max-endpoints-per-client-username <value> [no] max-ingress-flows <value> [no] max-messages-per-transaction <value> [no] max-transacted-sessions <value> [no] max-transactions <value> [no] reject-msg-to-sender-on-no-subscription-match queue <type> [no] max-depth <depth> [no] min-msg-burst <depth> replication [no] allow-clients-when-standby service [no] min-keepalive-timeout <seconds> smf [no] max-connections-per-client-username <value> [no] min-keepalive-enabled web-transport [no] inactive-timeout <seconds> [no] max-connections-per-client-username <value> [no] max-web-payload <bytes> ssl [no] allow-downgrade-to-plain-text tcp [no] initial-cwnd <num-mss> keepalive [no] count <num> [no] idle <seconds> [no] interval <seconds> [no] max-wnd <num-kilo-bytes> [no] mss <byte-count> [create|no] client-username <username> message-vpn <vpn-name> [no] acl-profile <name> [create|no] attribute <name> <value> [no] client-profile <name> [no] guaranteed-endpoint-permission-override [no] password <password> [no] shutdown [no] subscription-manager clock set <time> <day> <month> <year> synchronization [create|no] ntp-source <ip-addr> [no] nts [no] shutdown [no] protocol {ntp | ptp} [no] shutdown timezone <zone> compression mode {optimize-for-size | optimize-for-speed} config-sync authentication client-certificate [no] max-certificate-chain-depth <max-depth> [no] validate-certificate-date client-profile tcp [no] initial-cwnd <num-mss> keepalive [no] count <num> [no] idle <seconds> [no] interval <seconds> [no] max-wnd <num-kilo-bytes> [no] mss <byte-count> [no] shutdown [no] ssl synchronize [no] username console baud-rate <baud-rate> [no] login-banner {text <banner-text> | file <file-name> | default} timeout <idle-timeout> [create|no] distributed-cache <name> message-vpn <vpn-name> [create|no] cache-cluster <name> [create|no] cache-instance <name> [no] auto-start [no] shutdown [no] stop-on-lost-message [no] deliver-to-one-override event data-byte-rate [no] thresholds [set-value <set-value>] [clear-value <clear-value>] data-message-rate [no] thresholds [set-value <set-value>] [clear-value <clear-value>] max-memory [no] thresholds [set-value <set-value>] [clear-value <clear-value>] max-topics [no] thresholds [set-value <set-value>] [clear-value <clear-value>] request-queue-depth [no] thresholds [set-value <set-value>] [clear-value <clear-value>] request-rate [no] thresholds [set-value <set-value>] [clear-value <clear-value>] response-rate [no] thresholds [set-value <set-value>] [clear-value <clear-value>] global-caching [no] heartbeat <seconds> [create|no] home-cache-cluster <name> [no] topic-prefix <topic-prefix> [no] shutdown [no] topic-lifetime <seconds> [no] max-memory <megabytes> [no] max-messages-per-topic <num-messages> [no] max-topics <num-topics> [no] message-lifetime <seconds> [no] new-topic-advertisement [no] request-queue-depth <num-messages> [no] shutdown [no] topic <topic-str> [no] heartbeat <seconds> [no] scheduled-delete-message [days <days-of-week> ] times <times-of-day> [no] shutdown dns [no] name-server <ip-addr> [no] polled-domain-name <domain-name> [no] search-domain-list <domain-list> hardware disk <disk-name> [no-shutdown] [shutdown] message-spool defragment-spool-files schedule [no] days <days-of-week> [no] shutdown [no] times <times-of-day> threshold [no] fragmentation-percentage <percentage> [no] min-interval <interval> [no] shutdown [no] usage-percentage <percentage> [no] disk-array wwn <wwn> event cache-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} delivered-unacked [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>] disk-usage [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>] egress-flows [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} endpoints [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} ingress-flows [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} message-count [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>] spool-files [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>] spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} transacted-session-resources [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>] transacted-sessions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} transactions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] internal-disk [no] max-cache-usage <percent-usage> [no] max-spool-usage <size> [no] shutdown transaction [no] replication-compatibility-mode {legacy | transacted} [no] virtual-router-when-active-active {primary | backup} power-redundancy <type> [no] hostname <name> [defer] [create|no] interface <phy-interface> [<mode>] lacp rate {fast | slow} [no] member <phy-interface> [no] primary-member <phy-interface> [no] shutdown traffic-shaping egress [no] rate-limit <mbps> [no] shutdown ip vrf <name> [create|no] interface <ip-interface> [primary | backup | static] [no] ip-address <cidr-addr> kerberos [no] service-principal-name <name> [no] shutdown [no] route {default | default6 | <cidr-addr>} <ip-addr> [<interface>] jndi message-vpn <vpn-name> [create|no] connection-factory <name> property-list <name> [no] property <name> <value> [create|no] queue <name> [no] property <name> <value> [no] shutdown [create|no] topic <name> [no] property <name> <value> logging [no] command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds} [no] debug {<subsystem-id> | all} [level <level>] [mask <mask>] event [no] publish-system [no] system-tag <tag-string> facility event [no] message-format {text | json} system [no] message-format {text | json} [no] max-json-message-size <max-size> [no] millisecond-timestamp [no] retention {days <max-num-days> | max-size } [no] management-message-vpn <vpn-name> memory-event nab-buffer-load-factor [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>] subscriptions-load-factor [no] thresholds set-percentage <set-percentage> clear-percentage <clear-percentage> subscriptions-memory [no] thresholds [set-value <set-value>] [clear-value <clear-value>] message-spool message-vpn <vpn-name> event egress-flows [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} endpoints [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} ingress-flows [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} transacted-sessions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} transactions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-egress-flows <value> [no] max-endpoints <value> [no] max-ingress-flows <value> [no] max-spool-usage <size> [no] max-transacted-sessions <value> [no] max-transactions <value> [create|no] queue <name> [no] access-type {exclusive | non-exclusive} [no] consumer-ack-propagation [no] dead-message-queue <dmq-name> [no] delivery-count [no] delivery-delay <delay> event bind-count [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} reject-low-priority-msg-limit [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-bind-count <value> [no] max-delivered-unacked-msgs-per-flow <max> [no] max-message-size <size> [no] max-redelivery <value> [no] max-spool-usage <size> [no] max-ttl <ttl> [no] owner <owner> partition [no] count <num-partitions> rebalance [no] delay <seconds> [no] max-handoff-time <seconds> [no] permission all {no-access | read-only | consume | modify-topic | delete} [no] redelivery redelivery-delay [no] initial-interval <value> [no] max-interval <value> [no] multiplier <value> [no] shutdown [no] reject-low-priority-msg [no] reject-low-priority-msg-limit <limit> [no] reject-msg-to-sender-on-discard [including-when-shutdown] [no] respect-message-priority [no] respect-ttl [no] shutdown [ingress | egress | full] [no] subscription topic <topic> [create|no] queue-template <name> [no] access-type {exclusive | non-exclusive} [no] consumer-ack-propagation [no] dead-message-queue <dmq-name> [no] delivery-delay <delay> [no] durability-override {none | non-durable} event bind-count [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} reject-low-priority-msg-limit [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-bind-count <value> [no] max-delivered-unacked-msgs-per-flow <max> [no] max-message-size <size> [no] max-redelivery <value> [no] max-spool-usage <size> [no] max-ttl <ttl> [no] name-filter <name-filter> [no] permission all {no-access | read-only | consume | modify-topic | delete} [no] redelivery redelivery-delay [no] initial-interval <value> [no] max-interval <value> [no] multiplier <value> [no] shutdown [no] reject-low-priority-msg [no] reject-low-priority-msg-limit <limit> [no] reject-msg-to-sender-on-discard [including-when-shutdown] [no] respect-message-priority [no] respect-ttl [create|no] replay-log <name> [no] max-spool-usage <size> [no] shutdown [ingress | egress | full] topic-filter [no] shutdown [create|no] subscription <topic> [no] sequenced-topic <topic> [create|no] topic-endpoint <name> [no] access-type {exclusive | non-exclusive} [no] consumer-ack-propagation [no] dead-message-queue <dmq-name> [no] delivery-count [no] delivery-delay <delay> event bind-count [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} reject-low-priority-msg-limit [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-bind-count <value> [no] max-delivered-unacked-msgs-per-flow <max> [no] max-message-size <size> [no] max-redelivery <value> [no] max-spool-usage <size> [no] max-ttl <ttl> [no] owner <owner> [no] permission all {no-access | read-only | consume | modify-topic | delete} [no] redelivery redelivery-delay [no] initial-interval <value> [no] max-interval <value> [no] multiplier <value> [no] shutdown [no] reject-low-priority-msg [no] reject-low-priority-msg-limit <limit> [no] reject-msg-to-sender-on-discard [including-when-shutdown] [no] respect-message-priority [no] respect-ttl [no] shutdown [ingress | egress | full] [create|no] topic-endpoint-template <name> [no] access-type {exclusive | non-exclusive} [no] consumer-ack-propagation [no] dead-message-queue <dmq-name> [no] delivery-delay <delay> event bind-count [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} reject-low-priority-msg-limit [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-bind-count <value> [no] max-delivered-unacked-msgs-per-flow <max> [no] max-message-size <size> [no] max-redelivery <value> [no] max-spool-usage <size> [no] max-ttl <ttl> [no] name-filter <name-filter> [no] permission all {no-access | read-only | consume | modify-topic | delete} [no] redelivery redelivery-delay [no] initial-interval <value> [no] max-interval <value> [no] multiplier <value> [no] shutdown [no] reject-low-priority-msg [no] reject-low-priority-msg-limit <limit> [no] reject-msg-to-sender-on-discard [including-when-shutdown] [no] respect-message-priority [no] respect-ttl [create|no] message-vpn <vpn-name> authentication basic auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none } [no] radius-domain <radius-domain> [no] shutdown client-certificate [no] allow-api-provided-username matching-rules [create|no] rule <name> [create|no] attribute-filter <name> [no] attribute <value> [no] value <value> [create|no] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address} {{matches-attribute <attribute>} | {matches-expression <expression>}} [no] shutdown [no] shutdown [no] max-certificate-chain-depth <max-depth> [no] revocation-check-mode <permission> [no] shutdown [no] username-source <source> [no] validate-certificate-date kerberos [no] allow-api-provided-username [no] shutdown oauth [no] default-profile <value> [create|no] profile <profile> [no] authorization-groups-claim-name <value> [no] authorization-groups-claim-string-format {single | space-delimited} client [create|no] required-claim <name> [no] required-type <value> [no] validate-type [no] client-id <value> [no] client-secret <value> [no] disconnect-on-token-expiration endpoints [no] discovery <value> [no] discovery-refresh-interval <value> [no] introspection <value> [no] introspection-timeout <value> [no] jwks <value> [no] jwks-refresh-interval <value> [no] userinfo <value> [no] userinfo-timeout <value> [no] issuer <value> [no] mqtt-username-validate [no] oauth-role {client | resource-server} [no] proxy <proxy-name> resource-server [no] parse-access-token [no] required-audience <value> [create|no] required-claim <name> [no] required-issuer <value> [no] required-scope <value> [no] required-type <value> [no] validate-audience [no] validate-issuer [no] validate-scope [no] validate-type [no] shutdown [no] username-claim-name <value> [no] shutdown authorization [create|no] authorization-group <name> [no] acl-profile <name> [no] client-profile <name> order {before | after} <authorization-group-name> [no] shutdown authorization-type {ldap <ldap-profile> | internal } ldap [no] group-membership-attribute-name <attribute-name> [no] trim-client-username-domain bridging ssl server-certificate-validation [no] max-certificate-chain-depth <max-depth> [no] validate-certificate-date [no] validate-server-name dynamic-message-routing [create|no] dmr-bridge <remote-node-name> remote [no] message-vpn <vpn-name> [no] shutdown event connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} egress-message-rate [no] thresholds [set-value <set-value>] [clear-value <clear-value>] ingress-message-rate [no] thresholds [set-value <set-value>] [clear-value <clear-value>] [no] large-message-threshold <size> [no] log-tag <tag-string> [no] publish-client [no] publish-message-vpn [no] publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}] [no] publish-topic-format [smf] [mqtt] service amqp connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} mqtt connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} rest incoming connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} smf connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} web-transport connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} subscriptions [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} export-policy [no] export-subscriptions [no] max-connections <value> [no] max-subscriptions <value> mqtt [create|no] mqtt-session <client-id> [primary | backup | auto] [no] owner <owner> [create|no] queue [no] consumer-ack-propagation [no] dead-message-queue <dmq-name> event bind-count [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} reject-low-priority-msg-limit [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-bind-count <value> [no] max-delivered-unacked-msgs-per-flow <max> [no] max-message-size <size> [no] max-redelivery <value> [no] max-spool-usage <size> [no] max-ttl <ttl> [no] reject-low-priority-msg [no] reject-low-priority-msg-limit <limit> [no] reject-msg-to-sender-on-discard [including-when-shutdown] [no] respect-ttl [no] shutdown [create|no] subscription <topic> [no] qos <qos-value> subscription-list qos <qos-value> [<topic-list>] retain [create|no] cache <cache-name> [no] message-lifetime <seconds> [no] shutdown [no] max-memory <megabytes> [create|no] proxy <proxy-name> authentication [no] auth-scheme {none | basic} basic [no] password <value> [no] username <value> [no] host <value> [no] port <value> [no] proxy-type {direct | http} [no] shutdown replication ack-propagation interval [no] messages <num-messages> bridge authentication auth-scheme {basic | client-certificate} basic [no] client-username <name> [password <password> ] client-certificate [no] certificate-file <filename> [file-contents <file-contents> ] [no] compressed-data message-spool [no] window-size <number> [no] retry-delay <seconds> [no] ssl unidirectional [no] client-profile <name> queue [no] max-spool-usage <size> [no] reject-msg-to-sender-on-discard [no] reject-msg-when-sync-ineligible [create|no] replicated-topic <topic> [no] replication-mode {sync | async} [no] shutdown state {active | standby} [no] transaction-replication-mode {sync | async} rest [create|no] rest-delivery-point <name> [no] client-profile <name> [create|no] queue-binding <queue-name> gateway [no] replace-target-authority [no] post-request-target <post-request-target> [create|no] protected-request-header <header-name> [no] header-value <value> [create|no] request-header <header-name> [no] header-value <value> request-target-evaluation {none | substitution-expressions} [create|no] rest-consumer <name> authentication [no] auth-scheme {none | http-basic | client-certificate | http-header | oauth-client | oauth-jwt | transparent | aws} aws [no] access-key-id <access-key-id> [no] region <region> [no] secret-access-key <secret-access-key> [no] service <service> client-certificate [no] certificate-file <filename> [file-contents <file-contents> ] http-basic [no] username <name> [password <password> ] http-header [no] name <name> [no] value <http-header-value> oauth-client [no] client-id <client-id> [no] client-secret <client-secret> [no] proxy <proxy-name> [no] scope <scope> [no] token-endpoint <token-endpoint> [no] token-expiry-default <value> oauth-jwt {create|no} claim <name> [no] proxy <proxy-name> [no] secret-key <value> [no] token-endpoint <value> [no] token-expiry-default <value> local [no] interface <phys-intf> remote [no] host <dest-ip-addr-or-host> [no] http-method {post | put} [no] max-post-wait-time <seconds> [no] outgoing-connection-count <count> [no] port <port> [no] proxy <proxy-name> retry [no] delay <seconds> [no] ssl [no] shutdown ssl [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] } [no] service <value> [no] shutdown [no] vendor <value> ssl server-certificate-validation [no] max-certificate-chain-depth <max-depth> [no] validate-certificate-date [no] validate-server-name semp-over-msgbus admin-cmds client-cmds [no] shutdown distributed-cache-cmds [no] shutdown [no] shutdown legacy-show-clear-cmds [no] shutdown show-cmds [no] shutdown [no] shutdown service amqp [no] listen-port <port> [ssl] [no] max-connections <value> plain-text [no] shutdown ssl [no] shutdown mqtt authentication client-certificate [no] request-client-certificate {always | never | when-enabled-in-message-vpn} [no] listen-port <port> [ssl] [web] [no] max-connections <value> plain-text [no] shutdown ssl [no] shutdown websocket [no] shutdown websocket-secure [no] shutdown rest incoming authentication client-certificate [no] request-client-certificate {always | never | when-enabled-in-message-vpn} [no] authorization-header-handling {drop | forward | legacy} [no] listen-port <port> [ssl] [no] max-connections <value> plain-text [no] shutdown ssl [no] shutdown [no] mode {gateway | messaging} outgoing [no] max-connections <value> smf [no] max-connections <value> plain-text [no] shutdown ssl [no] shutdown web-transport authentication client-certificate [no] request-client-certificate {always | never | when-enabled-in-message-vpn} [no] max-connections <value> plain-text [no] shutdown ssl [no] shutdown [no] shutdown ssl [no] allow-downgrade-to-plain-text [create|no] telemetry-profile <telemetry-profile-name> queue event bind-count [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-bind-count <value> [no] max-spool-usage <value> receiver acl connect default-action {allow | disallow} [no] exception <cidr-addr> event connections-per-client-username [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-connections-per-client-username <value> [no] shutdown tcp [no] initial-cwnd <num-mss> keepalive [no] count <num> [no] idle <seconds> [no] interval <seconds> [no] max-wnd <num-kilo-bytes> [no] mss <byte-count> trace [create|no] filter <trace-filter-name> [no] shutdown [create|no] subscription <subscription> [smf | mqtt] send-spans [no] shutdown [no] shutdown mqtt retain [no] max-memory <megabytes> [create|no] proxy <proxy-name> authentication [no] auth-scheme {none | basic} basic [no] password <value> [no] username <value> [no] host <value> [no] port <value> [no] proxy-type {direct | http} [no] shutdown redundancy [no] active-standby-role {primary | backup | none } authentication pre-shared-key [no] key <pre-shared-key> [no] auto-revert [no] mate-router-name <name> [no] release-activity [no] shutdown vrrp [no] backup-vrid <vrid> [no] failover-criteria {any-fail | all-fail} [no] interface <phy-interface> [no] primary-vrid <vrid> replication config-sync bridge authentication auth-scheme {basic | client-certificate} [no] compressed-data message-spool [no] window-size <number> [no] retry-delay <seconds> [no] shutdown [no] ssl ssl-server-certificate-validation [no] max-certificate-chain-depth <max-depth> [no] validate-certificate-date [no] validate-server-name [no] interface <phys-intf> mate [no] connect-port <port> [compressed] [ssl] [no] virtual-router-name <virtual-router-name> connect-via <addr> ssl [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] } [no] router-name <name> [defer] routing dynamic-message-routing [create|no] cluster <cluster-name> authentication basic [no] auth-type {internal | none} [no] password <password> [no] shutdown client-certificate [no] certificate-file <filename> [file-contents <file-contents> ] matching-rules [create|no] rule <name> [create|no] attribute-filter <name> [no] attribute <value> [no] value <value> [create|no] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address} {{matches-attribute <attribute>} | {matches-expression <expression>}} [no] shutdown [no] shutdown [create|no] link <remote-node-name> [create|no] attribute <name> <value> authentication [no] auth-scheme {basic | client-certificate} basic [no] password <password> client-profile queue <type> [no] max-depth <depth> [no] min-msg-burst <depth> tcp [no] initial-cwnd <num-mss> keepalive [no] count <num> [no] idle <seconds> [no] interval <seconds> [no] max-wnd <num-kilo-bytes> [no] mss <byte-count> [no] connect-via <addr-port> [no] initiator {lexical | local | remote} message-spool [no] window-size <number> queue [no] dead-message-queue <dmq-name> event spool-usage [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] max-delivered-unacked-msgs-per-flow <max> [no] max-redelivery <value> [no] max-spool-usage <size> [no] max-ttl <ttl> [no] reject-msg-to-sender-on-discard [including-when-shutdown] [no] respect-ttl retry [no] count <count> [no] delay <seconds> [no] shutdown [no] span {internal | external} transport [no] compressed [no] ssl [no] shutdown ssl server-certificate-validation [no] max-certificate-chain-depth <max-depth> [no] validate-certificate-date [no] validate-server-name [no] interface <phy-interface> [no] mode {dynamic-message-routing | multi-node-routing} [defer] multi-node-routing cspf [create|no] neighbor <physical-router-name> [no] compressed-data [no] connect-via <ip-port> [no] control-port <port> [no] link-cost <cost> [no] shutdown ssl [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] } [no] trusted-common-name {empty | name <common-name>} [no] ssl-data tcp [no] initial-cwnd <num-mss> keepalive [no] count <num> [no] idle <seconds> [no] interval <seconds> [no] max-wnd <num-kilo-bytes> [no] mss <byte-count> queue [no] max-depth <depth> [no] min-msg-burst <depth> ssl certificate-validation [no] max-certificate-chain-depth <max-depth> [no] validate-certificate-date [no] validate-server-name client-certificate [no] certificate-file <filename> [file-contents <file-contents> ] [no] shutdown schedule [no] backup [days <days-of-week>] times <times-of-day> [max-backups <max-backups>] service amqp [no] listen-port <port> [ssl] [no] shutdown event connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} health-check [no] listen-port <port> [ssl] [no] shutdown [plain-text] [ssl] mqtt [no] shutdown msg-backbone [no] shutdown rest event outgoing connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} incoming [no] shutdown outgoing [no] shutdown semp cors [no] allow-any-host [no] legacy-timeout [no] listen-port <port> [ssl] [no] session-idle-timeout <value> [no] session-max-lifetime <value> [no] shutdown [plain-text] [ssl] smf event connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [no] listen-port <port> [compressed] [routing-control] [ssl] [no] shutdown ssl event connections [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]} [create|no] virtual-hostname <name> [no] message-vpn <vpn-name> [no] shutdown web-transport [no] listen-port <port> [ssl] [no] shutdown [no] web-url-suffix <suffix> [no] snmp-server [no] community <name> group <group> [no] contact <name> [no] group <name> {v2c | v3 {auth | noauth | priv}} [no] host <ip-addr> traps [{v2c | v3 {{auth | noauth | priv} user <name>}}] [port <port>] [community <community-name>] [no] location <name> [no] shutdown [no] trap connections [no] shutdown [no] thresholds [set-value <set-value>] [clear-value <clear-value>] disk-utilization [disk <disk-name>] [no] shutdown [no] thresholds [set-value <set-value>] [clear-value <clear-value>] egress-msg-rate [no] shutdown [no] thresholds [set-value <set-value>] [clear-value <clear-value>] fan-speed [no] shutdown ingress-msg-rate [no] shutdown [no] thresholds [set-value <set-value>] [clear-value <clear-value>] power-status [no] shutdown [no] shutdown subscriptions [no] shutdown [no] thresholds [set-value <set-value>] [clear-value <clear-value>] temperature [no] shutdown voltage [no] shutdown [no] user <name> group <group> {password <password> } ssl [no] allow-tls-version-1.0 [no] allow-tls-version-1.1 cipher-suite [no] management {default | empty | name <suite-name> [{before | after} <existing-suite-name>] } [no] msg-backbone {default | empty | name <suite-name> [{before | after} <existing-suite-name>] } [no] ssh {default | empty | name <suite-name> [{before | after} <existing-suite-name>] } [no] crime-exploit-protection [create|no] domain-certificate-authority <ca-name> [no] certificate {file <ca-certificate> | content <raw-data>} [no] server-certificate <filename> [file-contents <file-contents> ] [no] standard-domain-certificate-authorities [no] tls-session-timeout <seconds> [create|no] syslog <name> [no] facility {command | event | system } [no] host <hostname-or-address> [transport {tcp | udp | tls}] system topic-routing [no] subscription-exceptions [defer] [create|no] username <name> [no] change-password <password> global-access-level <access-level> message-vpn [create|no] access-level-exception <vpn-name> access-level <access-level> default-access-level <access-level> rename <name> web-manager [no] allow-unencrypted-wizards redirect-http [no] override-ssl-port <port> [no] shutdown copy <source> <destination> delete <file> delete-load <version> disable disconnect sessionid <session-id> power-down reload [default-config | config <config-file>] rename <old> <new> setup shell <reason> end exit help home logout more <pattern> [no] paging [size <size>] ping <vrf-ip-addr-or-host> [ip-interface <ip-interface>] ping6 <ip-addr> [ip-interface <ip-interface>] pwd session timeout <idle-timeout> show acl-profile <name> [message-vpn <vpn-name>] [{detail [[client-connect ] [publish-topic] [subscribe-topic] [subscribe-share-name] ]} | {users } ] alarm authentication [user-class cli-semp] [{current-user } | access-level [{default | ldap [group <group-name-pattern>]}] [detail ]] backup bridge <bridge-name-pattern> [message-vpn <vpn-name-pattern>] [remote-message-vpn <remote-vpn-name-pattern>] [remote-router-name <remote-router-name-pattern>] [connect-via <addr-port>] [primary | backup | auto] [subscriptions [local | remote] | stats [queues] | connections [wide] | detail | message-spool-stats | ssl | client-certificate] cache-cluster <name> [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | topics [filter <topic-pattern>] [type {local | global [home-cache-cluster <home-cache-cluster-name>]}] ] cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | remote {status | home-cache-clusters [<home-cluster-name>] | topics [detail*2] [filter <topic-pattern> ] [type {local | global}] }] client <name> [client-username <username>] [message-vpn <vpn-name>] [authorization-group <group-name>] [{[{stats [congestion | queues]} | {connections [wide]}] } | {subscriptions [{subscription <subscription-name>}]} | {{message-spool | message-spool-stats | {transaction-stats [session <session-id>]}} [{{ingress | egress }} [flow <flow-id>]] } | {transacted-session [{session*2 <session-name>}]} | {sorted-stats [<stats-to-show>] [sort-by <stats-to-sort-by>] [clear-high-water-marks]} | web-transport ] [detail] [primary] [backup] [static] [slow-subscriber] [connected | disconnected] client-certificate-authority {ca-name <ca-name> [cert [raw-content] | crl | stats | detail] [count <num-elements>] | stats*2} client-profile <name> [message-vpn <vpn-name>] [detail] client-username <name> [message-vpn <vpn-name>] [authorization-group <group-name>] [stats | detail ] clock [{detail | {timezones [<pattern>]} | {synchronization ntp-source <host>}}] cluster <cluster-name-pattern> [detail | link <link-name-pattern> [detail*2 | client-profile | queue | ssl | channel [message-vpn <vpn-name>] [detail*3] ] ] compression config-sync [database [router | message-vpn <vpn-name>] [detail | remote] [count <num-elements>]] console [login-banner] cspf database neighbor <physical-router-name> [stats [queues | detail] | connections [wide] | detail*2] queue route [destination <router-destination>] [source <router-source>] ssl stats current-config all [redact] message-vpn <vpn-name> [redact] [remove] debug [process-name <process-name>] [process-instance <process-instance>] [timeout <seconds>] <command> [<parameter-list>] deferred-config disk [detail] distributed-cache {<name> [message-vpn <vpn-name>] [detail] | summary} dns domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>] environment hardware [details | post] home-cache-cluster <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] hostname interface [<phy-interface>] [detail] ip route vrf [<name> [link-local-address | {route | interface <interface-pattern>} [detail]]] jndi connection-factory <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail] object <name> [message-vpn <vpn-name>] queue <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail] schema [connection-factory | topic | queue] summary [message-vpn <vpn-name>] topic <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail] kerberos [{keytab | keytab-file <file-name>} [detail]] ldap-profile <profile-name> [detail | [index <server-index>] stats | users] log acl [client-connect | publish-topic | subscribe-topic] [client-username <username>] [message-vpn <vpn-name>] [wide] command [lines <num-lines>] [find <search-string>] debug [lines <num-lines>] [find <search-string>] event [lines <num-lines>] [find <search-string>] login diag [wide] no-subscription-match [client-username <username>] [client-name <name>] [message-vpn <vpn-name>] [wide] rest rest-delivery-point errors [wide] system [lines <num-lines>] [find <search-string>] logging command config debug [<subsystem-id>] event memory message-spool [message-vpn <vpn-name> [sort-by-messages-spooled]] [stats | detail | rates ] message-vpn <vpn-name> {[[detail | stats [detail*2] | service [stats*2]] | subscriptions [primary] [backup] [static] ] | proxy <proxy-name> [detail*3] | replication [stats*3 | detail*4 | client-certificate] | rest [{rest-delivery-point <rdp-name> [stats*4 | queue-binding <queue-binding-name> [request-header <header-name> ] [protected-request-header <header-name>*2 ]] [count*3 <num-elements>*3] [detail*5] | rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ] [stats*5 | outgoing-connections [tcp [wide]] | authentication [{oauth-jwt-claim <oauth-jwt-claim-name> }] | client-certificate*2 | ssl | detail*6] [count*4 <num-elements>*4] }] | authorization [authorization-group <name> [detail*7]] [count*5 <num-elements>*5] | mqtt [{mqtt-session <client-id-pattern> [owner <owner-pattern>] [auto] [primary*2] [backup*2] [detail*8 | subscriptions*2 [qos <qos-value>] | stats*6 | client | queue]} | {retain {cache <cache-name> [detail*9]}}] | bridging | dynamic-message-routing [dmr-bridge <remote-node-name-pattern> ] | oauth {{profile <profile> [client*2 required-claim <required-claim-name-pattern> | resource-server required-claim*2 <required-claim-name-pattern>*2 ]} } [detail*10 [stats*7]] | telemetry-profile <telemetry-profile-name> [{receiver acl connect exception <cidr-addr>} | {trace filter <filter-name> [subscription <subscription-name> [smf | mqtt*2] ]}] } mqtt oauth-profile <profile-name-pattern> [access-level [{default | group <group-name-pattern> } ] [detail] | client {allowed-host <allowed-host-name-pattern> | authorization-parameter <authorization-parameter-name-pattern> | required-claim <required-claim-name-pattern> } | resource-server {required-claim*2 <required-claim-name-pattern>*2 } | detail*2 | stats] paging process [pid <pid>] product-key proxy <proxy-name> [detail] queue <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] | subscriptions | rates | sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue <dmq-filter> [dmq-list] | replay | partitions] [durable | non-durable] [detail] [replay-state {initializing | active | pending-complete | failed | all}] [count <num-elements>] queue-template <name> [message-vpn <vpn-name>] [detail] radius-profile <profile-name> [detail | stats] redundancy [detail] replay-log <name> [message-vpn <vpn-name>] [messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] [detail] | topic-filters ] [count <num-elements>] replicated-topic <topic> [message-vpn <vpn-name>] [replication-mode {sync | async}] [count <num-elements>] replication [stats] router-name routing semp-session [<username-pattern>] [session-id <id-pattern>] [count <num-elements>] sequenced-topic <topic> [message-vpn <vpn-name>] [count <num-elements>] service [web-transport | {virtual-hostname <hostname-name> } | semp] session smrp database [router-name <router-name>] [detail] route topic <topic-string> [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] [backup] [static] [persistent | non-persistent] stats [router-name [<router-name>]] subscription-block [router-name <router-name>] [block-id <block-id>] [message-vpn <vpn-name>] [persistent | non-persistent] [detail] subscriptions [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] [backup] [static] [{[dto-priority <priority>] [topic <topic-str>] [persistent | non-persistent] } | {summary }] snmp [trap [<name>]] ssl allow-tls-version certificate-files [filename <filename>] [detail] cipher-suite-list {default | management [default*2] | msg-backbone [default*3] | ssh [default*4]} crime-exploit-protection server-certificate [detail] standard-domain-certificate-authorities supported-cipher-suites [{management | msg-backbone | ssh}] supported-tls-versions tls-session-timeout standard-domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>] stats client [detail] neighbor [detail] ssl syslog [<name>] system [detail | post] telemetry topic-endpoint <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] | topics | rates | sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue <dmq-filter> [dmq-list] | replay] [durable | non-durable] [replay-state {initializing | active | pending-complete | failed | all}] [detail] [flow <flow-id>] [count <num-elements>] topic-endpoint-template <name> [message-vpn <vpn-name>] [detail] transaction [xid <xid>] [message-vpn <vpn-name>] [state <transaction-state>] [replicated] [detail | sort-by-last-state-change | sort-by-messages-spooled] [count <num-elements>] username <username-pattern> [detail] version web-manager source script <script-name> [stop-on-error] [no-prompt] [no] strict-column-wrapping tree [all | global]alarm-display
COMMAND:[no] alarm-displayDESCRIPTION:Use this command to enable the display of system alarms in the current CLI session on a session-by-session basis. The no version disables the displaying of router system alarms in the current CLI session.
The default value is no alarm-display.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. cd
COMMAND:cd [<directory>]DESCRIPTION:Use this command to change the current working directory on the router.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<directory> [0..255 chars] - directory to change to. If no directory is specified the root ('/') directory is assumed dir
COMMAND:dir [<pattern>]DESCRIPTION:Use this command to list the contents of a directory on the router.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<pattern> [0..255 chars] - file(s)/directory(s) to display. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files. enable
COMMAND:enableDESCRIPTION:Use this command to enter the Privileged EXEC level of the CLI to perform router configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. enable admin
COMMAND:adminDESCRIPTION:Use this command to reach the Admin EXEC level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
This command does not take any parameters. enable admin bridge
COMMAND:bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto]DESCRIPTION:Enter bridge admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is auto. backup - Only bridges of the backup virtual router. Default is auto. <bridge-name-pattern> [1..300 chars] - Bridge name; may contain wildcard characters * or ? primary - Only bridges of the primary virtual router. Default is auto. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> clear-event
COMMAND:clear-event <event-name>DESCRIPTION:Clear an event for the Bridge so it can be generated anew.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<event-name> [0..12 chars] - The name of the event. enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> disconnect
COMMAND:disconnectDESCRIPTION:Disconnect one or more bridges
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable admin client
COMMAND:client <name> message-vpn <vpn-name> [primary] [backup] [static]DESCRIPTION:Enter client admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
backup - Only clients of the backup virtual router <name> [1..160 chars] - Client name; may contain wildcard characters * or ? primary - Only clients of the primary virtual router static - Only clients of the static virtual router <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable admin client <name> message-vpn <vpn-name> clear-event
COMMAND:clear-event <event-name>DESCRIPTION:Clear the specified one shot event so that it can be generated anew.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<event-name> [0..18 chars] - The name of the one shot event enable admin client <name> message-vpn <vpn-name> disconnect
COMMAND:disconnectDESCRIPTION:Disconnect one or more clients
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable admin client-certificate-authority
COMMAND:client-certificate-authority <ca-name>DESCRIPTION:Enter client-certificate-authority admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<ca-name> [1..64 chars] - The name of the certificate authority. enable admin client-certificate-authority <ca-name> refresh-crl
COMMAND:refresh-crlDESCRIPTION:Refresh the CRL file for the Client Certificate Authority.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable admin config-sync
COMMAND:config-sync [assert-leader... | resync-follower... | resync-leader...]DESCRIPTION:Enter config-sync admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
assert-leader - Assert leadership of the specified config-sync table, forcing any other leader's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a leader for the selected table. resync-follower - Resync the selected table, forcing this follower's content to be overwritten with that from a leader. Config-sync must be a follower for the selected table. resync-leader - Resync the selected table, forcing this leader's content to be overwritten with that from another leader. Config-sync must be a leader for the selected table. enable admin config-sync assert-leader
COMMAND:assert-leader {router | message-vpn <vpn-name>}DESCRIPTION:Assert leadership of the specified config-sync table, forcing any other leader's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a leader for the selected table.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-write
Notes/Exceptions: global/rw is required to run this command with the router parameter.PARAMETERS:
router - Assert leadership for the router table <vpn-name> [1..32 chars] - Assert leadership for the named message-vpn table; may contain wildcard characters * or ? enable admin config-sync resync-follower
COMMAND:resync-follower message-vpn <vpn-name>DESCRIPTION:Resync the selected table, forcing this follower's content to be overwritten with that from a leader. Config-sync must be a follower for the selected table.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ? enable admin config-sync resync-leader
COMMAND:resync-leader {router | message-vpn <vpn-name>}DESCRIPTION:Resync the selected table, forcing this leader's content to be overwritten with that from another leader. Config-sync must be a leader for the selected table.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-write
Notes/Exceptions: global/rw is required to run this command with the router parameter.PARAMETERS:
router - Resync content for the router table <vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ? enable admin cspf
COMMAND:cspf [neighbor...]DESCRIPTION:Enter cspf admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
neighbor - Enter neighbor admin mode enable admin cspf neighbor
COMMAND:neighbor <physical-router-name>DESCRIPTION:Enter neighbor admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ? enable admin cspf neighbor <physical-router-name> clear-event
COMMAND:clear-event <event-name>DESCRIPTION:Clear the specified one shot event so that it can be generated anew.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<event-name> [0..22 chars] - The name of the one shot event. enable admin delete-remote-router
COMMAND:delete-remote-router <router-name>DESCRIPTION:Delete remote router from the SMRP and/or Message Spool database and remove all subscriptions (persistent and non-persistent) received from it
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ? enable admin disk
COMMAND:diskDESCRIPTION:Enter disk admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable admin disk rebuild
COMMAND:rebuildDESCRIPTION:Trigger a disk rebuild after disk replacement
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable admin disk rebuild-speed
COMMAND:rebuild-speed {high | low}DESCRIPTION:Configure speed at which disk is rebuilt after disk replacement
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
high - Rebuild at high speed. low - Rebuild at low speed (default). enable admin distributed-cache
COMMAND:distributed-cache <name> message-vpn <vpn-name>DESCRIPTION:Enter distributed-cache admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<name> [1..200 chars] - The distributed-cache name. Must be a valid topic without hierarchy, whitespace, or ?. <vpn-name> [1..32 chars] - The message VPN name. enable admin distributed-cache <name> message-vpn <vpn-name> backup-cached-messages
COMMAND:backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]DESCRIPTION:Backup cached messages of the selected cache-instance to disk
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
cancel - Cancel the backup/restore operation currently in progress <filename> [1..255 chars] - Filename for backup/restore of cached messages <instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?. enable admin distributed-cache <name> message-vpn <vpn-name> clear-event
COMMAND:clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>]DESCRIPTION:Clear an event of selected cache-instances
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? <event-name> [lost-message] - Name of the event, or ? <instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ? enable admin distributed-cache <name> message-vpn <vpn-name> delete-messages
COMMAND:delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>]DESCRIPTION:Delete message contents covered by given topic in selected cache-instances
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? <instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ? <topic> [1..250 chars] - Delete messages covered by this topic enable admin distributed-cache <name> message-vpn <vpn-name> restore-cached-messages
COMMAND:restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]DESCRIPTION:Restore cached messages for the selected cache-instance from disk
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
cancel - Cancel the backup/restore operation currently in progress <filename> [1..255 chars] - Filename for backup/restore of cached messages <instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?. enable admin distributed-cache <name> message-vpn <vpn-name> start
COMMAND:start [cache-cluster <cluster-name>] [cache-instance <instance-name>]DESCRIPTION:Start selected cache instances
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? <instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ? enable admin gather-diagnostics
COMMAND:gather-diagnostics [days-of-history <days-of-history>]DESCRIPTION:Gather a number of diagnostic files and command output into a single diagnostics file
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<days-of-history> [1..65535] - Number of days of history that should be gathered for diagnostics. Default is 1. enable admin interface
COMMAND:interface <phy-interface>DESCRIPTION:Enter interface admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"enable admin interface <phy-interface> switch-active
COMMAND:switch-activeDESCRIPTION:switch active link
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable admin message-spool
COMMAND:message-spool message-vpn <vpn-name>DESCRIPTION:Enter message spool admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the message-spool belongs to enable admin message-spool message-vpn <vpn-name> commit-transaction
COMMAND:commit-transaction xid <xid>DESCRIPTION:Commit the transaction identified by the XID. The transaction is heuristically committed and thus is not deleted upon completing the commit. To delete, use the delete-transaction command.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ? enable admin message-spool message-vpn <vpn-name> copy-message
COMMAND:copy-message {source {{queue <queue-name>} | {topic-endpoint <te-name>} | {replay-log <replay-log-name>}}} {destination {{queue*2 <queue-name>*2} | {topic-endpoint*2 <te-name>*2}}} {message <replication-group-msg-id>}DESCRIPTION:Copy spooled message from one endpoint to another.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<queue-name> [1..200 chars] - Queue name <queue-name>*2 - Queue name <replay-log-name> [1..185 chars] - Replay Log Name <replication-group-msg-id> [41..41 chars] - Replication Group Message ID of message to be copied <te-name> [1..250 chars] - Topic Endpoint name <te-name>*2 - Topic Endpoint name enable admin message-spool message-vpn <vpn-name> delete-messages
COMMAND:delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to <to-msg-id>]]DESCRIPTION:Delete spooled messages
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<msg-id> [1..18446744073709551615] - Message id to be deleted <queue-name> [1..200 chars] - Queue name; may contain wildcard characters * or ? <te-name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ? <to-msg-id> [1..18446744073709551615] - End of range of message ids to be deleted enable admin message-spool message-vpn <vpn-name> delete-transacted-session
COMMAND:delete-transacted-session <name>DESCRIPTION:Delete the transacted-session identified by the name. The client that is connected to the session is disconnected, and all transactions associated with the session are rolled back and deleted.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..63 chars] - Transacted session name; may contain wildcard characters * or ? enable admin message-spool message-vpn <vpn-name> delete-transaction
COMMAND:delete-transaction xid <xid>DESCRIPTION:Delete the transaction identified by the XID. The transaction must be in the Heuristically Completed state.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ? enable admin message-spool message-vpn <vpn-name> queue
COMMAND:queue <name>DESCRIPTION:Enter message spool queue admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..200 chars] - Queue name enable admin message-spool message-vpn <vpn-name> queue <name> cancel-replay
COMMAND:cancel-replay [force-complete]DESCRIPTION:Cancel all replays to this queue
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
force-complete - force cancellation without waiting for client unbind ack enable admin message-spool message-vpn <vpn-name> queue <name> start-replay
COMMAND:start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg <replication-group-msg-id>}]DESCRIPTION:Start a replay to this queue
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<from-date> [0..32 chars] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second <replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;" <replication-group-msg-id> [41..41 chars] - The Message after which to begin replay, identified by its Replication Group Message ID The format is "rmid1:xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxx", where x is a hexadecimal digit. enable admin message-spool message-vpn <vpn-name> replay-log
COMMAND:replay-log <name>DESCRIPTION:Enter message spool replay log admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..185 chars] - Name of Replay Log. Invalid characters are "'<>*?&;" enable admin message-spool message-vpn <vpn-name> replay-log <name> trim-logged-messages
COMMAND:trim-logged-messages older-than-date <older-than-date>DESCRIPTION:Trim messages from this replay log
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<older-than-date> [0..32 chars] - All messages before this date will be removed. Specify using the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second enable admin message-spool message-vpn <vpn-name> rollback-transaction
COMMAND:rollback-transaction xid <xid>DESCRIPTION:Rollback the transaction identified by the XID. The transaction is heuristically rolled back and thus is not deleted upon completing the rollback. To delete, use the delete-transaction command.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ? enable admin message-spool message-vpn <vpn-name> sequenced-topic
COMMAND:sequenced-topic <topic> next-sequence-number <seq-num>DESCRIPTION:Set the next sequence number for the sequenced topic
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seq-num> [1..9223372036854775807] - Next sequence number for the sequenced topic <topic> [1..250 chars] - Topic for applying sequence numbers enable admin message-spool message-vpn <vpn-name> topic-endpoint
COMMAND:topic-endpoint <name>DESCRIPTION:Enter message spool topic endpoint admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..250 chars] - Topic Endpoint name enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> cancel-replay
COMMAND:cancel-replay [force-complete]DESCRIPTION:Cancel all replays to this topic endpoint
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
force-complete - force cancellation without waiting for client unbind ack enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> start-replay
COMMAND:start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg <replication-group-msg-id>}]DESCRIPTION:Start a replay to this topic endpoint
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<from-date> [0..32 chars] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second <replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;" <replication-group-msg-id> [41..41 chars] - The Message after which to begin replay, identified by its Replication Group Message ID The format is "rmid1:xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxx", where x is a hexadecimal digit. enable admin product-key
COMMAND:[no] product-key <key-value>DESCRIPTION:Configure a product key to unlock feature content
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<key-value> [40..255 chars] - Product key value enable admin redundancy
COMMAND:redundancy [revert-activity]DESCRIPTION:Enter redundancy mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
revert-activity - Force the backup router to give up activity if the primary router is ready to provide service. enable admin redundancy revert-activity
COMMAND:revert-activityDESCRIPTION:Force the backup router to give up activity if the primary router is ready to provide service.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable admin semp-session
COMMAND:semp-session session-username <username-pattern> [session-id <session-id-value>]DESCRIPTION:Enter SEMP session admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<session-id-value> [1..56 chars] - The SEMP session ID.` <username-pattern> [1..189 chars] - The username pattern to use as a filter. enable admin semp-session session-username <username-pattern> delete
COMMAND:deleteDESCRIPTION:Delete one or more SEMP sessions
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable admin system
COMMAND:system [message-spool]DESCRIPTION:Enter system admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
message-spool - Enter message-spool admin mode enable admin system message-spool
COMMAND:message-spool [assert-disk-ownership | backup-adb-to-disk | defragment-spool-files... | override-flash-failure | reset...]DESCRIPTION:Enter message-spool admin mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
assert-disk-ownership - Assert ownership over the message-spool external disk. backup-adb-to-disk - Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore. defragment-spool-files - Start or stop a spool file defragmentation run. override-flash-failure - Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages. reset - Reset the message spooling facility on the broker (without affecting the rest of the broker configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state. enable admin system message-spool assert-disk-ownership
COMMAND:assert-disk-ownershipDESCRIPTION:Assert ownership over the message-spool external disk.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable admin system message-spool backup-adb-to-disk
COMMAND:backup-adb-to-diskDESCRIPTION:Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable admin system message-spool defragment-spool-files
COMMAND:defragment-spool-files {start | stop}DESCRIPTION:Start or stop a spool file defragmentation run.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
start - initiate spool file defragmentation operation stop - halt the spool file defragmentation operation enable admin system message-spool override-flash-failure
COMMAND:override-flash-failureDESCRIPTION:Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable admin system message-spool reset
COMMAND:resetDESCRIPTION:Reset the message spooling facility on the broker (without affecting the rest of the broker configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable backup
COMMAND:backupDESCRIPTION:Use this command to immediately create a manual local backup of your configuration database file on the router.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable boot
COMMAND:boot {<version> [default-config] | backout}DESCRIPTION:Use this command to upgrade or downgrade the router software to a new or old SolOS software load and activate it, or to revert to and run the previous SolOS software version that was running before the last upgrade.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
backout - Revert to previous load. default-config - Boots the router to a default configuration. <version> [0..63 chars] - Load version to boot to enable clear
COMMAND:clear [bridge... | cache-instance... | client... | client-certificate-authority... | client-username... | compression... | cspf | ldap-profile... | log | message-spool | message-vpn... | oauth-profile... | queue... | radius-profile... | replication... | smrp... | snmp | stats | topic-endpoint...]DESCRIPTION:Use this command to clear various statistics.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
bridge - Clear the statistics for one or more bridges. cache-instance - Clear statistics for one or more cache-instances. client - Clear statistics for one or more clients. client-certificate-authority - Clear global level statistics for client certificate authorities.
Also clears individual client certificate authority stats.client-username - Clear statistics for one or more client-usernames. compression - Clear statistics for compression. cspf - Clear specified CSPF information. ldap-profile - Clear ldap-profile statistics for one or all profiles. log - Clear logs. message-spool - Clear message-spool statistics. message-vpn - Clear statistics for one or more message VPNs. oauth-profile - Clear oauth-profile statistics for one or all profiles. queue - Clear statistics for one or more queues. radius-profile - Clear radius-profile statistics for one or all profiles. replication - Clear the global statistics for Replication. smrp - Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared. snmp - Clear SNMP statistics. stats - Clear global level statistics. topic-endpoint - Clear statistics for one or more topic-endpoints. enable clear bridge
COMMAND:bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] statsDESCRIPTION:Clear the statistics for one or more bridges.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is auto. backup - Only bridges of the backup virtual router. Default is auto. <bridge-name-pattern> [0..300 chars] - Bridge name; may contain wildcard characters * or ? primary - Only bridges of the primary virtual router. Default is auto. stats - Specify this keyword to clear statistics. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable clear cache-instance
COMMAND:cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] statsDESCRIPTION:Clear statistics for one or more cache-instances.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ? <cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? <name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ? stats - Clears cache-instance statistics <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable clear client
COMMAND:client <name> [message-vpn <vpn-name>] [primary] [backup] [static] statsDESCRIPTION:Clear statistics for one or more clients.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
backup - If specified, clients associated with the backup virtual router will be cleared. <name> [1..160 chars] - Client name; may contain wildcard characters * or ? primary - If specified, clients associated with the primary virtual router will be cleared. static - If specified, clients associated with the static virtual router will be cleared. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable clear client-certificate-authority
COMMAND:client-certificate-authority statsDESCRIPTION:Clear global level statistics for client certificate authorities.
Also clears individual client certificate authority stats.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable clear client-username
COMMAND:client-username <name> [message-vpn <vpn-name>] statsDESCRIPTION:Clear statistics for one or more client-usernames.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..189 chars] - Client name; may contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable clear compression
COMMAND:compression statsDESCRIPTION:Clear statistics for compression.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable clear cspf
COMMAND:cspf [neighbor... | stats]DESCRIPTION:Clear specified CSPF information.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
neighbor - Clear statistics related to neighbors stats - Clear statistics related to the CSPF protocol enable clear cspf neighbor
COMMAND:neighbor <physical-router-name> statsDESCRIPTION:Clear statistics related to neighbors
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<physical-router-name> [1..66 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ? stats - Clear neighbor stats enable clear cspf stats
COMMAND:statsDESCRIPTION:Clear statistics related to the CSPF protocol
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable clear ldap-profile
COMMAND:ldap-profile <profile-name> statsDESCRIPTION:Clear ldap-profile statistics for one or all profiles.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name. May contain wildcard characters * and ?. enable clear log
COMMAND:log [acl... | login... | no-subscription-match | rest...]DESCRIPTION:Clear logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
acl - Clear ACL logs. login - Clear login logs no-subscription-match - Clear no-subscription-match logs. rest - Clear REST logs. enable clear log acl
COMMAND:acl [client-connect | publish-topic | subscribe-topic]DESCRIPTION:Clear ACL logs.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
client-connect - Clear only logs relating to client-connect ACLs publish-topic - Clear only logs relating to publish-topic ACLs subscribe-topic - Clear only logs relating to subscribe-topic ACLs enable clear log login
COMMAND:login diagDESCRIPTION:Clear login logs
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
diag - Clear logs relating to login diagnostics enable clear log no-subscription-match
COMMAND:no-subscription-matchDESCRIPTION:Clear no-subscription-match logs.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable clear log rest
COMMAND:rest rest-delivery-point errorsDESCRIPTION:Clear REST logs.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
errors - Clear logs relating to REST errors rest-delivery-point - Clear logs relating to REST Delivery Points enable clear message-spool
COMMAND:message-spool [stats]DESCRIPTION:Clear message-spool statistics.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
stats - Clear the statistics for the Message Spool. enable clear message-spool stats
COMMAND:statsDESCRIPTION:Clear the statistics for the Message Spool.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable clear message-vpn
COMMAND:message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest {{rest-delivery-point <rdp-name> } | {rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ]}} stats*2} | {mqtt {mqtt-session <client-id-pattern> } [primary | backup | auto] stats*3} | oauth {{profile <profile>} } stats*4}DESCRIPTION:Clear statistics for one or more message VPNs.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
auto - If specified, stats associated with the auto mqtt-session will be cleared. backup - If specified, stats associated with the backup mqtt-session will be cleared. <client-id-pattern> [0..128 chars] - The pattern that filters the mqtt-session selected. May contain wildcard characters * and ?. message-spool-stats - Clear message-spool statistics. mqtt - MQTT related clear commands no-wildcard*2 - Do not use wildcarding no-wildcard*3 - Do not use wildcarding no-wildcard*4 - Do not use wildcarding oauth - Clear OAuth related information. primary - If specified, stats associated with the primary mqtt-session will be cleared. <profile> [1..32 chars] - The name of the profile, which may include wildcards * or ? <rdp-name> [0..100 chars] - The pattern that filters the RDP selected. May contain wildcard characters * and ?. <rdp-name>*2 - The pattern that filters the RDP selected. May contain wildcard characters * and ?. replication-stats - Clear replication statistics. rest - REST related clear commands <rest-consumer-name> [0..32 chars] - The pattern that filters the REST Consumer selected. May contain wildcard characters * and ?. service-stats - Clear SMF service statistics for message VPN. stats - Clears the statistics for the specified message VPN stats*2 - Specify this keyword to clear REST Delivery Point statistics. stats*3 - Specify this keyword to clear MQTT statistics. stats*4 - Clear OAuth stats. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable clear oauth-profile
COMMAND:oauth-profile <profile-name> statsDESCRIPTION:Clear oauth-profile statistics for one or all profiles.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<profile-name> [1..32 chars] - OAuth profile name. May contain wildcard characters * and ?. enable clear queue
COMMAND:queue <name> [message-vpn <vpn-name>] statsDESCRIPTION:Clear statistics for one or more queues.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..200 chars] - Queue name; may contain wildcard characters * or ? stats - Clears the statistics for the specified queue. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable clear radius-profile
COMMAND:radius-profile <profile-name> statsDESCRIPTION:Clear radius-profile statistics for one or all profiles.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name. May contain wildcard characters * and ?. enable clear replication
COMMAND:replication statsDESCRIPTION:Clear the global statistics for Replication.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
stats - Clear stats. enable clear smrp
COMMAND:smrp stats [router-name <router-name>]DESCRIPTION:Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ? enable clear snmp
COMMAND:snmp [stats]DESCRIPTION:Clear SNMP statistics.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
stats - Clear SNMP statistics enable clear snmp stats
COMMAND:statsDESCRIPTION:Clear SNMP statistics
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable clear stats
COMMAND:stats [client | neighbor | ssl]DESCRIPTION:Clear global level statistics.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
client - Clear global level statistics for clients. Also clears individual client stats. neighbor - Clear global level statistics for neighbors.
Also clears individual neighbor stats.ssl - Clear global level statistics related to SSL. enable clear stats client
COMMAND:clientDESCRIPTION:Clear global level statistics for clients. Also clears individual client stats.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable clear stats neighbor
COMMAND:neighborDESCRIPTION:Clear global level statistics for neighbors.
Also clears individual neighbor stats.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable clear stats ssl
COMMAND:sslDESCRIPTION:Clear global level statistics related to SSL.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable clear topic-endpoint
COMMAND:topic-endpoint <name> [message-vpn <vpn-name>] statsDESCRIPTION:Clear statistics for one or more topic-endpoints.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ? stats - Clears the statistics for the specified topic-endpoint. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? enable configure
COMMAND:configureDESCRIPTION:Use this command to reach the Global CONFIG level by entering configure from the privileged EXEC level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. enable configure acl-profile
COMMAND:[no] acl-profile <name> message-vpn <vpn-name>create acl-profile <name> message-vpn <vpn-name> [allow-client-connect] [allow-publish-topic] [allow-subscribe-topic] [disallow-subscribe-share-name]
DESCRIPTION:Create, modify, or delete a ACL Profile.
An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The name of the ACL Profile. <vpn-name> [1..32 chars] - The name of the Message VPN. allow-client-connect - Set the default action for a client connect attempt to "allow". allow-publish-topic - Set the default action for a publish topic attempt to "allow". allow-subscribe-topic - Set the default action for a subscribe topic attempt to "allow". disallow-subscribe-share-name - Set the default action for a subscribe share name attempt to "disallow". enable configure acl-profile <name> message-vpn <vpn-name> client-connect
COMMAND:client-connect [default-action... | exception...]DESCRIPTION:Enter the "client-connect" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
default-action - The default action to take when a client using the ACL Profile connects to the Message VPN. [no] exception - Create or delete a Client Connect Exception.
A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.enable configure acl-profile <name> message-vpn <vpn-name> client-connect default-action
COMMAND:default-action {allow | disallow}DESCRIPTION:The default action to take when a client using the ACL Profile connects to the Message VPN.
The default is default-action "disallow".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
allow - Allow client connection unless an exception is found for it. disallow - Disallow client connection unless an exception is found for it. enable configure acl-profile <name> message-vpn <vpn-name> client-connect exception
COMMAND:[no] exception <cidr-addr>DESCRIPTION:Create or delete a Client Connect Exception.
A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<cidr-addr> [0..43 chars] - The IP address/netmask of the client connect exception in canonical CIDR form. enable configure acl-profile <name> message-vpn <vpn-name> publish-topic
COMMAND:publish-topic [default-action... | exceptions...]DESCRIPTION:Enter the "publish-topic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
default-action - The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. [no] exceptions - Create or delete a Publish Topic Exception.
A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.enable configure acl-profile <name> message-vpn <vpn-name> publish-topic default-action
COMMAND:default-action {allow | disallow}DESCRIPTION:The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN.
The default is default-action "disallow".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
allow - Allow topic unless an exception is found for it. disallow - Disallow topic unless an exception is found for it. enable configure acl-profile <name> message-vpn <vpn-name> publish-topic exceptions
COMMAND:[no] exceptions [smf | mqtt] list <exception-list>DESCRIPTION:Create or delete a Publish Topic Exception.
A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<exception-list> [1..250 chars] - List of exceptions mqtt - Exception list uses MQTT topic syntax. smf - Exception list uses SMF topic syntax. enable configure acl-profile <name> message-vpn <vpn-name> subscribe-share-name
COMMAND:subscribe-share-name [default-action... | exceptions...]DESCRIPTION:Enter the "subscribe-share-name" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
default-action - The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. [no] exceptions - Create or delete a Subscribe Share Name Exception.
A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.enable configure acl-profile <name> message-vpn <vpn-name> subscribe-share-name default-action
COMMAND:default-action {allow | disallow}DESCRIPTION:The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN.
The default is default-action "allow".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
allow - Allow topic unless an exception is found for it. disallow - Disallow topic unless an exception is found for it. enable configure acl-profile <name> message-vpn <vpn-name> subscribe-share-name exceptions
COMMAND:[no] exceptions [smf | mqtt] list <exception-list>DESCRIPTION:Create or delete a Subscribe Share Name Exception.
A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<exception-list> [1..250 chars] - List of exceptions mqtt - Exception list uses MQTT topic syntax. smf - Exception list uses SMF topic syntax. enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic
COMMAND:subscribe-topic [default-action... | exceptions...]DESCRIPTION:Enter the "subscribe-topic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
default-action - The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. [no] exceptions - Create or delete a Subscribe Topic Exception.
A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic default-action
COMMAND:default-action {allow | disallow}DESCRIPTION:The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN.
The default is default-action "disallow".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
allow - Allow topic unless an exception is found for it. disallow - Disallow topic unless an exception is found for it. enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic exceptions
COMMAND:[no] exceptions [smf | mqtt] list <exception-list>DESCRIPTION:Create or delete a Subscribe Topic Exception.
A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<exception-list> [1..250 chars] - List of exceptions mqtt - Exception list uses MQTT topic syntax. smf - Exception list uses SMF topic syntax. enable configure authentication
COMMAND:authentication [access-level | allow-direct-shell-login... | auth-type... | brute-force-protection | client-certificate-authority... | client-certificate-revocation-checking... | kerberos | ldap-profile... | oauth-profile... | oauth-profile-default... | radius-domain... | radius-profile... | replace-duplicate-client-connections]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
access-level - Enter sub-mode to configure parameters related to CLI access levels. [no] allow-direct-shell-login - Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access. auth-type - The authentication mechanism to use for CLI users. Changing this value will cause all SEMP sessions to be deleted. brute-force-protection - Enter sub-mode to configure parameters related to brute force attack protection. [create|no] client-certificate-authority - Create, modify, or delete a Client Certificate Authority.
Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.client-certificate-revocation-checking - The client certificate revocation checking mode used when a client authenticates with a client certificate. kerberos - Configure Kerberos Authentication. [create|no] ldap-profile - Create, edit and delete LDAP profiles. [create|no] oauth-profile - Create, modify, or delete a OAuth Profile.
OAuth profiles specify how to securely authenticate to an OAuth provider.[no] oauth-profile-default - The default OAuth profile for OAuth authenticated SEMP requests. [no] radius-domain - Assign radius-domain string. [create|no] radius-profile - Create, edit and delete RADIUS profiles. [no] replace-duplicate-client-connections - Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections. enable configure authentication access-level
COMMAND:access-level [default | ldap]DESCRIPTION:Enter sub-mode to configure parameters related to CLI access levels.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
default - Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it. ldap - Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP. enable configure authentication access-level default
COMMAND:default [global-access-level... | message-vpn]DESCRIPTION:Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
global-access-level - Set the global-scope access-level of a CLI username. message-vpn - Enter sub-mode to configure the access level at Message VPN level for CLI users. enable configure authentication access-level default global-access-level
COMMAND:global-access-level <access-level>DESCRIPTION:Set the global-scope access-level of a CLI username.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<access-level> [none | read-only | mesh-manager | read-write | admin] - CLI global access level enable configure authentication access-level default message-vpn
COMMAND:message-vpn [access-level-exception... | default-access-level...]DESCRIPTION:Enter sub-mode to configure the access level at Message VPN level for CLI users.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed. default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence. enable configure authentication access-level default message-vpn access-level-exception
COMMAND:[create | no] access-level-exception <vpn-name>DESCRIPTION:The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured. enable configure authentication access-level default message-vpn access-level-exception <vpn-name> access-level
COMMAND:access-level <access-level>DESCRIPTION:vpn-scope access-level to assign to CLI users.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level enable configure authentication access-level default message-vpn default-access-level
COMMAND:default-access-level <access-level>DESCRIPTION:The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN enable configure authentication access-level ldap
COMMAND:ldap [group... | group-membership-attribute-name...]DESCRIPTION:Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[create|no] group - The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'. [no] group-membership-attribute-name - The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level. enable configure authentication access-level ldap group
COMMAND:[create | no] group <group-name>DESCRIPTION:The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<group-name> [1..256 chars] - LDAP group name. enable configure authentication access-level ldap group <group-name> global-access-level
COMMAND:global-access-level <access-level>DESCRIPTION:Set the global-scope access-level of CLI users.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<access-level> [none | read-only | mesh-manager | read-write | admin] - CLI global access level enable configure authentication access-level ldap group <group-name> message-vpn
COMMAND:message-vpn [access-level-exception... | default-access-level...]DESCRIPTION:Enter sub-mode to configure the access level at Message VPN level for CLI users.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed. default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence. enable configure authentication access-level ldap group <group-name> message-vpn access-level-exception
COMMAND:[create | no] access-level-exception <vpn-name>DESCRIPTION:The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured. enable configure authentication access-level ldap group <group-name> message-vpn access-level-exception <vpn-name> access-level
COMMAND:access-level <access-level>DESCRIPTION:vpn-scope access-level to assign to CLI users.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level enable configure authentication access-level ldap group <group-name> message-vpn default-access-level
COMMAND:default-access-level <access-level>DESCRIPTION:The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN enable configure authentication access-level ldap group-membership-attribute-name
COMMAND:group-membership-attribute-name <attribute-name>no group-membership-attribute-name
DESCRIPTION:The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<attribute-name> [1..64 chars] - LDAP attribute name. enable configure authentication allow-direct-shell-login
COMMAND:[no] allow-direct-shell-login [<shell-login-name>]DESCRIPTION:Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access.
By default, the support user is allowed direct access to the SolOS shell.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<shell-login-name> [1..32 chars] - Any valid SolOS shell user. enable configure authentication auth-type
COMMAND:auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}DESCRIPTION:The authentication mechanism to use for CLI users. Changing this value will cause all SEMP sessions to be deleted.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
internal - Internal database. ldap - LDAP authentication. <ldap-profile> [1..32 chars] - LDAP profile name. radius - RADIUS authentication. <radius-profile> [1..32 chars] - RADIUS profile name. enable configure authentication brute-force-protection
COMMAND:brute-force-protection [shutdown]DESCRIPTION:Enter sub-mode to configure parameters related to brute force attack protection.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] shutdown - Enable or disable protection against brute force password guessing attacks on local management accounts. enable configure authentication brute-force-protection shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable protection against brute force password guessing attacks on local management accounts.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication client-certificate-authority
COMMAND:[create | no] client-certificate-authority <ca-name>DESCRIPTION:Create, modify, or delete a Client Certificate Authority.
Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<ca-name> [1..64 chars] - The name of the Certificate Authority. enable configure authentication client-certificate-authority <ca-name> certificate
COMMAND:certificate {file <ca-certificate> | content <raw-data>}no certificate
DESCRIPTION:The trusted root certificate for a client certificate authority. The file must be located in the /certs directory and must be PEM formatted.
The no version of the command returns its value to the default (no certificate configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<ca-certificate> [1..127 chars] - The CA certificate file. <raw-data> [0..32768 chars] - The CA certificate content. enable configure authentication client-certificate-authority <ca-name> revocation-check
COMMAND:revocation-check [crl | ocsp | shutdown]DESCRIPTION:Enter the "revocation-check" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
crl - Enter the "crl" mode. ocsp - Enter the "ocsp" mode. [no] shutdown - Enable or disable Certificate Authority revocation checking. enable configure authentication client-certificate-authority <ca-name> revocation-check crl
COMMAND:crl [refresh-schedule... | url...]DESCRIPTION:Enter the "crl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] refresh-schedule - The schedule for refreshing the CRL by downloading a new copy. The "no" version of the command resets the schedule to the default. [no] url - The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. enable configure authentication client-certificate-authority <ca-name> revocation-check crl refresh-schedule
COMMAND:refresh-schedule [days <days-of-week> ] times <times-of-day>no refresh-schedule
DESCRIPTION:The schedule for refreshing the CRL by downloading a new copy. The "no" version of the command resets the schedule to the default.
The default is refresh-schedule "daily 3:00".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none". <times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none" enable configure authentication client-certificate-authority <ca-name> revocation-check crl url
COMMAND:url <url>no url
DESCRIPTION:The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<url> [0..2048 chars] - The value to set. enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp
COMMAND:ocsp [allow-non-responder-certificate | override-url... | responder-common-name... | timeout...]DESCRIPTION:Enter the "ocsp" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] allow-non-responder-certificate - Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses. [no] override-url - The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included. [no] responder-common-name - Create or delete a OCSP Responder Trusted Common Name.
When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.[no] timeout - The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt. enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp allow-non-responder-certificate
COMMAND:[no] allow-non-responder-certificateDESCRIPTION:Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses.
The default value is no allow-non-responder-certificate.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp override-url
COMMAND:override-url <ocsp-override-url>no override-url
DESCRIPTION:The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<ocsp-override-url> [0..2048 chars] - The value to set. enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp responder-common-name
COMMAND:responder-common-name {empty | name <common-name>}no responder-common-name name <common-name>
DESCRIPTION:Create or delete a OCSP Responder Trusted Common Name.
When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate. empty - Removes all common names from the list. enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp timeout
COMMAND:timeout <seconds>no timeout
DESCRIPTION:The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt.
The no version of the command returns its value to the default (5).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<seconds> [1..86400] - The value to set. enable configure authentication client-certificate-authority <ca-name> revocation-check shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable Certificate Authority revocation checking.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication client-certificate-revocation-checking
COMMAND:client-certificate-revocation-checking <mode>DESCRIPTION:The client certificate revocation checking mode used when a client authenticates with a client certificate.
The default is client-certificate-revocation-checking "none".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<mode> [none | ocsp | crl | ocsp-crl] - The value to set.
none - Do not perform any certificate revocation checking.
ocsp - Use the Open Certificate Status Protcol (OCSP) for certificate revocation checking.
crl - Use Certificate Revocation Lists (CRL) for certificate revocation checking.
ocsp-crl - Use OCSP first, but if OCSP fails to return an unambiguous result, then check via CRL.enable configure authentication kerberos
COMMAND:kerberos [keytab]DESCRIPTION:Configure Kerberos Authentication.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
keytab - Configure Kerberos keytab entries. enable configure authentication kerberos keytab
COMMAND:keytab [add-key... | delete-keytab-entry...]DESCRIPTION:Configure Kerberos keytab entries.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
add-key - Add a Kerberos key to the router keytab store. delete-keytab-entry - Delete a Kerberos key from the router keytab store. enable configure authentication kerberos keytab add-key
COMMAND:add-key <keytab-filename> [index <index>]DESCRIPTION:Add a Kerberos key to the router keytab store.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<index> [1..65535] - Index of the key in the keytab file. <keytab-filename> [Filename of keytab in /keytab directory.] - Kerberos keytab file used to get the key from. enable configure authentication kerberos keytab delete-keytab-entry
COMMAND:delete-keytab-entry <index>DESCRIPTION:Delete a Kerberos key from the router keytab store.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<index> [1..65535] - Index of the key in the keytab store. enable configure authentication ldap-profile
COMMAND:[create | no] ldap-profile <profile-name>DESCRIPTION:Create, edit and delete LDAP profiles.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name. enable configure authentication ldap-profile <profile-name> admin
COMMAND:admin dn <admin-dn> [password <admin-password> ]DESCRIPTION:Configure the router's credentials when connecting to an LDAP server in this profile.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<admin-dn> [0..1024 chars] - The distinguished name to bind as. <admin-password> [0..128 chars] - The password to provide during the bind. enable configure authentication ldap-profile <profile-name> allow-unauthenticated-authentication
COMMAND:[no] allow-unauthenticated-authenticationDESCRIPTION:This command allows clients connecting to the router without passwords to have those empty passwords forwarded to the LDAP server(s) for authentication. By disabling this attribute the login attempt is immediately rejected by the router without consulting the LDAP server.
Important: Unauthenticated authentication permits password-less logins for all users of this profile if such authentications are also permitted by the LDAP server. As such enabling this attibute can result in a significant security hole.
The default value is no allow-unauthenticated-authentication.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication ldap-profile <profile-name> group-membership-secondary-search
COMMAND:group-membership-secondary-search [base-dn... | deref... | filter... | filter-attribute-from-primary-search... | follow-continuation-references | scope... | shutdown | timeout...]DESCRIPTION:Configure the group membership secondary search parameters.
The intent for this search is to indirectly determine the groups the user belongs to. The "group-membership-attribute-name" is not used when this feature is enabled.
An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".
Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
base-dn - Sets the base node for searches. deref - Configure the dereferencing behavior of searches. filter - Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol. filter-attribute-from-primary-search - The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search. [no] follow-continuation-references - Enable or disable the following of continuation references. scope - Configure the scope of directory searches. [no] shutdown - Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.
An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".
Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request. enable configure authentication ldap-profile <profile-name> group-membership-secondary-search base-dn
COMMAND:base-dn <distinguished-name>DESCRIPTION:Sets the base node for searches.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"
enable configure authentication ldap-profile <profile-name> group-membership-secondary-search deref
COMMAND:deref {never | search | base | always}DESCRIPTION:Configure the dereferencing behavior of searches.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
always - Always dereference aliases. Default setting. base - Only dereference alias when locating the base node. never - Don't dereference aliases. search - Only dereference aliases when searching. enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter
COMMAND:filter <filter>DESCRIPTION:Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"
enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter-attribute-from-primary-search
COMMAND:filter-attribute-from-primary-search <attribute-name>DESCRIPTION:The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<attribute-name> [0..64 chars] - LDAP attribute name. enable configure authentication ldap-profile <profile-name> group-membership-secondary-search follow-continuation-references
COMMAND:[no] follow-continuation-referencesDESCRIPTION:Enable or disable the following of continuation references.
The default value is follow-continuation-references.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication ldap-profile <profile-name> group-membership-secondary-search scope
COMMAND:scope {base | one-level | subtree}DESCRIPTION:Configure the scope of directory searches.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
base - Search only the base node. one-level - Search only 1 level deep. subtree - Search the entire subtree. Default setting. enable configure authentication ldap-profile <profile-name> group-membership-secondary-search shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.
An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".
Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication ldap-profile <profile-name> group-membership-secondary-search timeout
COMMAND:timeout <duration>DESCRIPTION:Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<duration> [1..40] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails. Values above 20 should only be used upon recommendation of Solace Support. enable configure authentication ldap-profile <profile-name> ldap-server
COMMAND:ldap-server <ldap-host> index <server-index>no ldap-server {<ldap-host> | index <server-index>}
DESCRIPTION:Configures or removes LDAP servers in a given LDAP profile.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<ldap-host> [0..256 chars] - LDAP host. Examples:
ldap://ldap.solace.com
ldap://192.168.123.4:389
ldaps://ldap.solace.com:636<server-index> [1..3] - A positive integer indicating server preference. A value of "1" indicates first choice, "2" indicates second choice, etc. Up to a maximum of "3". enable configure authentication ldap-profile <profile-name> search
COMMAND:search [base-dn... | deref... | filter... | follow-continuation-references | scope... | timeout...]DESCRIPTION:Configure search parameters.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
base-dn - Sets the base node for searches. deref - Configure the dereferencing behavior of searches. filter - Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol. [no] follow-continuation-references - Enable or disable the following of continuation references. scope - Configure the scope of directory searches. timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request. enable configure authentication ldap-profile <profile-name> search base-dn
COMMAND:base-dn <distinguished-name>DESCRIPTION:Sets the base node for searches.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"
enable configure authentication ldap-profile <profile-name> search deref
COMMAND:deref {never | search | base | always}DESCRIPTION:Configure the dereferencing behavior of searches.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
always - Always dereference aliases. Default setting. base - Only dereference alias when locating the base node. never - Don't dereference aliases. search - Only dereference aliases when searching. enable configure authentication ldap-profile <profile-name> search filter
COMMAND:filter <filter>DESCRIPTION:Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"
enable configure authentication ldap-profile <profile-name> search follow-continuation-references
COMMAND:[no] follow-continuation-referencesDESCRIPTION:Enable or disable the following of continuation references.
The default value is follow-continuation-references.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication ldap-profile <profile-name> search scope
COMMAND:scope {base | one-level | subtree}DESCRIPTION:Configure the scope of directory searches.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
base - Search only the base node. one-level - Search only 1 level deep. subtree - Search the entire subtree. Default setting. enable configure authentication ldap-profile <profile-name> search timeout
COMMAND:timeout <duration>DESCRIPTION:Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<duration> [1..40] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails. Values above 20 should only be used upon recommendation of Solace Support. enable configure authentication ldap-profile <profile-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the LDAP profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication ldap-profile <profile-name> starttls
COMMAND:[no] starttlsDESCRIPTION:Enables or disables STARTTLS for this profile. The STARTTLS setting is ignored if an LDAP-server host URL is specified with the LDAPS protocol ('ldaps://')
The default value is no starttls.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile
COMMAND:[create | no] oauth-profile <oauth-profile>DESCRIPTION:Create, modify, or delete a OAuth Profile.
OAuth profiles specify how to securely authenticate to an OAuth provider.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-write
global/admin is required for "create oauth-profile" and "no oauth-profile".PARAMETERS:
<oauth-profile> [1..32 chars] - The name of the OAuth profile. enable configure authentication oauth-profile <oauth-profile> access-level
COMMAND:access-level [default | group...]DESCRIPTION:Configure access levels for this OAuth profile.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
default - Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it. [create|no] group - Create, modify, or delete a Group Access Level.
The name of a group as it exists on the OAuth server being used to authenticate SEMP users.enable configure authentication oauth-profile <oauth-profile> access-level default
COMMAND:default [global-access-level... | message-vpn]DESCRIPTION:Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] global-access-level - The default global access level for this OAuth profile. message-vpn - Enter sub-mode to configure the access level at Message VPN level for CLI users. enable configure authentication oauth-profile <oauth-profile> access-level default global-access-level
COMMAND:global-access-level {none | read-only | mesh-manager | read-write | admin}no global-access-level
DESCRIPTION:The default global access level for this OAuth profile.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
admin - User has read-write access to all global data. mesh-manager - User has read-write access to global data required to administer this broker as a member of a mesh of brokers. none - User has no access to global data. read-only - User has read-only access to global data. read-write - User has read-write access to most global data. enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn
COMMAND:message-vpn [access-level-exception... | default-access-level...]DESCRIPTION:Enter sub-mode to configure the access level at Message VPN level for CLI users.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[create|no] access-level-exception - Create, modify, or delete a Message VPN Access-Level Exception.
Default message VPN access-level exceptions.[no] default-access-level - The default message VPN access level for the OAuth profile. enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn access-level-exception
COMMAND:[create | no] access-level-exception <vpn-name>DESCRIPTION:Create, modify, or delete a Message VPN Access-Level Exception.
Default message VPN access-level exceptions.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vpn-name> [1..32 chars] - The name of the message VPN. enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn access-level-exception <vpn-name> access-level
COMMAND:access-level {none | read-only | read-write}no access-level
DESCRIPTION:The message VPN access level.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
none - User has no access to a Message VPN. read-only - User has read-only access to a Message VPN. read-write - User has read-write access to most Message VPN settings. enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn default-access-level
COMMAND:default-access-level {none | read-only | read-write}no default-access-level
DESCRIPTION:The default message VPN access level for the OAuth profile.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
none - User has no access to a Message VPN. read-only - User has read-only access to a Message VPN. read-write - User has read-write access to most Message VPN settings. enable configure authentication oauth-profile <oauth-profile> access-level group
COMMAND:[create | no] group <group-name>DESCRIPTION:Create, modify, or delete a Group Access Level.
The name of a group as it exists on the OAuth server being used to authenticate SEMP users.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-write
Notes/Exceptions: An access scope/level of "global/admin" is required to create access level groups with a global access level greater than "none". An access scope/level of "global/admin" is required to delete access level groups with a global access level greater than "none".PARAMETERS:
<group-name> [1..64 chars] - The name of the group. enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> description
COMMAND:description <value>no description
DESCRIPTION:A description for the group.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..64 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> global-access-level
COMMAND:global-access-level {none | read-only | mesh-manager | read-write | admin}no global-access-level
DESCRIPTION:The global access level for this group.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
admin - User has read-write access to all global data. mesh-manager - User has read-write access to global data required to administer this broker as a member of a mesh of brokers. none - User has no access to global data. read-only - User has read-only access to global data. read-write - User has read-write access to most global data. enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn
COMMAND:message-vpn [access-level-exception... | default-access-level...]DESCRIPTION:Enter sub-mode to configure the access level at Message VPN level for CLI users.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[create|no] access-level-exception - Create, modify, or delete a Message VPN Access-Level Exception.
Message VPN access-level exceptions for members of this group.[no] default-access-level - The default message VPN access level for this group. enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn access-level-exception
COMMAND:[create | no] access-level-exception <vpn-name>DESCRIPTION:Create, modify, or delete a Message VPN Access-Level Exception.
Message VPN access-level exceptions for members of this group.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vpn-name> [1..32 chars] - The name of the message VPN. enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn access-level-exception <vpn-name> access-level
COMMAND:access-level {none | read-only | read-write}no access-level
DESCRIPTION:The message VPN access level.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
none - User has no access to a Message VPN. read-only - User has read-only access to a Message VPN. read-write - User has read-write access to most Message VPN settings. enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn default-access-level
COMMAND:default-access-level {none | read-only | read-write}no default-access-level
DESCRIPTION:The default message VPN access level for this group.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
none - User has no access to a Message VPN. read-only - User has read-only access to a Message VPN. read-write - User has read-write access to most Message VPN settings. enable configure authentication oauth-profile <oauth-profile> access-level-groups-claim-name
COMMAND:access-level-groups-claim-name <value>no access-level-groups-claim-name
DESCRIPTION:The name of the groups claim.
The no version of the command returns its value to the default ("groups").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..100 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> access-level-groups-claim-string-format
COMMAND:access-level-groups-claim-string-format {single | space-delimited}no access-level-groups-claim-string-format
DESCRIPTION:The format of the access level groups claim value when it is a string.
The no version of the command returns its value to the default ("single").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
single - When the claim is a string, it is interpreted as as single group. space-delimited - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim. enable configure authentication oauth-profile <oauth-profile> client
COMMAND:client [allowed-host | authorization-parameter... | redirect-uri... | required-claim | required-type... | scope... | validate-type]DESCRIPTION:Configure OAuth client settings.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
{create|no} allowed-host - Create or delete a Allowed Host Value.
A valid hostname for this broker in OAuth redirects.[create|no] authorization-parameter - Create, modify, or delete a Authorization Parameter.
Additional parameters to be passed to the OAuth authorization endpoint.[no] redirect-uri - The OAuth redirect URI. {create|no} required-claim - Create or delete a Required Claim.
Additional claims to be verified in the ID token.[no] required-type - The required value for the TYP field in the ID token header. [no] scope - The OAuth scope. [no] validate-type - Enable or disable verification of the TYP field in the ID token header. enable configure authentication oauth-profile <oauth-profile> client allowed-host
COMMAND:{create|no} allowed-host <host>DESCRIPTION:Create or delete a Allowed Host Value.
A valid hostname for this broker in OAuth redirects.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<host> - An allowed value for the Host header. enable configure authentication oauth-profile <oauth-profile> client authorization-parameter
COMMAND:[create | no] authorization-parameter <param-name>DESCRIPTION:Create, modify, or delete a Authorization Parameter.
Additional parameters to be passed to the OAuth authorization endpoint.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<param-name> [1..32 chars] - The name of the authorization parameter. enable configure authentication oauth-profile <oauth-profile> client authorization-parameter <param-name> value
COMMAND:value <value>no value
DESCRIPTION:The authorization parameter value.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> client redirect-uri
COMMAND:redirect-uri <value>no redirect-uri
DESCRIPTION:The OAuth redirect URI.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..300 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> client required-claim
COMMAND:create required-claim <name> <value>no required-claim <name>
DESCRIPTION:Create or delete a Required Claim.
Additional claims to be verified in the ID token.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<name> - The name of the ID token claim to verify. <value> - The required claim value, which must be a string containing a valid JSON value. enable configure authentication oauth-profile <oauth-profile> client required-type
COMMAND:required-type <value>no required-type
DESCRIPTION:The required value for the TYP field in the ID token header.
The no version of the command returns its value to the default ("JWT").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [1..200 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> client scope
COMMAND:scope <value>no scope
DESCRIPTION:The OAuth scope.
The no version of the command returns its value to the default ("openid email").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..200 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> client validate-type
COMMAND:[no] validate-typeDESCRIPTION:Enable or disable verification of the TYP field in the ID token header.
The default value is validate-type.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> client-id
COMMAND:client-id <value>no client-id
DESCRIPTION:The OAuth client id.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..200 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> client-secret
COMMAND:client-secret <value>no client-secret
DESCRIPTION:The OAuth client secret.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..512 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> display-name
COMMAND:display-name <value>no display-name
DESCRIPTION:The user friendly name for the OAuth profile.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..64 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints
COMMAND:endpoints [authorization... | discovery... | discovery-refresh-interval... | introspection... | introspection-timeout... | jwks... | jwks-refresh-interval... | token... | token-timeout... | userinfo... | userinfo-timeout...]DESCRIPTION:Configure OAuth endpoints.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] authorization - The OAuth authorization endpoint. [no] discovery - The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. [no] discovery-refresh-interval - The number of seconds between discovery endpoint requests. [no] introspection - The OAuth introspection endpoint. [no] introspection-timeout - The maximum time in seconds a token introspection request is allowed to take. [no] jwks - The OAuth JWKS endpoint. [no] jwks-refresh-interval - The number of seconds between JWKS endpoint requests. [no] token - The OAuth token endpoint. [no] token-timeout - The maximum time in seconds a token request is allowed to take. [no] userinfo - The OpenID Connect Userinfo endpoint. [no] userinfo-timeout - The maximum time in seconds a userinfo request is allowed to take. enable configure authentication oauth-profile <oauth-profile> endpoints authorization
COMMAND:authorization <value>no authorization
DESCRIPTION:The OAuth authorization endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints discovery
COMMAND:discovery <value>no discovery
DESCRIPTION:The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints discovery-refresh-interval
COMMAND:discovery-refresh-interval <value>no discovery-refresh-interval
DESCRIPTION:The number of seconds between discovery endpoint requests.
The no version of the command returns its value to the default (86400).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [60..31536000] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints introspection
COMMAND:introspection <value>no introspection
DESCRIPTION:The OAuth introspection endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints introspection-timeout
COMMAND:introspection-timeout <value>no introspection-timeout
DESCRIPTION:The maximum time in seconds a token introspection request is allowed to take.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [1..60] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints jwks
COMMAND:jwks <value>no jwks
DESCRIPTION:The OAuth JWKS endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints jwks-refresh-interval
COMMAND:jwks-refresh-interval <value>no jwks-refresh-interval
DESCRIPTION:The number of seconds between JWKS endpoint requests.
The no version of the command returns its value to the default (86400).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [60..31536000] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints token
COMMAND:token <value>no token
DESCRIPTION:The OAuth token endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints token-timeout
COMMAND:token-timeout <value>no token-timeout
DESCRIPTION:The maximum time in seconds a token request is allowed to take.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [1..60] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints userinfo
COMMAND:userinfo <value>no userinfo
DESCRIPTION:The OpenID Connect Userinfo endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> endpoints userinfo-timeout
COMMAND:userinfo-timeout <value>no userinfo-timeout
DESCRIPTION:The maximum time in seconds a userinfo request is allowed to take.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [1..60] - The value to set. enable configure authentication oauth-profile <oauth-profile> interactive
COMMAND:[no] interactiveDESCRIPTION:Enable or disable interactive logins via this OAuth provider.
The default value is interactive.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> issuer
COMMAND:issuer <value>no issuer
DESCRIPTION:The Issuer Identifier for the OAuth provider.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> oauth-role
COMMAND:oauth-role {client | resource-server}no oauth-role
DESCRIPTION:Configure whether the broker is acting as an OAuth client or an OAuth resource server.
The no version of the command returns its value to the default ("client").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
client - The broker is in the OAuth client role. resource-server - The broker is in the OAuth resource server role. enable configure authentication oauth-profile <oauth-profile> prompt-for-expired-session
COMMAND:prompt-for-expired-session <value>no prompt-for-expired-session
DESCRIPTION:The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..32 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> prompt-for-new-session
COMMAND:prompt-for-new-session <value>no prompt-for-new-session
DESCRIPTION:The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out.
The no version of the command returns its value to the default ("select_account").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..32 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> proxy
COMMAND:proxy <proxy-name>no proxy
DESCRIPTION:The name of the proxy to use for discovery, user info, jwks, and introspection requests. Leave empty for no proxy.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<proxy-name> [0..32 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> resource-server
COMMAND:resource-server [parse-access-token | required-audience... | required-claim | required-issuer... | required-scope... | required-type... | validate-audience | validate-issuer | validate-scope | validate-type]DESCRIPTION:Configure OAuth resource server settings.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] parse-access-token - Enable or disable parsing of the access token as a JWT. [no] required-audience - The required audience value. {create|no} required-claim - Create or delete a Required Claim.
Additional claims to be verified in the access token.[no] required-issuer - The required issuer value. [no] required-scope - A space-separated list of scopes that must be present in the scope claim. [no] required-type - The required TYP value. [no] validate-audience - Enable or disable verification of the audience claim in the access token or introspection response. [no] validate-issuer - Enable or disable verification of the issuer claim in the access token or introspection response. [no] validate-scope - Enable or disable verification of the scope claim in the access token or introspection response. [no] validate-type - Enable or disable verification of the TYP field in the access token header. enable configure authentication oauth-profile <oauth-profile> resource-server parse-access-token
COMMAND:[no] parse-access-tokenDESCRIPTION:Enable or disable parsing of the access token as a JWT.
The default value is parse-access-token.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> resource-server required-audience
COMMAND:required-audience <value>no required-audience
DESCRIPTION:The required audience value.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..200 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> resource-server required-claim
COMMAND:create required-claim <name> <value>no required-claim <name>
DESCRIPTION:Create or delete a Required Claim.
Additional claims to be verified in the access token.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<name> - The name of the access token claim to verify. <value> - The required claim value, which must be a string containing a valid JSON value. enable configure authentication oauth-profile <oauth-profile> resource-server required-issuer
COMMAND:required-issuer <value>no required-issuer
DESCRIPTION:The required issuer value.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..255 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> resource-server required-scope
COMMAND:required-scope <value>no required-scope
DESCRIPTION:A space-separated list of scopes that must be present in the scope claim.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..200 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> resource-server required-type
COMMAND:required-type <value>no required-type
DESCRIPTION:The required TYP value.
The no version of the command returns its value to the default ("at+jwt").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [1..200 chars] - The value to set. enable configure authentication oauth-profile <oauth-profile> resource-server validate-audience
COMMAND:[no] validate-audienceDESCRIPTION:Enable or disable verification of the audience claim in the access token or introspection response.
The default value is validate-audience.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> resource-server validate-issuer
COMMAND:[no] validate-issuerDESCRIPTION:Enable or disable verification of the issuer claim in the access token or introspection response.
The default value is validate-issuer.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> resource-server validate-scope
COMMAND:[no] validate-scopeDESCRIPTION:Enable or disable verification of the scope claim in the access token or introspection response.
The default value is validate-scope.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> resource-server validate-type
COMMAND:[no] validate-typeDESCRIPTION:Enable or disable verification of the TYP field in the access token header.
The default value is validate-type.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> semp
COMMAND:[no] sempDESCRIPTION:Enable or disable authentication of SEMP requests with OAuth tokens.
The default value is semp.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the OAuth profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication oauth-profile <oauth-profile> username-claim-name
COMMAND:username-claim-name <value>no username-claim-name
DESCRIPTION:The name of the username claim.
The no version of the command returns its value to the default ("sub").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [1..100 chars] - The value to set. enable configure authentication oauth-profile-default
COMMAND:oauth-profile-default <value>no oauth-profile-default
DESCRIPTION:The default OAuth profile for OAuth authenticated SEMP requests.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..32 chars] - The value to set. enable configure authentication radius-domain
COMMAND:radius-domain <radius-domain>no radius-domain
DESCRIPTION:Assign radius-domain string.
The no version of the command returns its value to the default (no radius-domain configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<radius-domain> [0..64 chars] - RADIUS domain string enable configure authentication radius-profile
COMMAND:[create | no] radius-profile <profile-name>DESCRIPTION:Create, edit and delete RADIUS profiles.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name. enable configure authentication radius-profile <profile-name> radius-server
COMMAND:radius-server <ip-port> index <server-index> [key <shared-secret-key> ]no radius-server {<ip-port> | index <server-index>}
DESCRIPTION:Configures or removes RADIUS servers in a given RADIUS profile.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<ip-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - FQDN or IP address (and optional port).
Examples:
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345<server-index> [1..3] - Priority index for the server. Default: next available index <shared-secret-key> [0..64 chars] - The shared secret between the router and the RADIUS server enable configure authentication radius-profile <profile-name> retransmit
COMMAND:retransmit <attempts>DESCRIPTION:Sets the number of times to retry a request.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<attempts> [1..10] - The number of attempts to retry a request. enable configure authentication radius-profile <profile-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the RADIUS profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure authentication radius-profile <profile-name> timeout
COMMAND:timeout <duration>DESCRIPTION:Sets the time to wait before retrying a request.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<duration> [1..10] - The time in seconds to wait. enable configure authentication replace-duplicate-client-connections
COMMAND:[no] replace-duplicate-client-connectionsDESCRIPTION:Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections.
The default value is replace-duplicate-client-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure bridge
COMMAND:[create | no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto]DESCRIPTION:Create, modify, or delete a Bridge.
Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
auto - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role. backup - The Bridge is used for the backup virtual router. <bridge-name> [1..150 chars] - The name of the Bridge. primary - The Bridge is used for the primary virtual router. <vpn-name> [1..32 chars] - The name of the Message VPN. enable configure bridge <bridge-name> message-vpn <vpn-name> max-ttl
COMMAND:max-ttl <ttl-value>no max-ttl
DESCRIPTION:The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value.
The no version of the command returns its value to the default (8).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<ttl-value> [1..255] - The value to set. enable configure bridge <bridge-name> message-vpn <vpn-name> remote
COMMAND:remote [authentication | deliver-to-one | message-vpn... | retry | subscription-topic...]DESCRIPTION:Enter the "remote" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
authentication - Enter the "authentication" mode. deliver-to-one - Enter the "deliver-to-one" mode. [create|no] message-vpn - Create, modify, or delete a Remote Message VPN.
The Remote Message VPN is the Message VPN that the Bridge connects to.retry - Enter the "retry" mode. [no] subscription-topic - Create or delete a Remote Subscription.
A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication
COMMAND:authentication [auth-scheme... | basic | client-certificate]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
auth-scheme - The authentication scheme for the remote Message VPN. basic - Enter the "basic" mode. client-certificate - Enter the "client-certificate" mode. enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication auth-scheme
COMMAND:auth-scheme {basic | client-certificate}DESCRIPTION:The authentication scheme for the remote Message VPN.
The default is auth-scheme "basic".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
basic - Basic Authentication Scheme (via username and password). client-certificate - Client Certificate Authentication Scheme (via certificate file or content). enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic
COMMAND:basic [client-username...]DESCRIPTION:Enter the "basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] client-username - The Client Username and password the Bridge uses to login to the remote Message VPN. enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic client-username
COMMAND:client-username <name> [password <password> ]no client-username
DESCRIPTION:The Client Username and password the Bridge uses to login to the remote Message VPN.
The no version of the command returns its value to the default (no client-username configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router. <password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router. enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate
COMMAND:client-certificate [certificate-file...]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] certificate-file - The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate certificate-file
COMMAND:certificate-file <filename> [file-contents <file-contents> ]no certificate-file
DESCRIPTION:The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<file-contents> [0..32768 chars] - The server certificate. <filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory. enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one
COMMAND:deliver-to-one [priority...]DESCRIPTION:Enter the "deliver-to-one" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] priority - The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN. enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one priority
COMMAND:priority <dto-priority>no priority
DESCRIPTION:The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN.
The no version of the command returns its value to the default ("P1").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<dto-priority> [P1 | P2 | P3 | P4 | DA] - The value to set.
P1 - The 1st or highest priority.
P2 - The 2nd highest priority.
P3 - The 3rd highest priority.
P4 - The 4th highest priority.
DA - Ignore priority and deliver always.enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn
COMMAND:[create | no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface <phys-intf>]}DESCRIPTION:Create, modify, or delete a Remote Message VPN.
The Remote Message VPN is the Message VPN that the Bridge connects to.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<addr> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - FQDN or IP address (and optional port) where the remote router should be reached. This may be a static or virtual address of the remote-router. DNS name lookup is supported. For bridges that are looping back to a message-vpn on this router, the IP address '127.0.0.1' must be used. Ex.
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345<phys-intf> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"<virtual-router-name> [1..66 chars] - name of the virtual remote-router where the message-vpn is located. All virtual remote-router names start with 'v:', for e.g. v:lab-128-97. <vpn-name> [1..32 chars] - remote message-vpn name enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } client-username
COMMAND:client-username <name> [password <password> ]no client-username
DESCRIPTION:The Client Username and password the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall.
The no version of the command returns its value to the default (no client-username configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router. <password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } compressed-data
COMMAND:[no] compressed-dataDESCRIPTION:Enable or disable data compression for the remote Message VPN connection.
The default value is no compressed-data.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } connect-order
COMMAND:connect-order <number>no connect-order
DESCRIPTION:The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority).
The no version of the command returns its value to the default (4).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<number> [1..4] - The value to set. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool
COMMAND:message-spool [queue... | window-size...]DESCRIPTION:Enter the "message-spool" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] queue - The queue binding of the Bridge in the remote Message VPN. [no] window-size - The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool queue
COMMAND:queue <name>no queue
DESCRIPTION:The queue binding of the Bridge in the remote Message VPN.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [0..200 chars] - The value to set. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool window-size
COMMAND:window-size <number>no window-size
DESCRIPTION:The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received.
The no version of the command returns its value to the default (255).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<number> [0..65535] - The value to set. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the remote Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } ssl
COMMAND:[no] sslDESCRIPTION:Enable or disable encryption (TLS) for the remote Message VPN connection.
The default value is no ssl.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional
COMMAND:unidirectional [client-profile...]DESCRIPTION:Enter the "unidirectional" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] client-profile - The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB. enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional client-profile
COMMAND:client-profile <name>no client-profile
DESCRIPTION:The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB.
The no version of the command returns its value to the default ("#client-profile").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The value to set. enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry
COMMAND:retry [count... | delay...]DESCRIPTION:Enter the "retry" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] count - The number of retry attempts to establish a connection before moving on to the next remote Message VPN. [no] delay - The number of seconds the broker waits for the bridge connection to be established before attempting a new connection. enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry count
COMMAND:count <count>no count
DESCRIPTION:The number of retry attempts to establish a connection before moving on to the next remote Message VPN.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<count> [0..255] - The value to set. enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry delay
COMMAND:delay <seconds>no delay
DESCRIPTION:The number of seconds the broker waits for the bridge connection to be established before attempting a new connection.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [0..255] - The value to set. enable configure bridge <bridge-name> message-vpn <vpn-name> remote subscription-topic
COMMAND:subscription-topic <topic> [deliver-always]no subscription-topic <topic>
DESCRIPTION:Create or delete a Remote Subscription.
A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
deliver-always - Enable or disable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both. <topic> [1..250 chars] - The topic of the Bridge remote subscription. enable configure bridge <bridge-name> message-vpn <vpn-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Bridge.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure bridge <bridge-name> message-vpn <vpn-name> ssl
COMMAND:ssl [cipher-suite...]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] cipher-suite - The list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure. enable configure bridge <bridge-name> message-vpn <vpn-name> ssl cipher-suite
COMMAND:cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }no cipher-suite name <suite-name>
DESCRIPTION:The list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure.
The default is cipher-suite "default".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
after - Add the suite-name after the existing-suite-name before - Add the suite-name before the existing-suite-name default - The default cipher suite list. empty - Remove all cipher suites from the list <existing-suite-name> [1..64 chars] <suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present ( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite enable configure client-profile
COMMAND:[create | no] client-profile <name> message-vpn <vpn-name>DESCRIPTION:Create, modify, or delete a Client Profile.
Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [1..32 chars] - The name of the Client Profile. <vpn-name> [1..32 chars] - The name of the Message VPN. enable configure client-profile <name> message-vpn <vpn-name> allow-bridge-connections
COMMAND:[no] allow-bridge-connectionsDESCRIPTION:Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections.
The default value is no allow-bridge-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> allow-shared-subscriptions
COMMAND:[no] allow-shared-subscriptionsDESCRIPTION:Enable or disable allowing shared subscriptions. Changing this setting does not affect existing subscriptions.
The default value is no allow-shared-subscriptions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> compression
COMMAND:compression [shutdown]DESCRIPTION:Enter the "compression" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] shutdown - Enable or disable allowing clients using the Client Profile to use compression. enable configure client-profile <name> message-vpn <vpn-name> compression shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable allowing clients using the Client Profile to use compression.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> eliding
COMMAND:eliding [delay... | max-topics... | shutdown]DESCRIPTION:Enter the "eliding" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] delay - The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients. [no] max-topics - The maximum number of topics tracked for message eliding per client connection using the Client Profile. [no] shutdown - Enable or disable message eliding for clients using the Client Profile. enable configure client-profile <name> message-vpn <vpn-name> eliding delay
COMMAND:delay <milliseconds>no delay
DESCRIPTION:The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<milliseconds> [0..60000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> eliding max-topics
COMMAND:max-topics <num>no max-topics
DESCRIPTION:The maximum number of topics tracked for message eliding per client connection using the Client Profile.
The no version of the command returns its value to the default (256).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num> [1..32000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> eliding shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable message eliding for clients using the Client Profile.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> event
COMMAND:event [client-provisioned-endpoint-spool-usage | connections-per-client-username | egress-flows | endpoints-per-client-username | ingress-flows | service | subscriptions | transacted-sessions | transactions]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
client-provisioned-endpoint-spool-usage - Enter the "client-provisioned-endpoint-spool-usage" mode. connections-per-client-username - Enter the "connections-per-client-username" mode. egress-flows - Enter the "egress-flows" mode. endpoints-per-client-username - Enter the "endpoints-per-client-username" mode. ingress-flows - Enter the "ingress-flows" mode. service - Enter the "service" mode. subscriptions - Enter the "subscriptions" mode. transacted-sessions - Enter the "transacted-sessions" mode. transactions - Enter the "transactions" mode. enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage
COMMAND:client-provisioned-endpoint-spool-usage [thresholds...]DESCRIPTION:Enter the "client-provisioned-endpoint-spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of Queues and Topic Endpoints provisioned by clients, relative to max-spool-usage for these Queues and Topic Endpoints. Changing these values during operation does not affect existing sessions. For provisioned durable Queues and Topic Endpoints, this value applies when initially provisioned, but can then be changed afterwards by configuring the Queue or Topic Endpoint. enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage thresholds
COMMAND:thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]no thresholds
DESCRIPTION:The thresholds for the message spool usage event of Queues and Topic Endpoints provisioned by clients, relative to max-spool-usage for these Queues and Topic Endpoints. Changing these values during operation does not affect existing sessions. For provisioned durable Queues and Topic Endpoints, this value applies when initially provisioned, but can then be changed afterwards by configuring the Queue or Topic Endpoint.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username
COMMAND:connections-per-client-username [thresholds...]DESCRIPTION:Enter the "connections-per-client-username" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the Client Username connection count event of the Client Profile, relative to max-connections-per-client-username. enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Client Username connection count event of the Client Profile, relative to max-connections-per-client-username.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event egress-flows
COMMAND:egress-flows [thresholds...]DESCRIPTION:Enter the "egress-flows" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the transmit flow count event of the Client Profile, relative to max-egress-flows. enable configure client-profile <name> message-vpn <vpn-name> event egress-flows thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the transmit flow count event of the Client Profile, relative to max-egress-flows.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username
COMMAND:endpoints-per-client-username [thresholds...]DESCRIPTION:Enter the "endpoints-per-client-username" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the Client Username endpoint count event of the Client Profile, relative to max-endpoints. enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Client Username endpoint count event of the Client Profile, relative to max-endpoints.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows
COMMAND:ingress-flows [thresholds...]DESCRIPTION:Enter the "ingress-flows" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the receive flow count event of the Client Profile, relative to max-ingress-flows. enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the receive flow count event of the Client Profile, relative to max-ingress-flows.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event service
COMMAND:service [smf | web-transport]DESCRIPTION:Enter the "service" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
smf - Enter the "smf" mode. web-transport - Enter the "web-transport" mode. enable configure client-profile <name> message-vpn <vpn-name> event service smf
COMMAND:smf [connections-per-client-username]DESCRIPTION:Enter the "smf" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode. enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username
COMMAND:connections-per-client-username [thresholds...]DESCRIPTION:Enter the "connections-per-client-username" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the Client Username SMF connection count event of the Client Profile, relative to max-connections-per-client-username. enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Client Username SMF connection count event of the Client Profile, relative to max-connections-per-client-username.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event service web-transport
COMMAND:web-transport [connections-per-client-username]DESCRIPTION:Enter the "web-transport" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode. enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username
COMMAND:connections-per-client-username [thresholds...]DESCRIPTION:Enter the "connections-per-client-username" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the Client Username Web Transport connection count event of the Client Profile, relative to max-connections-per-client-username. enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Client Username Web Transport connection count event of the Client Profile, relative to max-connections-per-client-username.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event subscriptions
COMMAND:subscriptions [thresholds...]DESCRIPTION:Enter the "subscriptions" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the subscription count event of the Client Profile, relative to max-subscriptions. enable configure client-profile <name> message-vpn <vpn-name> event subscriptions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the subscription count event of the Client Profile, relative to max-subscriptions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions
COMMAND:transacted-sessions [thresholds...]DESCRIPTION:Enter the "transacted-sessions" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the transacted session count event of the Client Profile, relative to max-transacted-sessions. enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the transacted session count event of the Client Profile, relative to max-transacted-sessions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> event transactions
COMMAND:transactions [thresholds...]DESCRIPTION:Enter the "transactions" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the transaction count event of the Client Profile, relative to max-transactions. enable configure client-profile <name> message-vpn <vpn-name> event transactions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the transaction count event of the Client Profile, relative to max-transactions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure client-profile <name> message-vpn <vpn-name> max-connections-per-client-username
COMMAND:max-connections-per-client-username <value>no max-connections-per-client-username
DESCRIPTION:The maximum number of client connections per Client Username using the Client Profile.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..200000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> max-subscriptions
COMMAND:max-subscriptions <value>no max-subscriptions
DESCRIPTION:The maximum number of subscriptions per client using the Client Profile. This limit is not enforced when a client adds a subscription to an endpoint, except for MQTT QoS 1 subscriptions. In addition, this limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP.
The no version of the command returns its value to the default (varies by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..4294967295] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool
COMMAND:message-spool [allow-guaranteed-endpoint-create | allow-guaranteed-endpoint-create-durability... | allow-guaranteed-message-receive | allow-guaranteed-message-send | allow-transacted-sessions | api-queue-management | api-topic-endpoint-management | max-egress-flows... | max-endpoints-per-client-username... | max-ingress-flows... | max-messages-per-transaction... | max-transacted-sessions... | max-transactions... | reject-msg-to-sender-on-no-subscription-match]DESCRIPTION:Enter the "message-spool" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] allow-guaranteed-endpoint-create - Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections. [no] allow-guaranteed-endpoint-create-durability - The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections. [no] allow-guaranteed-message-receive - Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections. [no] allow-guaranteed-message-send - Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections. [no] allow-transacted-sessions - Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections. api-queue-management - Enter the "api-queue-management" mode. api-topic-endpoint-management - Enter the "api-topic-endpoint-management" mode. [no] max-egress-flows - The maximum number of transmit flows that can be created by one client using the Client Profile. [no] max-endpoints-per-client-username - The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile. [no] max-ingress-flows - The maximum number of receive flows that can be created by one client using the Client Profile. [no] max-messages-per-transaction - The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance. [no] max-transacted-sessions - The maximum number of transacted sessions that can be created by one client using the Client Profile. [no] max-transactions - The maximum number of transactions that can be created by one client using the Client Profile. [no] reject-msg-to-sender-on-no-subscription-match - Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found. enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-endpoint-create
COMMAND:[no] allow-guaranteed-endpoint-createDESCRIPTION:Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections.
The default value is no allow-guaranteed-endpoint-create.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-endpoint-create-durability
COMMAND:allow-guaranteed-endpoint-create-durability {all | durable | non-durable}no allow-guaranteed-endpoint-create-durability
DESCRIPTION:The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections.
The no version of the command returns its value to the default ("all").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
all - Client can create any type of endpoint. durable - Client can create only durable endpoints. non-durable - Client can create only non-durable endpoints. enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-receive
COMMAND:[no] allow-guaranteed-message-receiveDESCRIPTION:Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections.
The default value is no allow-guaranteed-message-receive.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-send
COMMAND:[no] allow-guaranteed-message-sendDESCRIPTION:Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections.
The default value is no allow-guaranteed-message-send.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-transacted-sessions
COMMAND:[no] allow-transacted-sessionsDESCRIPTION:Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections.
The default value is no allow-transacted-sessions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management
COMMAND:api-queue-management [copy-from-template-on-create...]DESCRIPTION:Enter the "api-queue-management" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] copy-from-template-on-create - The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template. enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management copy-from-template-on-create
COMMAND:copy-from-template-on-create <queue-template-name>no copy-from-template-on-create
DESCRIPTION:The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<queue-template-name> [0..255 chars] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management
COMMAND:api-topic-endpoint-management [copy-from-template-on-create...]DESCRIPTION:Enter the "api-topic-endpoint-management" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] copy-from-template-on-create - The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template. enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management copy-from-template-on-create
COMMAND:copy-from-template-on-create <topic-endpoint-template-name>no copy-from-template-on-create
DESCRIPTION:The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<topic-endpoint-template-name> [0..255 chars] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool max-egress-flows
COMMAND:max-egress-flows <value>no max-egress-flows
DESCRIPTION:The maximum number of transmit flows that can be created by one client using the Client Profile.
The no version of the command returns its value to the default (16000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..200000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool max-endpoints-per-client-username
COMMAND:max-endpoints-per-client-username <value>no max-endpoints-per-client-username
DESCRIPTION:The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile.
The no version of the command returns its value to the default (16000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..200000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool max-ingress-flows
COMMAND:max-ingress-flows <value>no max-ingress-flows
DESCRIPTION:The maximum number of receive flows that can be created by one client using the Client Profile.
The no version of the command returns its value to the default (16000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..1000000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool max-messages-per-transaction
COMMAND:max-messages-per-transaction <value>no max-messages-per-transaction
DESCRIPTION:The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance.
The no version of the command returns its value to the default (256).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [1..20000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transacted-sessions
COMMAND:max-transacted-sessions <value>no max-transacted-sessions
DESCRIPTION:The maximum number of transacted sessions that can be created by one client using the Client Profile.
The no version of the command returns its value to the default (10).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..100000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transactions
COMMAND:max-transactions <value>no max-transactions
DESCRIPTION:The maximum number of transactions that can be created by one client using the Client Profile.
The no version of the command returns its value to the default (varies by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..100000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> message-spool reject-msg-to-sender-on-no-subscription-match
COMMAND:[no] reject-msg-to-sender-on-no-subscription-matchDESCRIPTION:Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found.
The default value is no reject-msg-to-sender-on-no-subscription-match.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> queue
COMMAND:queue <type>DESCRIPTION:Enter the "queue" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<type> [G-1 | D-1 | D-2 | D-3 | C-1] - The type of queue to configure (G-Guaranteed, D-Direct, C-Control). enable configure client-profile <name> message-vpn <vpn-name> queue <type> max-depth
COMMAND:max-depth <depth>no max-depth
DESCRIPTION:The maximum depth of the specified priority queue, in work units. Each work unit is 2048 bytes of message data.
The no version of the command returns its value to the default (20000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<depth> [2..262144] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> queue <type> min-msg-burst
COMMAND:min-msg-burst <depth>no min-msg-burst
DESCRIPTION:The number of messages that are always allowed entry into the specified priority queue, regardless of the max-depth value.
The no version of the command returns its value to the default. The default depends on the priority queue type.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<depth> [0..262144] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> replication
COMMAND:replication [allow-clients-when-standby]DESCRIPTION:Enter the "replication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] allow-clients-when-standby - Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby. enable configure client-profile <name> message-vpn <vpn-name> replication allow-clients-when-standby
COMMAND:[no] allow-clients-when-standbyDESCRIPTION:Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby.
The default value is no allow-clients-when-standby.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> service
COMMAND:service [min-keepalive-timeout... | smf | web-transport]DESCRIPTION:Enter the "service" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] min-keepalive-timeout - The minimum client keepalive timeout which will be enforced for client connections. smf - Enter the "smf" mode. web-transport - Enter the "web-transport" mode. enable configure client-profile <name> message-vpn <vpn-name> service min-keepalive-timeout
COMMAND:min-keepalive-timeout <seconds>no min-keepalive-timeout
DESCRIPTION:The minimum client keepalive timeout which will be enforced for client connections.
The no version of the command returns its value to the default (30).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [3..3600] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> service smf
COMMAND:smf [max-connections-per-client-username... | min-keepalive-enabled]DESCRIPTION:Enter the "smf" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] max-connections-per-client-username - The maximum number of SMF client connections per Client Username using the Client Profile. [no] min-keepalive-enabled - Enable or disable the enforcement of a minimum keepalive timeout for SMF clients. enable configure client-profile <name> message-vpn <vpn-name> service smf max-connections-per-client-username
COMMAND:max-connections-per-client-username <value>no max-connections-per-client-username
DESCRIPTION:The maximum number of SMF client connections per Client Username using the Client Profile.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..200000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> service smf min-keepalive-enabled
COMMAND:[no] min-keepalive-enabledDESCRIPTION:Enable or disable the enforcement of a minimum keepalive timeout for SMF clients.
The default value is no min-keepalive-enabled.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> service web-transport
COMMAND:web-transport [inactive-timeout... | max-connections-per-client-username... | max-web-payload...]DESCRIPTION:Enter the "web-transport" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] inactive-timeout - The timeout for inactive Web Transport client sessions using the Client Profile, in seconds. [no] max-connections-per-client-username - The maximum number of Web Transport client connections per Client Username using the Client Profile. [no] max-web-payload - The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included. enable configure client-profile <name> message-vpn <vpn-name> service web-transport inactive-timeout
COMMAND:inactive-timeout <seconds>no inactive-timeout
DESCRIPTION:The timeout for inactive Web Transport client sessions using the Client Profile, in seconds.
The no version of the command returns its value to the default (30).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [1..4294967295] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-connections-per-client-username
COMMAND:max-connections-per-client-username <value>no max-connections-per-client-username
DESCRIPTION:The maximum number of Web Transport client connections per Client Username using the Client Profile.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..200000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-web-payload
COMMAND:max-web-payload <bytes>no max-web-payload
DESCRIPTION:The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included.
The no version of the command returns its value to the default (1000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<bytes> [300..10000000] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> ssl
COMMAND:ssl [allow-downgrade-to-plain-text]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] allow-downgrade-to-plain-text - Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text. enable configure client-profile <name> message-vpn <vpn-name> ssl allow-downgrade-to-plain-text
COMMAND:[no] allow-downgrade-to-plain-textDESCRIPTION:Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text.
The default value is allow-downgrade-to-plain-text.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure client-profile <name> message-vpn <vpn-name> tcp
COMMAND:tcp [initial-cwnd... | keepalive | max-wnd... | mss...]DESCRIPTION:Enter the "tcp" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. keepalive - Enter the "keepalive" mode. [no] max-wnd - The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. [no] mss - The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. enable configure client-profile <name> message-vpn <vpn-name> tcp initial-cwnd
COMMAND:initial-cwnd <num-mss>no initial-cwnd
DESCRIPTION:The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.
The no version of the command returns its value to the default (2).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num-mss> [2..7826] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive
COMMAND:keepalive [count... | idle... | interval...]DESCRIPTION:Enter the "keepalive" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. [no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. [no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive count
COMMAND:count <num>no count
DESCRIPTION:The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
The no version of the command returns its value to the default (5).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num> [2..5] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive idle
COMMAND:idle <seconds>no idle
DESCRIPTION:The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [3..120] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive interval
COMMAND:interval <seconds>no interval
DESCRIPTION:The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [1..30] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> tcp max-wnd
COMMAND:max-wnd <num-kilo-bytes>no max-wnd
DESCRIPTION:The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.
The no version of the command returns its value to the default (256).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num-kilo-bytes> [16..65536] - The value to set. enable configure client-profile <name> message-vpn <vpn-name> tcp mss
COMMAND:mss <byte-count>no mss
DESCRIPTION:The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections.
The no version of the command returns its value to the default (1460).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<byte-count> [256..1460] - The value to set. enable configure client-username
COMMAND:[create | no] client-username <username> message-vpn <vpn-name>DESCRIPTION:Create, modify, or delete a Client Username.
A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<username> [1..189 chars] - The name of the Client Username. <vpn-name> [1..32 chars] - The name of the Message VPN. enable configure client-username <username> message-vpn <vpn-name> acl-profile
COMMAND:acl-profile <name>no acl-profile
DESCRIPTION:The ACL Profile of the Client Username.
The no version of the command returns its value to the default ("default").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The value to set. enable configure client-username <username> message-vpn <vpn-name> attribute
COMMAND:[create | no] attribute <name> <value>DESCRIPTION:Create, modify, or delete a Client Username Attribute.
A ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..64 chars] - The name of the Attribute. <value> [1..256 chars] - The value of the Attribute. enable configure client-username <username> message-vpn <vpn-name> client-profile
COMMAND:client-profile <name>no client-profile
DESCRIPTION:The Client Profile of the Client Username.
The no version of the command returns its value to the default ("default").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The value to set. enable configure client-username <username> message-vpn <vpn-name> guaranteed-endpoint-permission-override
COMMAND:[no] guaranteed-endpoint-permission-overrideDESCRIPTION:Enable or disable guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner.
The default value is no guaranteed-endpoint-permission-override.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure client-username <username> message-vpn <vpn-name> password
COMMAND:password <password>no password
DESCRIPTION:The password for the Client Username.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<password> [0..128 chars] - The value to set. enable configure client-username <username> message-vpn <vpn-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Client Username. When disabled, all clients currently connected as the Client Username are disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure client-username <username> message-vpn <vpn-name> subscription-manager
COMMAND:[no] subscription-managerDESCRIPTION:Enable or disable the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames.
The default value is no subscription-manager.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure clock
COMMAND:clock [set... | synchronization | timezone...]DESCRIPTION:Use this command to configure the system clock on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
set - Sets the system clock synchronization - Use this command to configure the system synchronization on the router. timezone - Sets the system time zone enable configure clock set
COMMAND:set <time> <day> <month> <year>DESCRIPTION:Sets the system clock
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<day> [1..31] - The current day by date <month> [January | February | March | April | May | June | July | August | September | October | November | December] - The current month by name (e.g. January) <time> [0..8 chars] - The current time in 24-hour format (hh:mm:ss) <year> [1970..2037] - The current year, no abbreviation enable configure clock synchronization
COMMAND:synchronization [ntp-source... | protocol... | shutdown]DESCRIPTION:Use this command to configure the system synchronization on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[create|no] ntp-source - Use this command to add an NTP source for time synchronization on the broker. These sources are only relevant when using the NTP protocol and will be ignored otherwise. [no] protocol - Set the synchronization protocol [no] shutdown - Enable or disable clock synchronization enable configure clock synchronization ntp-source
COMMAND:[create | no] ntp-source <ip-addr>DESCRIPTION:Use this command to add an NTP source for time synchronization on the broker. These sources are only relevant when using the NTP protocol and will be ignored otherwise.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<ip-addr> [1..253 chars: ] - FQDN or IP address enable configure clock synchronization ntp-source <ip-addr> nts
COMMAND:[no] ntsDESCRIPTION:Enable authentication for this source using the Network Time Security mechanism
The default value is no nts.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure clock synchronization ntp-source <ip-addr> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable this NTP source for clock synchronization
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure clock synchronization protocol
COMMAND:protocol {ntp | ptp}no protocol
DESCRIPTION:Set the synchronization protocol
The no version of the command returns its value to the default ("ntp").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
ntp - Use NTP for system clock synchronization. ptp - Use PTP protocal for system clock synchronization. enable configure clock synchronization shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable clock synchronization
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure clock timezone
COMMAND:timezone <zone>DESCRIPTION:Sets the system time zone
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<zone> [0..32 chars] - The time zone name (e.g. EST, Europe/London, Etc/GMT-5). If unsure, use UTC or see 'show clock timezones' for list of supported time zones. enable configure compression
COMMAND:compression [mode...]DESCRIPTION:Use this command to set on a global basis the compression mode for data sent from routers. The router compression mode can be configured globally for data sent from the router to one of two types: optimized for size (the default) or optimized for speed. In general, optimized for size yields a higher compression ratio with lower throughput, while optimized for-speed yields a higher throughput with lower compression ratio.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
mode - This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio. enable configure compression mode
COMMAND:mode {optimize-for-size | optimize-for-speed}DESCRIPTION:This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
optimize-for-size - optimize-for-size tends to yield higher compression ratio with lower throughput. optimize-for-speed - optimize-for-speed tends to yield higher throughput with lower compression ratio. enable configure config-sync
COMMAND:config-sync [authentication | client-profile | shutdown... | ssl | synchronize]DESCRIPTION:Enter Config-Sync configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
authentication - Enter authentication configuration mode client-profile - Enter client-profile configuration mode [no] shutdown - This command disables the Config-Sync feature. [no] ssl - Enable use of encryption by config-sync. If enabled, config-sync connections initiated by this router will be encrypted, and all incoming config-sync connections must be encrypted. If disabled, config-sync connections initiated by this router will be plain-text and the incoming connection from the HA-mate must be plain-text, but the incoming connection from the DR-site may be plain-text or encrypted.
If enabled, and redundancy is enabled, a redundancy pre-shared-key must be configured in order for config-sync to be operational.
If enabled, this setting overrides the replication config-sync setting for encryption.synchronize - Enter synchronization configuration mode. enable configure config-sync authentication
COMMAND:authentication [client-certificate]DESCRIPTION:Enter authentication configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
client-certificate - Enter client-certificate configuration mode enable configure config-sync authentication client-certificate
COMMAND:client-certificate [max-certificate-chain-depth... | validate-certificate-date]DESCRIPTION:Enter client-certificate configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] max-certificate-chain-depth - Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3). [no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate. enable configure config-sync authentication client-certificate max-certificate-chain-depth
COMMAND:max-certificate-chain-depth <max-depth>no max-certificate-chain-depth
DESCRIPTION:Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8 enable configure config-sync authentication client-certificate validate-certificate-date
COMMAND:[no] validate-certificate-dateDESCRIPTION:Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.
The default value is validate-certificate-date.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure config-sync client-profile
COMMAND:client-profile [tcp]DESCRIPTION:Enter client-profile configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
tcp - Enter tcp configuration mode enable configure config-sync client-profile tcp
COMMAND:tcp [initial-cwnd... | keepalive | max-wnd... | mss...]DESCRIPTION:Enter tcp configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] initial-cwnd - Configure the TCP initial congestion window size. keepalive - Enter configuration of tcp keepalives. [no] max-wnd - Configure the TCP maximum window size. [no] mss - Configure the TCP maximum segment size. enable configure config-sync client-profile tcp initial-cwnd
COMMAND:initial-cwnd <num-mss>no initial-cwnd
DESCRIPTION:Configure the TCP initial congestion window size.
The no version of the command returns its value to the default (2).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<num-mss> [2..7826] - The size of the initial congestion window measured in number of MSS. enable configure config-sync client-profile tcp keepalive
COMMAND:keepalive [count... | idle... | interval...]DESCRIPTION:Enter configuration of tcp keepalives.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. [no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. [no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. enable configure config-sync client-profile tcp keepalive count
COMMAND:count <num>no count
DESCRIPTION:The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
The no version of the command returns its value to the default (5).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<num> [2..5] - The maximum number of keepalive probes TCP should send before dropping the connection. enable configure config-sync client-profile tcp keepalive idle
COMMAND:idle <seconds>no idle
DESCRIPTION:The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<seconds> [3..120] - The time (in seconds) the connection needs to be idle before TCP starts sending keepalive probes. enable configure config-sync client-profile tcp keepalive interval
COMMAND:interval <seconds>no interval
DESCRIPTION:The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<seconds> [1..30] - The time (in seconds) between individual keepalive probes. enable configure config-sync client-profile tcp max-wnd
COMMAND:max-wnd <num-kilo-bytes>no max-wnd
DESCRIPTION:Configure the TCP maximum window size.
The no version of the command returns its value to the default (256).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<num-kilo-bytes> [16..65536] - The size of the maximum TCP window size in KB. enable configure config-sync client-profile tcp mss
COMMAND:mss <byte-count>no mss
DESCRIPTION:Configure the TCP maximum segment size.
The no version of the command returns its value to the default (1460).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<byte-count> [256..1460] - The size in bytes of MSS. enable configure config-sync shutdown
COMMAND:shutdownno shutdown
DESCRIPTION:This command disables the Config-Sync feature.
The default value is shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure config-sync ssl
COMMAND:[no] sslDESCRIPTION:Enable use of encryption by config-sync. If enabled, config-sync connections initiated by this router will be encrypted, and all incoming config-sync connections must be encrypted. If disabled, config-sync connections initiated by this router will be plain-text and the incoming connection from the HA-mate must be plain-text, but the incoming connection from the DR-site may be plain-text or encrypted.
If enabled, and redundancy is enabled, a redundancy pre-shared-key must be configured in order for config-sync to be operational.
If enabled, this setting overrides the replication config-sync setting for encryption.
The default value is no ssl.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure config-sync synchronize
COMMAND:synchronize [username]DESCRIPTION:Enter synchronization configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] username - Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync. enable configure config-sync synchronize username
COMMAND:[no] usernameDESCRIPTION:Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync.
The default value is username.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure console
COMMAND:console [baud-rate... | login-banner... | timeout...]DESCRIPTION:Use this command to configure console parameters on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
baud-rate - Configure the baud rate for the serial console port. [no] login-banner - Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.
Example input for printing Hello World across 2 lines:
"Hello\nWorld"
Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.
Banners can be a maximum of 2048 characters in length.
The default banner is a product specific description.
The 'no' version of this command returns to the default login banner.timeout - Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions. enable configure console baud-rate
COMMAND:baud-rate <baud-rate>DESCRIPTION:Configure the baud rate for the serial console port.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<baud-rate> [110 | 300 | 1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200] - Baud rate in bps. enable configure console login-banner
COMMAND:login-banner {text <banner-text> | file <file-name> | default}no login-banner
DESCRIPTION:Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.
Example input for printing Hello World across 2 lines:
"Hello\nWorld"
Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.
Banners can be a maximum of 2048 characters in length.
The default banner is a product specific description.
The 'no' version of this command returns to the default login banner.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<banner-text> [0..2048 chars] - Text to display on user logins default - Use the product description as the banner text file - Load the banner text from a file <file-name> [0..255 chars] - Name of the file to load from the jail directory text - Enter the banner text directly on the command line enable configure console timeout
COMMAND:timeout <idle-timeout>DESCRIPTION:Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<idle-timeout> [0..43200] - timeout value in minutes (0 to disable) enable configure distributed-cache
COMMAND:[no] distributed-cache <name> message-vpn <vpn-name>create distributed-cache <name> message-vpn <vpn-name> [primary | backup | auto]
DESCRIPTION:Create, modify, or delete a Distributed Cache.
A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..200 chars] - The name of the Distributed Cache. <vpn-name> [1..32 chars] - The name of the Message VPN. auto - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role. backup - The Distributed Cache is used for the backup virtual router. primary - The Distributed Cache is used for the primary virtual router. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster
COMMAND:[create | no] cache-cluster <name>DESCRIPTION:Create, modify, or delete a Cache Cluster.
A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..200 chars] - The name of the Cache Cluster. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance
COMMAND:[create | no] cache-instance <name>DESCRIPTION:Create, modify, or delete a Cache Instance.
A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..200 chars] - The name of the Cache Instance. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> auto-start
COMMAND:[no] auto-startDESCRIPTION:Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker.
The default value is no auto-start.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Cache Instance.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> stop-on-lost-message
COMMAND:[no] stop-on-lost-messageDESCRIPTION:Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages.
The default value is stop-on-lost-message.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> deliver-to-one-override
COMMAND:[no] deliver-to-one-overrideDESCRIPTION:Enable or disable deliver-to-one override for the Cache Cluster.
The default value is deliver-to-one-override.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event
COMMAND:event [data-byte-rate | data-message-rate | max-memory | max-topics | request-queue-depth | request-rate | response-rate]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
data-byte-rate - Enter the "data-byte-rate" mode. data-message-rate - Enter the "data-message-rate" mode. max-memory - Enter the "max-memory" mode. max-topics - Enter the "max-topics" mode. request-queue-depth - Enter the "request-queue-depth" mode. request-rate - Enter the "request-rate" mode. response-rate - Enter the "response-rate" mode. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate
COMMAND:data-byte-rate [thresholds...]DESCRIPTION:Enter the "data-byte-rate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the cached data incoming byte rate event, in bytes per second. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the cached data incoming byte rate event, in bytes per second.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate
COMMAND:data-message-rate [thresholds...]DESCRIPTION:Enter the "data-message-rate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the cached data incoming message rate event, in messages per second. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the cached data incoming message rate event, in messages per second.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory
COMMAND:max-memory [thresholds...]DESCRIPTION:Enter the "max-memory" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the memory usage per instance event, relative to `maxMemory`. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the memory usage per instance event, relative to `maxMemory`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics
COMMAND:max-topics [thresholds...]DESCRIPTION:Enter the "max-topics" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the topics per instance event, relative to `maxTopicCount`. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the topics per instance event, relative to `maxTopicCount`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth
COMMAND:request-queue-depth [thresholds...]DESCRIPTION:Enter the "request-queue-depth" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the request queue depth event, relative to `maxRequestQueueDepth`. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the request queue depth event, relative to `maxRequestQueueDepth`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate
COMMAND:request-rate [thresholds...]DESCRIPTION:Enter the "request-rate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the cache request message rate event, in messages per second. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the cache request message rate event, in messages per second.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate
COMMAND:response-rate [thresholds...]DESCRIPTION:Enter the "response-rate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the cache response message rate event, in messages per second. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the cache response message rate event, in messages per second.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching
COMMAND:global-caching [heartbeat... | home-cache-cluster... | shutdown | topic-lifetime...]DESCRIPTION:Enter the "global-caching" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] heartbeat - The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters. [create|no] home-cache-cluster - Create, modify, or delete a Home Cache Cluster.
A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.[no] shutdown - Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters. [no] topic-lifetime - The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching heartbeat
COMMAND:heartbeat <seconds>no heartbeat
DESCRIPTION:The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [1..255] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster
COMMAND:[create | no] home-cache-cluster <name>DESCRIPTION:Create, modify, or delete a Home Cache Cluster.
A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..200 chars] - The name of the remote Home Cache Cluster. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster <name> topic-prefix
COMMAND:[no] topic-prefix <topic-prefix>DESCRIPTION:Create or delete a Topic Prefix.
A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<topic-prefix> [1..250 chars] - A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching topic-lifetime
COMMAND:topic-lifetime <seconds>no topic-lifetime
DESCRIPTION:The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging.
The no version of the command returns its value to the default (3600).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [0..4294967295] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-memory
COMMAND:max-memory <megabytes>no max-memory
DESCRIPTION:The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster.
The no version of the command returns its value to the default (2048).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<megabytes> [128..2147483647] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-messages-per-topic
COMMAND:max-messages-per-topic <num-messages>no max-messages-per-topic
DESCRIPTION:The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num-messages> [1..2147483647] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-topics
COMMAND:max-topics <num-topics>no max-topics
DESCRIPTION:The maximum number of topics for each Cache Instance in the Cache Cluster.
The no version of the command returns its value to the default (2000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num-topics> [1..4294967294] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> message-lifetime
COMMAND:message-lifetime <seconds>no message-lifetime
DESCRIPTION:The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [0..4294967294] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> new-topic-advertisement
COMMAND:[no] new-topic-advertisementDESCRIPTION:Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster.
The default value is no new-topic-advertisement.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> request-queue-depth
COMMAND:request-queue-depth <num-messages>no request-queue-depth
DESCRIPTION:The maximum queue depth for cache requests received by the Cache Cluster.
The no version of the command returns its value to the default (100000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num-messages> [1..200000] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Cache Cluster.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> topic
COMMAND:[no] topic <topic-str>DESCRIPTION:Create or delete a Topic.
The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<topic-str> [1..250 chars] - The value of the Topic in the form a/b/c. enable configure distributed-cache <name> message-vpn <vpn-name> heartbeat
COMMAND:heartbeat <seconds>no heartbeat
DESCRIPTION:The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker.
The no version of the command returns its value to the default (10).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [3..60] - The value to set. enable configure distributed-cache <name> message-vpn <vpn-name> scheduled-delete-message
COMMAND:scheduled-delete-message [days <days-of-week> ] times <times-of-day>no scheduled-delete-message
DESCRIPTION:The schedule for deleting messages from the cache.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none". <times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none" enable configure distributed-cache <name> message-vpn <vpn-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Distributed Cache.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure dns
COMMAND:dns [name-server... | polled-domain-name... | search-domain-list...]DESCRIPTION:Use this command to enter Domain Name System (DNS) configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] name-server - Use this command to provision a DNS server. A maximum of 3 name servers is allowed. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. If no server is provided, all servers are de-provisioned. [no] polled-domain-name - Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value. [no] search-domain-list - The domain(s) to search for host-name lookups. If unset this defaults to the local domain name. enable configure dns name-server
COMMAND:name-server <ip-addr>no name-server [<ip-addr> ]
DESCRIPTION:Use this command to provision a DNS server. A maximum of 3 name servers is allowed. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. If no server is provided, all servers are de-provisioned.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<ip-addr> [0..39 chars] - IP address enable configure dns polled-domain-name
COMMAND:polled-domain-name <domain-name>no polled-domain-name
DESCRIPTION:Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value.
The no version of the command returns its value to the default ("www.solace.com").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<domain-name> [1..256 chars] - The domain name looked-up in order to determine the status of the name servers enable configure dns search-domain-list
COMMAND:search-domain-list <domain-list>no search-domain-list
DESCRIPTION:The domain(s) to search for host-name lookups. If unset this defaults to the local domain name.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<domain-list> [1..255 chars] - The domains to search. A space separated list may be provided, with up to 6 domains with total length of 256 chars. enable configure hardware
COMMAND:hardware [disk... | message-spool | power-redundancy...]DESCRIPTION:Use this command to configure routing modules and disks on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
disk - Enable/disable hard disk message-spool - Configure message spool hardware options power-redundancy - Configure power-redundancy. enable configure hardware disk
COMMAND:disk <disk-name> [no-shutdown] [shutdown]DESCRIPTION:Enable/disable hard disk
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<disk-name> [1..4] - The name of the top disk is 1; and increments to the bottom slot. no-shutdown - Enable the disk shutdown - Disable the disk enable configure hardware message-spool
COMMAND:message-spool [defragment-spool-files | disk-array... | event | internal-disk | max-cache-usage... | max-spool-usage... | shutdown... | transaction | virtual-router-when-active-active...]DESCRIPTION:Configure message spool hardware options
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
defragment-spool-files - Enter message spool defragment-spool-files configuration mode. [no] disk-array - Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.
This command only affects the system behavior if configured to spool to an external disk.
The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.event - Enter message spool event configuration mode. [no] internal-disk - Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.
This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.
This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.
internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".[no] max-cache-usage - Configure guaranteed message cache usage limit. [no] max-spool-usage - Configure message spool usage limit. [no] shutdown - Enable/disable message-spooling for the router transaction - Enter message spool transaction configuration mode. [no] virtual-router-when-active-active - The High Availability role for this broker if using the legacy Active/Active configuration for high availability (not recommended). Note: for Active/Standby high availability configuration, this setting is ignored. enable configure hardware message-spool defragment-spool-files
COMMAND:defragment-spool-files [schedule | threshold]DESCRIPTION:Enter message spool defragment-spool-files configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
schedule - Enter message spool defragment-spool-files schedule configuration mode. threshold - Enter message spool defragment-spool-files threshold configuration mode. enable configure hardware message-spool defragment-spool-files schedule
COMMAND:schedule [days... | shutdown | times...]DESCRIPTION:Enter message spool defragment-spool-files schedule configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] days - The days of the week to schedule defragmentation runs. [no] shutdown - Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files. [no] times - The times of the day to schedule defragmentation runs. enable configure hardware message-spool defragment-spool-files schedule days
COMMAND:days <days-of-week>no days
DESCRIPTION:The days of the week to schedule defragmentation runs.
The no version of the command returns its value to the default ("daily").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none". enable configure hardware message-spool defragment-spool-files schedule shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure hardware message-spool defragment-spool-files schedule times
COMMAND:times <times-of-day>no times
DESCRIPTION:The times of the day to schedule defragmentation runs.
The no version of the command returns its value to the default ("0:00").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none" enable configure hardware message-spool defragment-spool-files threshold
COMMAND:threshold [fragmentation-percentage... | min-interval... | shutdown | usage-percentage...]DESCRIPTION:Enter message spool defragment-spool-files threshold configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] fragmentation-percentage - Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%. [no] min-interval - Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds. [no] shutdown - Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files. [no] usage-percentage - Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%. enable configure hardware message-spool defragment-spool-files threshold fragmentation-percentage
COMMAND:fragmentation-percentage <percentage>no fragmentation-percentage
DESCRIPTION:Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%.
The no version of the command returns its value to the default (50).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<percentage> [30..100] - The threshold as percent. enable configure hardware message-spool defragment-spool-files threshold min-interval
COMMAND:min-interval <interval>no min-interval
DESCRIPTION:Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds.
The no version of the command returns its value to the default (15).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<interval> [0..4294967295] - The minimum interval (in minutes). enable configure hardware message-spool defragment-spool-files threshold shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure hardware message-spool defragment-spool-files threshold usage-percentage
COMMAND:usage-percentage <percentage>no usage-percentage
DESCRIPTION:Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%.
The no version of the command returns its value to the default (50).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<percentage> [30..100] - The threshold as percent. enable configure hardware message-spool disk-array
COMMAND:disk-array wwn <wwn>no disk-array
DESCRIPTION:Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.
This command only affects the system behavior if configured to spool to an external disk.
The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<wwn> [0..64 chars] - If the WWN is in NAA format it is either an 8 or 16 byte number represented as a string of hex characters separated by colons starting with 1,2,5 or 6.
For example:
50:00:2a:c0:00:f1:33:74
60:06:01:60:bf:51:12:00:9a:fb:40:97:83:3f:dc:11
If it is not in NAA format it can be any string without colons.enable configure hardware message-spool event
COMMAND:event [cache-usage | delivered-unacked | disk-usage | egress-flows | endpoints | ingress-flows | message-count | spool-files | spool-usage | transacted-session-resources | transacted-sessions | transactions]DESCRIPTION:Enter message spool event configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
cache-usage - Configure the event thresholds for the cache usage delivered-unacked - Configure the event thresholds for the total number of delivered but unacked messages at system level. disk-usage - Configure the event thresholds for the active disk partition usage at system level. egress-flows - Configure the event thresholds for the egress flows at system level. endpoints - Configure the event thresholds for the number of queues and topic endpoints at system level ingress-flows - Configure the event thresholds for the ingress flows at system level. message-count - Configure the event thresholds for the total number of spooled messages at system level. spool-files - Configure the event thresholds for the spool files at system level. spool-usage - Configure the event thresholds for the system level spool usage. transacted-session-resources - Configure the event thresholds for the total number of transacted session resources at system level. transacted-sessions - Configure the event thresholds for guaranteed data transacted sessions allowed at the system level. transactions - Configure the event thresholds for guaranteed data transactions allowed at the system level. enable configure hardware message-spool event cache-usage
COMMAND:cache-usage [thresholds...]DESCRIPTION:Configure the event thresholds for the cache usage
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly enable configure hardware message-spool event cache-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-cache-usage value <clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-cache-usage value <set-value> [0..4294967295] - The set value to be configured for this event as an absolute count enable configure hardware message-spool event delivered-unacked
COMMAND:delivered-unacked [thresholds...]DESCRIPTION:Configure the event thresholds for the total number of delivered but unacked messages at system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit. enable configure hardware message-spool event delivered-unacked thresholds
COMMAND:thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]no thresholds
DESCRIPTION:Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value enable configure hardware message-spool event disk-usage
COMMAND:disk-usage [thresholds...]DESCRIPTION:Configure the event thresholds for the active disk partition usage at system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit. enable configure hardware message-spool event disk-usage thresholds
COMMAND:thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]no thresholds
DESCRIPTION:Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the active disk partition usage value <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the active disk partition usage value enable configure hardware message-spool event egress-flows
COMMAND:egress-flows [thresholds...]DESCRIPTION:Configure the event thresholds for the egress flows at system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count. enable configure hardware message-spool event egress-flows thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of egress flows value <clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of egress flows value <set-value> [0..4294967295] - The set value to be configured for this event as an absolute count enable configure hardware message-spool event endpoints
COMMAND:endpoints [thresholds...]DESCRIPTION:Configure the event thresholds for the number of queues and topic endpoints at system level
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count. enable configure hardware message-spool event endpoints thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value <clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value <set-value> [0..4294967295] - The set value to be configured for this event as an absolute count enable configure hardware message-spool event ingress-flows
COMMAND:ingress-flows [thresholds...]DESCRIPTION:Configure the event thresholds for the ingress flows at system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count. enable configure hardware message-spool event ingress-flows thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of ingress flows value <clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of ingress flows value <set-value> [0..4294967295] - The set value to be configured for this event as an absolute count enable configure hardware message-spool event message-count
COMMAND:message-count [thresholds...]DESCRIPTION:Configure the event thresholds for the total number of spooled messages at system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit. enable configure hardware message-spool event message-count thresholds
COMMAND:thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]no thresholds
DESCRIPTION:Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool messages value <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool messages value enable configure hardware message-spool event spool-files
COMMAND:spool-files [thresholds...]DESCRIPTION:Configure the event thresholds for the spool files at system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit. enable configure hardware message-spool event spool-files thresholds
COMMAND:thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]no thresholds
DESCRIPTION:Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool files value <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool files value enable configure hardware message-spool event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Configure the event thresholds for the system level spool usage.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB) enable configure hardware message-spool event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB)
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value <clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value <set-value> [0..4294967295] - The set value to be configured for this event as an absolute count enable configure hardware message-spool event transacted-session-resources
COMMAND:transacted-session-resources [thresholds...]DESCRIPTION:Configure the event thresholds for the total number of transacted session resources at system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit. enable configure hardware message-spool event transacted-session-resources thresholds
COMMAND:thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]no thresholds
DESCRIPTION:Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value enable configure hardware message-spool event transacted-sessions
COMMAND:transacted-sessions [thresholds...]DESCRIPTION:Configure the event thresholds for guaranteed data transacted sessions allowed at the system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count. enable configure hardware message-spool event transacted-sessions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transacted-sessions value <clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transacted-sessions value <set-value> [0..4294967295] - The set value to be configured for this event as an absolute count enable configure hardware message-spool event transactions
COMMAND:transactions [thresholds...]DESCRIPTION:Configure the event thresholds for guaranteed data transactions allowed at the system level.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count. enable configure hardware message-spool event transactions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transactions value <clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transactions value <set-value> [0..4294967295] - The set value to be configured for this event as an absolute count enable configure hardware message-spool internal-disk
COMMAND:[no] internal-diskDESCRIPTION:Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.
This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.
This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.
internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".
The default value is no internal-disk.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure hardware message-spool max-cache-usage
COMMAND:max-cache-usage <percent-usage>no max-cache-usage
DESCRIPTION:Configure guaranteed message cache usage limit.
The no version of the command returns its value to the default (10).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<percent-usage> [0..50] - Maximum percentage of the NAB's egress queueing resources that the guaranteed message cache is allowed to use enable configure hardware message-spool max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:Configure message spool usage limit.
The no version of the command returns its value to the default (60000).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB enable configure hardware message-spool shutdown
COMMAND:shutdownno shutdown
DESCRIPTION:Enable/disable message-spooling for the router
The default value is shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure hardware message-spool transaction
COMMAND:transaction [replication-compatibility-mode...]DESCRIPTION:Enter message spool transaction configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] replication-compatibility-mode - Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.enable configure hardware message-spool transaction replication-compatibility-mode
COMMAND:replication-compatibility-mode {legacy | transacted}no replication-compatibility-mode
DESCRIPTION:Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.
The no version of the command returns its value to the default ("legacy").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
legacy - All transactions originated by clients are replicated to the standby site without using transactions. transacted - All transactions originated by clients are replicated to the standby site using transactions. enable configure hardware message-spool virtual-router-when-active-active
COMMAND:virtual-router-when-active-active {primary | backup}no virtual-router-when-active-active
DESCRIPTION:The High Availability role for this broker if using the legacy Active/Active configuration for high availability (not recommended). Note: for Active/Standby high availability configuration, this setting is ignored.
The no version of the command returns its value to the default ("primary").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
backup - The backup virtual router. primary - The primary virtual router. enable configure hardware power-redundancy
COMMAND:power-redundancy <type>DESCRIPTION:Configure power-redundancy.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<type> [1+1 | 1+2 | 2+2] - Expected power supply redundancy enable configure hostname
COMMAND:hostname <name> [defer]no hostname [defer]
DESCRIPTION:Config the host name.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart. <name> [1..64 chars] - The hostname to assign to the router. Cannot start with "v:", which stands for virtual router. The "no" version of the command resets the host name to the default value (solace). enable configure interface
COMMAND:[create] interface <phy-interface> [<mode>]no interface <phy-interface>
DESCRIPTION:Use this command to enter interface configuration mode to configure ethernet or Link Aggregation Group (LAG) parameters for physical interfaces on routers, on an interface by interface basis.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<mode> [lacp | active-backup] - (lacp | active-backup)
Examples: "lacp", "active-backup"<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"( no ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"( create ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"enable configure interface <phy-interface> lacp
COMMAND:lacp [rate...]DESCRIPTION:Enter LACP configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
rate - Configure the rate at which the appliance requests LACP PDU from peers. enable configure interface <phy-interface> lacp rate
COMMAND:rate {fast | slow}DESCRIPTION:Configure the rate at which the appliance requests LACP PDU from peers.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
fast - Fast LACP PDU rate (1 second intervals). slow - Slow LACP PDU rate (30 seconds intervals). enable configure interface <phy-interface> member
COMMAND:[no] member <phy-interface>DESCRIPTION:Add/remove LAG interface members
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"enable configure interface <phy-interface> primary-member
COMMAND:primary-member <phy-interface>no primary-member
DESCRIPTION:Primary member for active-backup mode.
The no version of the command returns its value to the default (no primary-member configured).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"enable configure interface <phy-interface> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable this interface
The default value is shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure interface <phy-interface> traffic-shaping
COMMAND:traffic-shaping [egress]DESCRIPTION:Enter traffic shaping configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
egress - Enter egress traffic shaping configuration. enable configure interface <phy-interface> traffic-shaping egress
COMMAND:egress [rate-limit... | shutdown]DESCRIPTION:Enter egress traffic shaping configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] rate-limit - The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value. [no] shutdown - Enable or disable this interface enable configure interface <phy-interface> traffic-shaping egress rate-limit
COMMAND:rate-limit <mbps>no rate-limit
DESCRIPTION:The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value.
The no version of the command returns its value to the default (1000000000).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<mbps> [2..4294967295] - maximum sustained egress rate in mega bits per second enable configure interface <phy-interface> traffic-shaping egress shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable this interface
The default value is no shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure ip
COMMAND:ip [vrf...]DESCRIPTION:Use this command to configure IP VPN parameters on routers.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
vrf - Configure Virtual Routing and Forwarding instances enable configure ip vrf
COMMAND:vrf <name>DESCRIPTION:Configure Virtual Routing and Forwarding instances
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<name> [0..12 chars] - VRF name enable configure ip vrf <name> interface
COMMAND:[create | no] interface <ip-interface> [primary | backup | static]DESCRIPTION:Add an IP interface to this VRF routing domain and configure it
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
backup - interface for backup virtual router <ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"primary - interface for primary virtual router static - static interface irrespective of virtual router enable configure ip vrf <name> interface <ip-interface> ip-address
COMMAND:ip-address <cidr-addr>no ip-address [<cidr-addr>]
DESCRIPTION:Configure ip addresses
The no version of the command returns its value to the default (no ip-address configured).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<cidr-addr> [0..43 chars] - IP address/prefix length combination in CIDR form enable configure ip vrf <name> interface <ip-interface> kerberos
COMMAND:kerberos [service-principal-name...]DESCRIPTION:Configure kerberos attributes on the interface
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] service-principal-name - Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address enable configure ip vrf <name> interface <ip-interface> kerberos service-principal-name
COMMAND:service-principal-name <name>no service-principal-name
DESCRIPTION:Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address
The no version of the command returns its value to the default (no service-principal-name configured).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<name> [0..642 chars] - Kerberos Service Principal Name (SPN) of the form host/<fully-qualified-domain-name>@<Kerberos Realm>
enable configure ip vrf <name> interface <ip-interface> shutdown
COMMAND:[no] shutdownDESCRIPTION:Shutdown this IP interface
The default value is shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure ip vrf <name> route
COMMAND:route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]no route {default | default6 | <cidr-addr>} [<interface>]
DESCRIPTION:Add/Delete IP routes
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<cidr-addr> [0..43 chars] - IP address/prefix length combination in CIDR form default - default IPv4 route default6 - default IPv6 route <interface> [1..15 chars] - IP interface (for management VRF) or
physical interface (for msg-backbone VRF).
IP interface has format as
(eth<port>:<ip> | chassis/lag1:1
Examples: "eth1:1", "chassis/lag1:1"
Physical interface has format as
<cartridge>/<slot>/<port> |
<cartridge>/<slot>/lag<N>
Examples: "1/5/2", "1/6/lag1"
<ip-addr> [0..39 chars] - IP address enable configure jndi
COMMAND:jndi message-vpn <vpn-name>DESCRIPTION:Use this command to configure standard Java Naming and Directory Interface (JNDI) objects Connection Factory, Topic, and Queue on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the JNDI is configured against. enable configure jndi message-vpn <vpn-name> connection-factory
COMMAND:[create | no] connection-factory <name>DESCRIPTION:Configure JNDI connection-factory object
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The name of the JMS Connection Factory enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list
COMMAND:property-list <name>DESCRIPTION:Configure a property list of the object
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..64 chars] - Property-list name enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list <name> property
COMMAND:property <name> <value>no property <name>
DESCRIPTION:Configure a property of the property-list
The default depends on the property name.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..64 chars] - Property name <value> [0..256 chars] - Property value enable configure jndi message-vpn <vpn-name> queue
COMMAND:[create | no] queue <name>DESCRIPTION:Configure JNDI queue object
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Queue enable configure jndi message-vpn <vpn-name> queue <name> property
COMMAND:property <name> <value>no property <name>
DESCRIPTION:Configure a property of the object
The default depends on the property name.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..64 chars] - Property name <value> [0..256 chars] - Property value enable configure jndi message-vpn <vpn-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable/disable JNDI access for clients
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure jndi message-vpn <vpn-name> topic
COMMAND:[create | no] topic <name>DESCRIPTION:Configure JNDI topic object
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Topic enable configure jndi message-vpn <vpn-name> topic <name> property
COMMAND:property <name> <value>no property <name>
DESCRIPTION:Configure a property of the object
The default depends on the property name.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..64 chars] - Property name <value> [0..256 chars] - Property value enable configure logging
COMMAND:logging [command... | debug... | event | facility | max-json-message-size... | millisecond-timestamp | retention...]DESCRIPTION:Enter logging configuration mode, to configure command and debug logging parameters
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] command - Configure command logging [no] debug - Configure debug logging event - Enter system event configuration. facility - Enter logging facility configuration. [no] max-json-message-size - Configure the maximum size for JSON format log messages. [no] millisecond-timestamp - Enables millisecond in logging record timestamp. The no version resets back to default. [no] retention - Configure the maximum size or maximum days that logs should retain enable configure logging command
COMMAND:command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds}no command {cli | semp-mgmt | semp-msgbus | all}
DESCRIPTION:Configure command logging
The default is command "all mode config-cmds".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
all - Configure cli and semp command logging all-cmds - Log all commands to the command log cli - Configure cli command logging config-cmds - Log only configuration commands mode - Set the logging mode to one of the following: semp-mgmt - Configure semp/mgmt command logging semp-msgbus - Configure semp/msgbus command logging shutdown - Do not log any commands enable configure logging debug
COMMAND:debug {<subsystem-id> | all} [level <level>] [mask <mask>]no debug {<subsystem-id> | all}
DESCRIPTION:Configure debug logging
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
all - Configure all Sub System IDs at once <level> [UNKNOWN | DEBUG | INFO | WARN | ERROR | FATAL | OFF] - Change the logging level for given Sub System ID <mask> [0..10 chars] - Change the mask for given Sub System ID <subsystem-id> [0..50 chars] - Sub System ID enable configure logging event
COMMAND:event [publish-system | system-tag...]DESCRIPTION:Enter system event configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] publish-system - Enable system level event message publishing. The no version of the command disables system level event message publishing. [no] system-tag - Configure a tag string to prefix system publish events. enable configure logging event publish-system
COMMAND:[no] publish-systemDESCRIPTION:Enable system level event message publishing. The no version of the command disables system level event message publishing.
The default value is no publish-system.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure logging event system-tag
COMMAND:system-tag <tag-string>no system-tag
DESCRIPTION:Configure a tag string to prefix system publish events.
The no version of the command returns its value to the default (no system-tag configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<tag-string> [0..32 chars] - String with no whitespace, '?', '*', or quote chars. enable configure logging facility
COMMAND:facility [event | system]DESCRIPTION:Enter logging facility configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
event - Enter event facility configuration. system - Enter system facility configuration. enable configure logging facility event
COMMAND:event [message-format...]DESCRIPTION:Enter event facility configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] message-format - Configure the event facility message format. enable configure logging facility event message-format
COMMAND:message-format {text | json}no message-format
DESCRIPTION:Configure the event facility message format.
The no version of the command returns its value to the default ("text").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure logging facility system
COMMAND:system [message-format...]DESCRIPTION:Enter system facility configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] message-format - Configure the system facility message format. enable configure logging facility system message-format
COMMAND:message-format {text | json}no message-format
DESCRIPTION:Configure the system facility message format.
The no version of the command returns its value to the default ("text").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure logging max-json-message-size
COMMAND:max-json-message-size <max-size>no max-json-message-size
DESCRIPTION:Configure the maximum size for JSON format log messages.
The no version of the command returns its value to the default (8192).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<max-size> [1024..8192] - The maximum size in bytes of JSON log messages. If a remote syslog destination is configured, the syslog header will be included. enable configure logging millisecond-timestamp
COMMAND:[no] millisecond-timestampDESCRIPTION:Enables millisecond in logging record timestamp. The no version resets back to default.
The default value is no millisecond-timestamp.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure logging retention
COMMAND:retention {days <max-num-days> | max-size }no retention
DESCRIPTION:Configure the maximum size or maximum days that logs should retain
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
days - Change the log retention policy to day based <max-num-days> [2..90] - The maximum number of days that specified logfiles will be retained when space is available. max-size - Set specified logfiles to be retained up to their maximum file sizes allowed by SolOS enable configure management-message-vpn
COMMAND:management-message-vpn <vpn-name>no management-message-vpn
DESCRIPTION:Designate this Message VPN as the management Message VPN for system level SEMP get requests and system level event publishing.
The no version of the command returns its value to the default (no management-message-vpn configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vpn-name> [0..32 chars] - The name of the message vpn to become the management message vpn enable configure memory-event
COMMAND:memory-event [nab-buffer-load-factor | subscriptions-load-factor | subscriptions-memory]DESCRIPTION:Use this command to configure the threshold values for memory usage events on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
nab-buffer-load-factor - Configure the event for NAB buffer load factor. subscriptions-load-factor - Configure the event for subscriptions load factor. subscriptions-memory - Configure the event for subscriptions memory utilization as percentage. enable configure memory-event nab-buffer-load-factor
COMMAND:nab-buffer-load-factor [thresholds...]DESCRIPTION:Configure the event for NAB buffer load factor.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the NAB buffer load factor event enable configure memory-event nab-buffer-load-factor thresholds
COMMAND:thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]no thresholds
DESCRIPTION:Configure/reset thresholds for the NAB buffer load factor event
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the nab-buffer-load-factor value <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the nab-buffer-load-factor value enable configure memory-event subscriptions-load-factor
COMMAND:subscriptions-load-factor [thresholds...]DESCRIPTION:Configure the event for subscriptions load factor.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the subscriptions load factor event enable configure memory-event subscriptions-load-factor thresholds
COMMAND:thresholds set-percentage <set-percentage> clear-percentage <clear-percentage>no thresholds
DESCRIPTION:Configure/reset thresholds for the subscriptions load factor event
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the subscriptions-load-factor value <set-percentage> [0..100] - The set value to be configured for this event as a percentage of the subscriptions-load-factor value enable configure memory-event subscriptions-memory
COMMAND:subscriptions-memory [thresholds...]DESCRIPTION:Configure the event for subscriptions memory utilization as percentage.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the subscriptions memory utilization event enable configure memory-event subscriptions-memory thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:Configure/reset thresholds for the subscriptions memory utilization event
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-value> [0..100] - The clear value to be configured for this event as a percentage of the subscriptions-memory value <set-value> [0..100] - The set value to be configured for this event as a percentage of the subscriptions-memory value enable configure message-spool
COMMAND:message-spool message-vpn <vpn-name>DESCRIPTION:Use this command to configure message spool parameters for Guaranteed Messaging on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN. enable configure message-spool message-vpn <vpn-name> event
COMMAND:event [egress-flows | endpoints | ingress-flows | spool-usage | transacted-sessions | transactions]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
egress-flows - Enter the "egress-flows" mode. endpoints - Enter the "endpoints" mode. ingress-flows - Enter the "ingress-flows" mode. spool-usage - Enter the "spool-usage" mode. transacted-sessions - Enter the "transacted-sessions" mode. transactions - Enter the "transactions" mode. enable configure message-spool message-vpn <vpn-name> event egress-flows
COMMAND:egress-flows [thresholds...]DESCRIPTION:Enter the "egress-flows" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the egress flow count event of the Message VPN, relative to max-egress-flows. enable configure message-spool message-vpn <vpn-name> event egress-flows thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the egress flow count event of the Message VPN, relative to max-egress-flows.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> event endpoints
COMMAND:endpoints [thresholds...]DESCRIPTION:Enter the "endpoints" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Queues and Topic Endpoints count event of the Message VPN, relative to max-endpoints. enable configure message-spool message-vpn <vpn-name> event endpoints thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Queues and Topic Endpoints count event of the Message VPN, relative to max-endpoints.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> event ingress-flows
COMMAND:ingress-flows [thresholds...]DESCRIPTION:Enter the "ingress-flows" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the ingress flow count event of the Message VPN, relative to max-ingress-flows. enable configure message-spool message-vpn <vpn-name> event ingress-flows thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the ingress flow count event of the Message VPN, relative to max-ingress-flows.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Enter the "spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Message VPN, relative to max-spool-usage. enable configure message-spool message-vpn <vpn-name> event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the message spool usage event of the Message VPN, relative to max-spool-usage.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> event transacted-sessions
COMMAND:transacted-sessions [thresholds...]DESCRIPTION:Enter the "transacted-sessions" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the transacted session count event of the Message VPN, relative to max-transacted-sessions. enable configure message-spool message-vpn <vpn-name> event transacted-sessions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the transacted session count event of the Message VPN, relative to max-transacted-sessions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> event transactions
COMMAND:transactions [thresholds...]DESCRIPTION:Enter the "transactions" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the transaction count event of the Message VPN, relative to max-transactions. enable configure message-spool message-vpn <vpn-name> event transactions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the transaction count event of the Message VPN, relative to max-transactions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> max-egress-flows
COMMAND:max-egress-flows <value>no max-egress-flows
DESCRIPTION:The maximum number of transmit flows that can be created in the Message VPN.
The no version of the command returns its value to the default (16000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-spool message-vpn <vpn-name> max-endpoints
COMMAND:max-endpoints <value>no max-endpoints
DESCRIPTION:The maximum number of Queues and Topic Endpoints that can be created in the Message VPN.
The no version of the command returns its value to the default (16000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-spool message-vpn <vpn-name> max-ingress-flows
COMMAND:max-ingress-flows <value>no max-ingress-flows
DESCRIPTION:The maximum number of receive flows that can be created in the Message VPN.
The no version of the command returns its value to the default (16000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..1000000] - The value to set. enable configure message-spool message-vpn <vpn-name> max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage by the Message VPN, in megabytes.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<size> [0..6000000] - The value to set. enable configure message-spool message-vpn <vpn-name> max-transacted-sessions
COMMAND:max-transacted-sessions <value>no max-transacted-sessions
DESCRIPTION:The maximum number of transacted sessions that can be created in the Message VPN.
The no version of the command returns its value to the default (varies by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..100000] - The value to set. enable configure message-spool message-vpn <vpn-name> max-transactions
COMMAND:max-transactions <value>no max-transactions
DESCRIPTION:The maximum number of transactions that can be created in the Message VPN.
The no version of the command returns its value to the default (varies by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..100000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue
COMMAND:queue <name>create queue <name>
no queue <name>
DESCRIPTION:Create, modify, or delete a Queue.
A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..200 chars] - The name of the Queue. <seconds>*2 <size>*2 <value>*10 <value>*11 <value>*12 <value>*13 <value>*14 <value>*15 <value>*16 <value>*17 <value>*18 <value>*2 <value>*3 <value>*4 <value>*5 <value>*6 <value>*7 <value>*8 <value>*9 enable configure message-spool message-vpn <vpn-name> queue <name> access-type
COMMAND:access-type {exclusive | non-exclusive}no access-type
DESCRIPTION:The access type for delivering messages to consumer flows bound to the Queue.
The no version of the command returns its value to the default ("exclusive").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow. non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion. enable configure message-spool message-vpn <vpn-name> queue <name> consumer-ack-propagation
COMMAND:[no] consumer-ack-propagationDESCRIPTION:Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.
The default value is consumer-ack-propagation.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue <name> dead-message-queue
COMMAND:dead-message-queue <dmq-name>no dead-message-queue
DESCRIPTION:The name of the Dead Message Queue (DMQ) used by the Queue.
The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<dmq-name> [1..200 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> delivery-count
COMMAND:[no] delivery-countDESCRIPTION:Enable or disable the ability for client applications to query the message delivery count of messages received from the Queue. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case.
The default value is no delivery-count.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue <name> delivery-delay
COMMAND:delivery-delay <delay>no delivery-delay
DESCRIPTION:The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<delay> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> event
COMMAND:event [bind-count | reject-low-priority-msg-limit | spool-usage]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
bind-count - Enter the "bind-count" mode. reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode. spool-usage - Enter the "spool-usage" mode. enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count
COMMAND:bind-count [thresholds...]DESCRIPTION:Enter the "bind-count" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to max-bind-count. enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Queue consumer flows event, relative to max-bind-count.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit [thresholds...]DESCRIPTION:Enter the "reject-low-priority-msg-limit" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit. enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Enter the "spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to max-spool-usage. enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> queue <name> max-bind-count
COMMAND:max-bind-count <value>no max-bind-count
DESCRIPTION:The maximum number of consumer flows that can bind to the Queue.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..10000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> max-delivered-unacked-msgs-per-flow
COMMAND:max-delivered-unacked-msgs-per-flow <max>no max-delivered-unacked-msgs-per-flow
DESCRIPTION:The maximum number of messages delivered but not acknowledged per flow for the Queue.
The no version of the command returns its value to the default (10000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<max> [1..1000000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> max-message-size
COMMAND:max-message-size <size>no max-message-size
DESCRIPTION:The maximum message size allowed in the Queue, in bytes (B).
The no version of the command returns its value to the default (10000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..30000000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> max-redelivery
COMMAND:max-redelivery <value>no max-redelivery
DESCRIPTION:The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.
The no version of the command returns its value to the default (5000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..6000000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> max-ttl
COMMAND:max-ttl <ttl>no max-ttl
DESCRIPTION:The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<ttl> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> owner
COMMAND:owner <owner>no owner
DESCRIPTION:The Client Username that owns the Queue and has permission equivalent to "delete".
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<owner> [0..189 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> partition
COMMAND:partition [count... | rebalance]DESCRIPTION:Enter the "partition" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] count - The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions. rebalance - Enter the "rebalance" mode. enable configure message-spool message-vpn <vpn-name> queue <name> partition count
COMMAND:count <num-partitions>no count
DESCRIPTION:The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num-partitions> [0..1000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> partition rebalance
COMMAND:rebalance [delay... | max-handoff-time...]DESCRIPTION:Enter the "rebalance" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] delay - The delay (in seconds) before a partition rebalance is started once needed. [no] max-handoff-time - The maximum time (in seconds) to wait before handing off a partition while rebalancing. enable configure message-spool message-vpn <vpn-name> queue <name> partition rebalance delay
COMMAND:delay <seconds>no delay
DESCRIPTION:The delay (in seconds) before a partition rebalance is started once needed.
The no version of the command returns its value to the default (5).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> partition rebalance max-handoff-time
COMMAND:max-handoff-time <seconds>no max-handoff-time
DESCRIPTION:The maximum time (in seconds) to wait before handing off a partition while rebalancing.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> permission
COMMAND:permission all {no-access | read-only | consume | modify-topic | delete}no permission
DESCRIPTION:The permission level for all consumers of the Queue, excluding the owner.
The no version of the command returns its value to the default ("no-access").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
all - Apply to all other users excluding the owner. consume - Consume (read and remove) messages. delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether. modify-topic - Consume messages or modify the topic/selector. no-access - Disallows all access. read-only - Read-only access to the messages. enable configure message-spool message-vpn <vpn-name> queue <name> redelivery
COMMAND:[no] redeliveryDESCRIPTION:Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the queue more than once.
The default value is redelivery.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay
COMMAND:redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]DESCRIPTION:Enter the "redelivery-delay" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds. [no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value. [no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00. [no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled. enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay initial-interval
COMMAND:initial-interval <value>no initial-interval
DESCRIPTION:The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..3600000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay max-interval
COMMAND:max-interval <value>no max-interval
DESCRIPTION:The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
The no version of the command returns its value to the default (64000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..10800000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay multiplier
COMMAND:multiplier <value>no multiplier
DESCRIPTION:The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
The no version of the command returns its value to the default ("2.00").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..4 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg
COMMAND:[no] reject-low-priority-msgDESCRIPTION:Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.
The default value is no reject-low-priority-msg.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit <limit>no reject-low-priority-msg-limit
DESCRIPTION:The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<limit> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue <name> reject-msg-to-sender-on-discard
COMMAND:reject-msg-to-sender-on-discard [including-when-shutdown]no reject-msg-to-sender-on-discard
DESCRIPTION:Enable or disable whether to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.
The default value is reject-msg-to-sender-on-discard.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown. enable configure message-spool message-vpn <vpn-name> queue <name> respect-message-priority
COMMAND:[no] respect-message-priorityDESCRIPTION:Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). Regardless of this setting, message priority is not respected when browsing the queue, when the queue is used by a bridge, or if the queue is partitioned.
The default value is no respect-message-priority.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue <name> respect-ttl
COMMAND:[no] respect-ttlDESCRIPTION:Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.
The default value is no respect-ttl.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue <name> shutdown
COMMAND:[no] shutdown [ingress | egress | full]DESCRIPTION:Enable or disable the transmission of messages from the Queue and the reception of messages to the Queue.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
egress - Enable the reception of messages to the Queue. full - Enable transmission of messages from the Queue and the reception of messages to the Queue. ingress - Enable the transmission of messages from the Queue. ( no ) egress - Disable the reception of messages to the Queue. ( no ) full - Disable transmission of messages from the Queue and the reception of messages to the Queue. ( no ) ingress - Disable the transmission of messages from the Queue. enable configure message-spool message-vpn <vpn-name> queue <name> subscription
COMMAND:[no] subscription topic <topic>DESCRIPTION:Create or delete a Queue Subscription.
One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<topic> [1..250 chars] - The topic of the Subscription. enable configure message-spool message-vpn <vpn-name> queue-template
COMMAND:[create | no] queue-template <name>DESCRIPTION:Create, modify, or delete a Queue Template.
A Queue Template provides a mechanism for specifying the initial state for client created queues.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..255 chars] - The name of the Queue Template. enable configure message-spool message-vpn <vpn-name> queue-template <name> access-type
COMMAND:access-type {exclusive | non-exclusive}no access-type
DESCRIPTION:The access type for delivering messages to consumer flows.
The no version of the command returns its value to the default ("exclusive").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow. non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion. enable configure message-spool message-vpn <vpn-name> queue-template <name> consumer-ack-propagation
COMMAND:[no] consumer-ack-propagationDESCRIPTION:Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.
The default value is consumer-ack-propagation.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue-template <name> dead-message-queue
COMMAND:dead-message-queue <dmq-name>no dead-message-queue
DESCRIPTION:The name of the Dead Message Queue (DMQ).
The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<dmq-name> [1..200 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> delivery-delay
COMMAND:delivery-delay <delay>no delivery-delay
DESCRIPTION:The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. This attribute does not apply to MQTT queues created from this template, but it may apply in future releases. Therefore, to maintain forward compatibility, do not set this value on templates that might be used for MQTT queues.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<delay> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> durability-override
COMMAND:durability-override {none | non-durable}no durability-override
DESCRIPTION:Controls the durability of queues created from this template. If non-durable, the created queue will be non-durable, regardless of the specified durability. If none, the created queue will have the requested durability.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
non-durable - The durability of the created queue will be non-durable, regardless of what was requested. none - The durability of the endpoint will be as requested on create. enable configure message-spool message-vpn <vpn-name> queue-template <name> event
COMMAND:event [bind-count | reject-low-priority-msg-limit | spool-usage]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
bind-count - Enter the "bind-count" mode. reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode. spool-usage - Enter the "spool-usage" mode. enable configure message-spool message-vpn <vpn-name> queue-template <name> event bind-count
COMMAND:bind-count [thresholds...]DESCRIPTION:Enter the "bind-count" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to max-bind-count. enable configure message-spool message-vpn <vpn-name> queue-template <name> event bind-count thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Queue consumer flows event, relative to max-bind-count.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..10000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..10000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> queue-template <name> event reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit [thresholds...]DESCRIPTION:Enter the "reject-low-priority-msg-limit" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit. enable configure message-spool message-vpn <vpn-name> queue-template <name> event reject-low-priority-msg-limit thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> queue-template <name> event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Enter the "spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB) enable configure message-spool message-vpn <vpn-name> queue-template <name> event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB)
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..6000000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..6000000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> queue-template <name> max-bind-count
COMMAND:max-bind-count <value>no max-bind-count
DESCRIPTION:The maximum number of consumer flows that can bind.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..10000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> max-delivered-unacked-msgs-per-flow
COMMAND:max-delivered-unacked-msgs-per-flow <max>no max-delivered-unacked-msgs-per-flow
DESCRIPTION:The maximum number of messages delivered but not acknowledged per flow.
The no version of the command returns its value to the default (10000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<max> [1..1000000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> max-message-size
COMMAND:max-message-size <size>no max-message-size
DESCRIPTION:The maximum message size allowed, in bytes (B).
The no version of the command returns its value to the default (10000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..30000000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> max-redelivery
COMMAND:max-redelivery <value>no max-redelivery
DESCRIPTION:The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.
The no version of the command returns its value to the default (5000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..6000000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> max-ttl
COMMAND:max-ttl <ttl>no max-ttl
DESCRIPTION:The maximum time in seconds a message can stay in a Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<ttl> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> name-filter
COMMAND:name-filter <name-filter>no name-filter
DESCRIPTION:A pattern used to determine which Queues use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/).
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name-filter> [0..200 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> permission
COMMAND:permission all {no-access | read-only | consume | modify-topic | delete}no permission
DESCRIPTION:The permission level for all consumers, excluding the owner.
The no version of the command returns its value to the default ("no-access").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
all - Apply to all other users excluding the owner. consume - Consume (read and remove) messages. delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether. modify-topic - Consume messages or modify the topic/selector. no-access - Disallows all access. read-only - Read-only access to the messages. enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery
COMMAND:[no] redeliveryDESCRIPTION:Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the queue more than once.
The default value is redelivery.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay
COMMAND:redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]DESCRIPTION:Enter the "redelivery-delay" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds. [no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value. [no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00. [no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled. enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay initial-interval
COMMAND:initial-interval <value>no initial-interval
DESCRIPTION:The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..3600000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay max-interval
COMMAND:max-interval <value>no max-interval
DESCRIPTION:The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
The no version of the command returns its value to the default (64000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..10800000] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay multiplier
COMMAND:multiplier <value>no multiplier
DESCRIPTION:The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
The no version of the command returns its value to the default ("2.00").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..4 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue-template <name> reject-low-priority-msg
COMMAND:[no] reject-low-priority-msgDESCRIPTION:Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.
The default value is no reject-low-priority-msg.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue-template <name> reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit <limit>no reject-low-priority-msg-limit
DESCRIPTION:The number of messages of any priority above which low priority messages are not admitted but higher priority messages are allowed.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<limit> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> queue-template <name> reject-msg-to-sender-on-discard
COMMAND:reject-msg-to-sender-on-discard [including-when-shutdown]no reject-msg-to-sender-on-discard
DESCRIPTION:Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.
The default value is reject-msg-to-sender-on-discard.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown. enable configure message-spool message-vpn <vpn-name> queue-template <name> respect-message-priority
COMMAND:[no] respect-message-priorityDESCRIPTION:Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest).
The default value is no respect-message-priority.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> queue-template <name> respect-ttl
COMMAND:[no] respect-ttlDESCRIPTION:Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ.
The default value is no respect-ttl.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> replay-log
COMMAND:[create | no] replay-log <name>DESCRIPTION:Create, modify, or delete a Replay Log.
When the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-write
global/mesh-manager is required for "create replay-log" and "no replay-log".PARAMETERS:
<name> [1..185 chars] - The name of the Replay Log. enable configure message-spool message-vpn <vpn-name> replay-log <name> max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
<size> [0..6000000] - The value to set. enable configure message-spool message-vpn <vpn-name> replay-log <name> shutdown
COMMAND:[no] shutdown [ingress | egress | full]DESCRIPTION:Enable or disable the transmission of messages from the Replay Log and the reception of messages to the Replay Log.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
egress - Enable the reception of messages to the Replay Log. full - Enable transmission of messages from the Replay Log and the reception of messages to the Replay Log. ingress - Enable the transmission of messages from the Replay Log. ( no ) egress - Disable the reception of messages to the Replay Log. ( no ) full - Disable transmission of messages from the Replay Log and the reception of messages to the Replay Log. ( no ) ingress - Disable the transmission of messages from the Replay Log. enable configure message-spool message-vpn <vpn-name> replay-log <name> topic-filter
COMMAND:topic-filter [shutdown | subscription...]DESCRIPTION:Enter the "topic-filter" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable topic filtering for the Replay Log. [create|no] subscription - Create, modify, or delete a Topic Filter Subscription.
One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.enable configure message-spool message-vpn <vpn-name> replay-log <name> topic-filter shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable topic filtering for the Replay Log.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> replay-log <name> topic-filter subscription
COMMAND:[create | no] subscription <topic>DESCRIPTION:Create, modify, or delete a Topic Filter Subscription.
One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
<topic> [1..250 chars] - The topic of the Subscription. enable configure message-spool message-vpn <vpn-name> sequenced-topic
COMMAND:[no] sequenced-topic <topic>DESCRIPTION:Create or delete a Sequenced Topic.
A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<topic> [1..250 chars] - Topic for applying sequence numbers. enable configure message-spool message-vpn <vpn-name> topic-endpoint
COMMAND:topic-endpoint <name>create topic-endpoint <name>
no topic-endpoint <name>
DESCRIPTION:Create, modify, or delete a Topic Endpoint.
A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..250 chars] - The name of the Topic Endpoint. <size>*2 <value>*10 <value>*11 <value>*12 <value>*13 <value>*14 <value>*15 <value>*16 <value>*17 <value>*18 <value>*19 <value>*2 <value>*20 <value>*3 <value>*4 <value>*5 <value>*6 <value>*7 <value>*8 <value>*9 enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> access-type
COMMAND:access-type {exclusive | non-exclusive}no access-type
DESCRIPTION:The access type for delivering messages to consumer flows bound to the Topic Endpoint.
The no version of the command returns its value to the default ("exclusive").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow. non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin fashion. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> consumer-ack-propagation
COMMAND:[no] consumer-ack-propagationDESCRIPTION:Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.
The default value is consumer-ack-propagation.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> dead-message-queue
COMMAND:dead-message-queue <dmq-name>no dead-message-queue
DESCRIPTION:The name of the Dead Message Queue (DMQ) used by the Topic Endpoint.
The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<dmq-name> [1..200 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> delivery-count
COMMAND:[no] delivery-countDESCRIPTION:Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case.
The default value is no delivery-count.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> delivery-delay
COMMAND:delivery-delay <delay>no delivery-delay
DESCRIPTION:The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<delay> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event
COMMAND:event [bind-count | reject-low-priority-msg-limit | spool-usage]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
bind-count - Enter the "bind-count" mode. reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode. spool-usage - Enter the "spool-usage" mode. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count
COMMAND:bind-count [thresholds...]DESCRIPTION:Enter the "bind-count" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit [thresholds...]DESCRIPTION:Enter the "reject-low-priority-msg-limit" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Enter the "spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-bind-count
COMMAND:max-bind-count <value>no max-bind-count
DESCRIPTION:The maximum number of consumer flows that can bind to the Topic Endpoint.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..10000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-delivered-unacked-msgs-per-flow
COMMAND:max-delivered-unacked-msgs-per-flow <max>no max-delivered-unacked-msgs-per-flow
DESCRIPTION:The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint.
The no version of the command returns its value to the default (10000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<max> [1..1000000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-message-size
COMMAND:max-message-size <size>no max-message-size
DESCRIPTION:The maximum message size allowed in the Topic Endpoint, in bytes (B).
The no version of the command returns its value to the default (10000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..30000000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-redelivery
COMMAND:max-redelivery <value>no max-redelivery
DESCRIPTION:The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.
The no version of the command returns its value to the default (5000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..6000000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-ttl
COMMAND:max-ttl <ttl>no max-ttl
DESCRIPTION:The maximum time in seconds a message can stay in the Topic Endpoint when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<ttl> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> owner
COMMAND:owner <owner>no owner
DESCRIPTION:The Client Username which owns the Topic Endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<owner> [0..189 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> permission
COMMAND:permission all {no-access | read-only | consume | modify-topic | delete}no permission
DESCRIPTION:The permission level for all consumers of the Topic Endpoint, excluding the owner.
The no version of the command returns its value to the default ("no-access").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
all - Apply to all other users excluding the owner. consume - Consume (read and remove) messages. delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether. modify-topic - Consume messages or modify the topic/selector. no-access - Disallows all access. read-only - Read-only access to the messages. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery
COMMAND:[no] redeliveryDESCRIPTION:Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the topic-endpoint more than once.
The default value is redelivery.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay
COMMAND:redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]DESCRIPTION:Enter the "redelivery-delay" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds. [no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value. [no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00. [no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay initial-interval
COMMAND:initial-interval <value>no initial-interval
DESCRIPTION:The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..3600000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay max-interval
COMMAND:max-interval <value>no max-interval
DESCRIPTION:The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
The no version of the command returns its value to the default (64000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..10800000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay multiplier
COMMAND:multiplier <value>no multiplier
DESCRIPTION:The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
The no version of the command returns its value to the default ("2.00").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..4 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg
COMMAND:[no] reject-low-priority-msgDESCRIPTION:Enable or disable if low priority messages are subject to reject-low-priority-msg-limit checking. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.
The default value is no reject-low-priority-msg.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit <limit>no reject-low-priority-msg-limit
DESCRIPTION:The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<limit> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-msg-to-sender-on-discard
COMMAND:reject-msg-to-sender-on-discard [including-when-shutdown]no reject-msg-to-sender-on-discard
DESCRIPTION:Enable or disable whether to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.
The default value is no reject-msg-to-sender-on-discard.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-message-priority
COMMAND:[no] respect-message-priorityDESCRIPTION:Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest).
The default value is no respect-message-priority.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-ttl
COMMAND:[no] respect-ttlDESCRIPTION:Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ.
The default value is no respect-ttl.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> shutdown
COMMAND:[no] shutdown [ingress | egress | full]DESCRIPTION:Enable or disable the transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
egress - Enable the reception of messages to the Topic Endpoint. full - Enable transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint. ingress - Enable the transmission of messages from the Topic Endpoint. ( no ) egress - Disable the reception of messages to the Topic Endpoint. ( no ) full - Disable transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint. ( no ) ingress - Disable the transmission of messages from the Topic Endpoint. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template
COMMAND:[create | no] topic-endpoint-template <name>DESCRIPTION:Create, modify, or delete a Topic Endpoint Template.
A Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..255 chars] - The name of the Topic Endpoint Template. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> access-type
COMMAND:access-type {exclusive | non-exclusive}no access-type
DESCRIPTION:The access type for delivering messages to consumer flows.
The no version of the command returns its value to the default ("exclusive").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow. non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin fashion. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> consumer-ack-propagation
COMMAND:[no] consumer-ack-propagationDESCRIPTION:Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.
The default value is consumer-ack-propagation.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> dead-message-queue
COMMAND:dead-message-queue <dmq-name>no dead-message-queue
DESCRIPTION:The name of the Dead Message Queue (DMQ).
The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<dmq-name> [1..200 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> delivery-delay
COMMAND:delivery-delay <delay>no delivery-delay
DESCRIPTION:The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<delay> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event
COMMAND:event [bind-count | reject-low-priority-msg-limit | spool-usage]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
bind-count - Enter bind-count event configuration. reject-low-priority-msg-limit - Configure the event thresholds for reject-low-priority-msg-limit spool-usage - Configure the event thresholds for the queue template spool usage enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event bind-count
COMMAND:bind-count [thresholds...]DESCRIPTION:Enter bind-count event configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event bind-count thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..10000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..10000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit [thresholds...]DESCRIPTION:Configure the event thresholds for reject-low-priority-msg-limit
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event reject-low-priority-msg-limit thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Configure the event thresholds for the queue template spool usage
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..6000000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..6000000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-bind-count
COMMAND:max-bind-count <value>no max-bind-count
DESCRIPTION:The maximum number of consumer flows that can bind.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..10000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-delivered-unacked-msgs-per-flow
COMMAND:max-delivered-unacked-msgs-per-flow <max>no max-delivered-unacked-msgs-per-flow
DESCRIPTION:The maximum number of messages delivered but not acknowledged per flow.
The no version of the command returns its value to the default (10000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<max> [1..1000000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-message-size
COMMAND:max-message-size <size>no max-message-size
DESCRIPTION:The maximum message size allowed, in bytes (B).
The no version of the command returns its value to the default (10000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..30000000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-redelivery
COMMAND:max-redelivery <value>no max-redelivery
DESCRIPTION:The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.
The no version of the command returns its value to the default (5000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..6000000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-ttl
COMMAND:max-ttl <ttl>no max-ttl
DESCRIPTION:The maximum time in seconds a message can stay in the Topic Endpoint when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<ttl> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> name-filter
COMMAND:name-filter <name-filter>no name-filter
DESCRIPTION:A pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/).
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name-filter> [0..200 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> permission
COMMAND:permission all {no-access | read-only | consume | modify-topic | delete}no permission
DESCRIPTION:The permission level for all consumers, excluding the owner.
The no version of the command returns its value to the default ("no-access").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
all - Apply to all other users excluding the owner. consume - Consume (read and remove) messages. delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether. modify-topic - Consume messages or modify the topic/selector. no-access - Disallows all access. read-only - Read-only access to the messages. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery
COMMAND:[no] redeliveryDESCRIPTION:Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the topic-endpoint more than once.
The default value is redelivery.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay
COMMAND:redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]DESCRIPTION:Enter the "redelivery-delay" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds. [no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value. [no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00. [no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay initial-interval
COMMAND:initial-interval <value>no initial-interval
DESCRIPTION:The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..3600000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay max-interval
COMMAND:max-interval <value>no max-interval
DESCRIPTION:The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
The no version of the command returns its value to the default (64000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..10800000] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay multiplier
COMMAND:multiplier <value>no multiplier
DESCRIPTION:The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
The no version of the command returns its value to the default ("2.00").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..4 chars] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> reject-low-priority-msg
COMMAND:[no] reject-low-priority-msgDESCRIPTION:Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.
The default value is no reject-low-priority-msg.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit <limit>no reject-low-priority-msg-limit
DESCRIPTION:The number of messages that are permitted before low priority messages are rejected.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<limit> [0..4294967295] - The value to set. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> reject-msg-to-sender-on-discard
COMMAND:reject-msg-to-sender-on-discard [including-when-shutdown]no reject-msg-to-sender-on-discard
DESCRIPTION:Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.
The default value is no reject-msg-to-sender-on-discard.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> respect-message-priority
COMMAND:[no] respect-message-priorityDESCRIPTION:Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest).
The default value is no respect-message-priority.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> respect-ttl
COMMAND:[no] respect-ttlDESCRIPTION:Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ.
The default value is no respect-ttl.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn
COMMAND:[create | no] message-vpn <vpn-name>DESCRIPTION:Create, modify, or delete a Message VPN.
Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-write
global/read-write is required for "create message-vpn" and "no message-vpn".PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN. enable configure message-vpn <vpn-name> authentication
COMMAND:authentication [basic | client-certificate | kerberos | oauth]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
basic - Enter the "basic" mode. client-certificate - Enter the "client-certificate" mode. kerberos - Enter the "kerberos" mode. oauth - Enter the "oauth" mode. enable configure message-vpn <vpn-name> authentication basic
COMMAND:basic [auth-type... | radius-domain... | shutdown]DESCRIPTION:Enter the "basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
auth-type - The authentication mechanism to be used for basic authentication of clients connecting to this Message VPN. [no] radius-domain - The RADIUS domain to use for basic authentication. [no] shutdown - Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable. enable configure message-vpn <vpn-name> authentication basic auth-type
COMMAND:auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none }DESCRIPTION:The authentication mechanism to be used for basic authentication of clients connecting to this Message VPN.
The default is auth-type "radius".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
internal - Internal database. ldap - LDAP authentication. <ldap-profile> [1..32 chars] - LDAP profile name. none - No authentication. radius - RADIUS authentication. <radius-profile> [1..32 chars] - RADIUS profile name. enable configure message-vpn <vpn-name> authentication basic radius-domain
COMMAND:radius-domain <radius-domain>no radius-domain
DESCRIPTION:The RADIUS domain to use for basic authentication.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<radius-domain> [0..64 chars] - The value to set. enable configure message-vpn <vpn-name> authentication basic shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication client-certificate
COMMAND:client-certificate [allow-api-provided-username | matching-rules | max-certificate-chain-depth... | revocation-check-mode... | shutdown | username-source... | validate-certificate-date]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] allow-api-provided-username - Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used. matching-rules - Enter the "matching-rules" mode. [no] max-certificate-chain-depth - The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. [no] revocation-check-mode - The desired behavior for client certificate revocation checking. [no] shutdown - Enable or disable client certificate authentication for clients connecting to the Message VPN. [no] username-source - The field from the client certificate to use as the client username. [no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate. enable configure message-vpn <vpn-name> authentication client-certificate allow-api-provided-username
COMMAND:[no] allow-api-provided-usernameDESCRIPTION:Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used.
The default value is no allow-api-provided-username.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules
COMMAND:matching-rules [rule... | shutdown]DESCRIPTION:Enter the "matching-rules" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[create|no] rule - Create, modify, or delete a Certificate Matching Rule.
A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.[no] shutdown - Enable or disable certificate matching rules. When disabled, any valid certificate is accepted. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule
COMMAND:[create | no] rule <name>DESCRIPTION:Create, modify, or delete a Certificate Matching Rule.
A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [1..64 chars] - The name of the rule. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> attribute-filter
COMMAND:[create | no] attribute-filter <name>DESCRIPTION:Create, modify, or delete a Certificate Matching Rule Attribute Filter.
A Cert Matching Rule Attribute Filter compares a username attribute to a string.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [1..64 chars] - The name of the filter. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> attribute
COMMAND:attribute <value>no attribute
DESCRIPTION:Client Username Attribute to be tested.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..64 chars] - The value to set. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> value
COMMAND:value <value>no value
DESCRIPTION:Expected attribute value.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..256 chars] - The value to set. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> condition
COMMAND:[create] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address} {{matches-attribute <attribute>} | {matches-expression <expression>}}no condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address}
DESCRIPTION:Create, modify, or delete a Certificate Matching Rule Condition.
A Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<attribute> [1..64 chars] - Client Username Attribute to be compared with certificate content. certificate-thumbprint - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate. common-name - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN. common-name-last - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN. dns-name - The attribute is extracted from the certificate's Subject Alt Name DNS Name. <expression> [1..256 chars] - Glob expression to be matched with certificate content. ip-address - The attribute is extracted from the certificate's Subject Alt Name IP Address. issuer - The attribute is extracted from the certificate's Issuer DN. org-unit - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN. org-unit-last - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN. serial-number - The attribute is extracted from the certificate's Serial Number. subject - The attribute is extracted from the certificate's Subject DN. subject-alternate-name-msupn - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature. uid - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN. uid-last - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable a certificate matching rule.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication client-certificate matching-rules shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable certificate matching rules. When disabled, any valid certificate is accepted.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication client-certificate max-certificate-chain-depth
COMMAND:max-certificate-chain-depth <max-depth>no max-certificate-chain-depth
DESCRIPTION:The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<max-depth> [0..8] - The value to set. enable configure message-vpn <vpn-name> authentication client-certificate revocation-check-mode
COMMAND:revocation-check-mode <permission>no revocation-check-mode
DESCRIPTION:The desired behavior for client certificate revocation checking.
The no version of the command returns its value to the default ("allow-valid").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<permission> [allow-all | allow-unknown | allow-valid] - The value to set.
allow-all - Allow the client to authenticate, the result of client certificate revocation check is ignored.
allow-unknown - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.
allow-valid - Allow the client to authenticate only when the revocation check returned an explicit positive response.enable configure message-vpn <vpn-name> authentication client-certificate shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable client certificate authentication for clients connecting to the Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication client-certificate username-source
COMMAND:username-source <source>no username-source
DESCRIPTION:The field from the client certificate to use as the client username.
The no version of the command returns its value to the default ("common-name").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<source> [certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last] - The value to set.
certificate-thumbprint - The username is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
common-name - The username is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
common-name-last - The username is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
subject-alternate-name-msupn - The username is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
uid - The username is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
uid-last - The username is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.enable configure message-vpn <vpn-name> authentication client-certificate validate-certificate-date
COMMAND:[no] validate-certificate-dateDESCRIPTION:Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate.
The default value is validate-certificate-date.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication kerberos
COMMAND:kerberos [allow-api-provided-username | shutdown]DESCRIPTION:Enter the "kerberos" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
[no] allow-api-provided-username - Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used. [no] shutdown - Enable or disable Kerberos authentication for clients connecting to the Message VPN. enable configure message-vpn <vpn-name> authentication kerberos allow-api-provided-username
COMMAND:[no] allow-api-provided-usernameDESCRIPTION:Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used.
The default value is no allow-api-provided-username.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication kerberos shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable Kerberos authentication for clients connecting to the Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth
COMMAND:oauth [default-profile... | profile... | shutdown]DESCRIPTION:Enter the "oauth" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
[no] default-profile - The name of the profile to use when the client does not supply a profile name. [create|no] profile - Create, modify, or delete a OAuth Profile.
OAuth profiles specify how to securely authenticate to an OAuth provider.[no] shutdown - Enable or disable OAuth authentication for clients connecting to the Message VPN. enable configure message-vpn <vpn-name> authentication oauth default-profile
COMMAND:default-profile <value>no default-profile
DESCRIPTION:The name of the profile to use when the client does not supply a profile name.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile
COMMAND:[create | no] profile <profile>DESCRIPTION:Create, modify, or delete a OAuth Profile.
OAuth profiles specify how to securely authenticate to an OAuth provider.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<profile> [1..32 chars] - The name of the OAuth profile. enable configure message-vpn <vpn-name> authentication oauth profile <profile> authorization-groups-claim-name
COMMAND:authorization-groups-claim-name <value>no authorization-groups-claim-name
DESCRIPTION:The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorizationType attribute of the Message VPN will be used to determine authorization.
The no version of the command returns its value to the default ("groups").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..100 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> authorization-groups-claim-string-format
COMMAND:authorization-groups-claim-string-format {single | space-delimited}no authorization-groups-claim-string-format
DESCRIPTION:The format of the authorization groups claim value when it is a string.
The no version of the command returns its value to the default ("single").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
single - When the claim is a string, it is interpreted as as single group. space-delimited - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim. enable configure message-vpn <vpn-name> authentication oauth profile <profile> client
COMMAND:client [required-claim... | required-type... | validate-type]DESCRIPTION:Configure OAuth client settings.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[create|no] required-claim - Create, modify, or delete a Required Claim.
Additional claims to be verified in the ID token.[no] required-type - The required value for the TYP field in the ID token header. [no] validate-type - Enable or disable verification of the TYP field in the ID token header. enable configure message-vpn <vpn-name> authentication oauth profile <profile> client required-claim
COMMAND:[no] required-claim <name>create required-claim <name> <value>
DESCRIPTION:Create, modify, or delete a Required Claim.
Additional claims to be verified in the ID token.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..100 chars] - The name of the ID token claim to verify. <value> - The required claim value. enable configure message-vpn <vpn-name> authentication oauth profile <profile> client required-type
COMMAND:required-type <value>no required-type
DESCRIPTION:The required value for the TYP field in the ID token header.
The no version of the command returns its value to the default ("JWT").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..200 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> client validate-type
COMMAND:[no] validate-typeDESCRIPTION:Enable or disable verification of the TYP field in the ID token header.
The default value is validate-type.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> client-id
COMMAND:client-id <value>no client-id
DESCRIPTION:The OAuth client id.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..200 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> client-secret
COMMAND:client-secret <value>no client-secret
DESCRIPTION:The OAuth client secret.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..512 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> disconnect-on-token-expiration
COMMAND:[no] disconnect-on-token-expirationDESCRIPTION:Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections.
The default value is disconnect-on-token-expiration.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints
COMMAND:endpoints [discovery... | discovery-refresh-interval... | introspection... | introspection-timeout... | jwks... | jwks-refresh-interval... | userinfo... | userinfo-timeout...]DESCRIPTION:Configure OAuth endpoints.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] discovery - The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. [no] discovery-refresh-interval - The number of seconds between discovery endpoint requests. [no] introspection - The OAuth introspection endpoint. [no] introspection-timeout - The maximum time in seconds a token introspection request is allowed to take. [no] jwks - The OAuth JWKS endpoint. [no] jwks-refresh-interval - The number of seconds between JWKS endpoint requests. [no] userinfo - The OpenID Connect Userinfo endpoint. [no] userinfo-timeout - The maximum time in seconds a userinfo request is allowed to take. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints discovery
COMMAND:discovery <value>no discovery
DESCRIPTION:The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints discovery-refresh-interval
COMMAND:discovery-refresh-interval <value>no discovery-refresh-interval
DESCRIPTION:The number of seconds between discovery endpoint requests.
The no version of the command returns its value to the default (86400).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [60..31536000] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints introspection
COMMAND:introspection <value>no introspection
DESCRIPTION:The OAuth introspection endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints introspection-timeout
COMMAND:introspection-timeout <value>no introspection-timeout
DESCRIPTION:The maximum time in seconds a token introspection request is allowed to take.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..60] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints jwks
COMMAND:jwks <value>no jwks
DESCRIPTION:The OAuth JWKS endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints jwks-refresh-interval
COMMAND:jwks-refresh-interval <value>no jwks-refresh-interval
DESCRIPTION:The number of seconds between JWKS endpoint requests.
The no version of the command returns its value to the default (86400).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [60..31536000] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints userinfo
COMMAND:userinfo <value>no userinfo
DESCRIPTION:The OpenID Connect Userinfo endpoint.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints userinfo-timeout
COMMAND:userinfo-timeout <value>no userinfo-timeout
DESCRIPTION:The maximum time in seconds a userinfo request is allowed to take.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..60] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> issuer
COMMAND:issuer <value>no issuer
DESCRIPTION:The Issuer Identifier for the OAuth provider.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> mqtt-username-validate
COMMAND:[no] mqtt-username-validateDESCRIPTION:Enable or disable whether the API provided MQTT client username will be validated against the username calculated from the token(s). When enabled, connection attempts by MQTT clients are rejected if they differ. Note that this value only applies to MQTT clients; SMF client usernames will not be validated.
The default value is no mqtt-username-validate.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> oauth-role
COMMAND:oauth-role {client | resource-server}no oauth-role
DESCRIPTION:Configure whether the broker is acting as an OAuth client or an OAuth resource server.
The no version of the command returns its value to the default ("client").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
client - The broker is in the OAuth client role. resource-server - The broker is in the OAuth resource server role. enable configure message-vpn <vpn-name> authentication oauth profile <profile> proxy
COMMAND:proxy <proxy-name>no proxy
DESCRIPTION:The name of the proxy to use for discovery, user info, jwks, and introspection requests. Leave empty for no proxy.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<proxy-name> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server
COMMAND:resource-server [parse-access-token | required-audience... | required-claim... | required-issuer... | required-scope... | required-type... | validate-audience | validate-issuer | validate-scope | validate-type]DESCRIPTION:Configure OAuth resource server settings.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] parse-access-token - Enable or disable parsing of the access token as a JWT. [no] required-audience - The required audience value. [create|no] required-claim - Create, modify, or delete a Required Claim.
Additional claims to be verified in the access token.[no] required-issuer - The required issuer value. [no] required-scope - A space-separated list of scopes that must be present in the scope claim. [no] required-type - The required TYP value. [no] validate-audience - Enable or disable verification of the audience claim in the access token or introspection response. [no] validate-issuer - Enable or disable verification of the issuer claim in the access token or introspection response. [no] validate-scope - Enable or disable verification of the scope claim in the access token or introspection response. [no] validate-type - Enable or disable verification of the TYP field in the access token header. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server parse-access-token
COMMAND:[no] parse-access-tokenDESCRIPTION:Enable or disable parsing of the access token as a JWT.
The default value is parse-access-token.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-audience
COMMAND:required-audience <value>no required-audience
DESCRIPTION:The required audience value.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..200 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-claim
COMMAND:[no] required-claim <name>create required-claim <name> <value>
DESCRIPTION:Create, modify, or delete a Required Claim.
Additional claims to be verified in the access token.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..100 chars] - The name of the access token claim to verify. <value> - The required claim value. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-issuer
COMMAND:required-issuer <value>no required-issuer
DESCRIPTION:The required issuer value.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-scope
COMMAND:required-scope <value>no required-scope
DESCRIPTION:A space-separated list of scopes that must be present in the scope claim.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..200 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-type
COMMAND:required-type <value>no required-type
DESCRIPTION:The required TYP value.
The no version of the command returns its value to the default ("at+jwt").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..200 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-audience
COMMAND:[no] validate-audienceDESCRIPTION:Enable or disable verification of the audience claim in the access token or introspection response.
The default value is validate-audience.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-issuer
COMMAND:[no] validate-issuerDESCRIPTION:Enable or disable verification of the issuer claim in the access token or introspection response.
The default value is validate-issuer.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-scope
COMMAND:[no] validate-scopeDESCRIPTION:Enable or disable verification of the scope claim in the access token or introspection response.
The default value is validate-scope.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-type
COMMAND:[no] validate-typeDESCRIPTION:Enable or disable verification of the TYP field in the access token header.
The default value is validate-type.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the OAuth profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authentication oauth profile <profile> username-claim-name
COMMAND:username-claim-name <value>no username-claim-name
DESCRIPTION:The name of the username claim.
The no version of the command returns its value to the default ("sub").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..100 chars] - The value to set. enable configure message-vpn <vpn-name> authentication oauth shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable OAuth authentication for clients connecting to the Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authorization
COMMAND:authorization [authorization-group... | authorization-type... | ldap]DESCRIPTION:Enter the "authorization" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[create|no] authorization-group - Create, modify, or delete a Authorization Group.
To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.authorization-type - The authorization mechanism to be used for clients connecting to this Message VPN. ldap - Enter the "ldap" mode. enable configure message-vpn <vpn-name> authorization authorization-group
COMMAND:[create | no] authorization-group <name>DESCRIPTION:Create, modify, or delete a Authorization Group.
To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [0..256 chars] - The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'. enable configure message-vpn <vpn-name> authorization authorization-group <name> acl-profile
COMMAND:acl-profile <name>no acl-profile
DESCRIPTION:The ACL Profile of the Authorization Group.
The no version of the command returns its value to the default ("default").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The value to set. enable configure message-vpn <vpn-name> authorization authorization-group <name> client-profile
COMMAND:client-profile <name>no client-profile
DESCRIPTION:The Client Profile of the Authorization Group.
The no version of the command returns its value to the default ("default").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The value to set. enable configure message-vpn <vpn-name> authorization authorization-group <name> order
COMMAND:order {before | after} <authorization-group-name>DESCRIPTION:Arrange the priority of this group relative to another group.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
after - Move current authorization group after existing authorization group name. <authorization-group-name> [0..256 chars] - Authorization group name. before - Move current authorization group before existing authorization group name. enable configure message-vpn <vpn-name> authorization authorization-group <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Authorization Group in the Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> authorization authorization-type
COMMAND:authorization-type {ldap <ldap-profile> | internal }DESCRIPTION:The authorization mechanism to be used for clients connecting to this Message VPN.
The default is authorization-type "internal".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
internal - Use information from the internal client-username database to determine access. ldap - LDAP authorization. <ldap-profile> [1..32 chars] - LDAP profile name. enable configure message-vpn <vpn-name> authorization ldap
COMMAND:ldap [group-membership-attribute-name... | trim-client-username-domain]DESCRIPTION:Enter the "ldap" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] group-membership-attribute-name - The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN. [no] trim-client-username-domain - Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed. enable configure message-vpn <vpn-name> authorization ldap group-membership-attribute-name
COMMAND:group-membership-attribute-name <attribute-name>no group-membership-attribute-name
DESCRIPTION:The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN.
The no version of the command returns its value to the default ("memberOf").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<attribute-name> [0..64 chars] - The value to set. enable configure message-vpn <vpn-name> authorization ldap trim-client-username-domain
COMMAND:[no] trim-client-username-domainDESCRIPTION:Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed.
The default value is no trim-client-username-domain.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> bridging
COMMAND:bridging [ssl]DESCRIPTION:Enter the "bridging" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
ssl - Enter the "ssl" mode. enable configure message-vpn <vpn-name> bridging ssl
COMMAND:ssl [server-certificate-validation]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
server-certificate-validation - Enter the "server-certificate-validation" mode. enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation
COMMAND:server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]DESCRIPTION:Enter the "server-certificate-validation" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] max-certificate-chain-depth - The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. [no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates. [no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation max-certificate-chain-depth
COMMAND:max-certificate-chain-depth <max-depth>no max-certificate-chain-depth
DESCRIPTION:The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<max-depth> [0..8] - The value to set. enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation validate-certificate-date
COMMAND:[no] validate-certificate-dateDESCRIPTION:Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates.
The default value is validate-certificate-date.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation validate-server-name
COMMAND:[no] validate-server-nameDESCRIPTION:Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.
The default value is validate-server-name.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> dynamic-message-routing
COMMAND:dynamic-message-routing [dmr-bridge... | shutdown]DESCRIPTION:Enter the "dynamic-message-routing" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
[create|no] dmr-bridge - Create, modify, or delete a DMR Bridge.
A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.[no] shutdown - Enable or disable Dynamic Message Routing (DMR) for the Message VPN. enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge
COMMAND:[create | no] dmr-bridge <remote-node-name>DESCRIPTION:Create, modify, or delete a DMR Bridge.
A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<remote-node-name> [1..64 chars] - The name of the node at the remote end of the DMR Bridge. enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote
COMMAND:remote [message-vpn...]DESCRIPTION:Enter the "remote" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] message-vpn - The remote Message VPN of the DMR Bridge. enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote message-vpn
COMMAND:message-vpn <vpn-name>no message-vpn
DESCRIPTION:The remote Message VPN of the DMR Bridge.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<vpn-name> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> dynamic-message-routing shutdown
COMMAND:shutdownno shutdown
DESCRIPTION:Enable or disable Dynamic Message Routing (DMR) for the Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> event
COMMAND:event [connections | egress-message-rate | ingress-message-rate | large-message-threshold... | log-tag... | publish-client | publish-message-vpn | publish-subscription... | publish-topic-format... | service | subscriptions]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connections - Enter the "connections" mode. egress-message-rate - Enter the "egress-message-rate" mode. ingress-message-rate - Enter the "ingress-message-rate" mode. [no] large-message-threshold - The threshold, in kilobytes, after which a message is considered to be large for the Message VPN. [no] log-tag - A prefix applied to all published Events in the Message VPN. [no] publish-client - Enable or disable Client level Event message publishing. [no] publish-message-vpn - Enable or disable Message VPN level Event message publishing. [no] publish-subscription - Enable or disable subscription level event message publishing. When enabling subscription level event message publishing, if the event topic format is not specified, it defaults to v1. [no] publish-topic-format - Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.service - Enter the "service" mode. subscriptions - Enter the "subscriptions" mode. enable configure message-vpn <vpn-name> event connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter the "connections" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the client connection count event of the Message VPN, relative to max-connections. enable configure message-vpn <vpn-name> event connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the client connection count event of the Message VPN, relative to max-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event egress-message-rate
COMMAND:egress-message-rate [thresholds...]DESCRIPTION:Enter the "egress-message-rate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the egress message rate event of the Message VPN. enable configure message-vpn <vpn-name> event egress-message-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the egress message rate event of the Message VPN.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event ingress-message-rate
COMMAND:ingress-message-rate [thresholds...]DESCRIPTION:Enter the "ingress-message-rate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the receive message rate event of the Message VPN. enable configure message-vpn <vpn-name> event ingress-message-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:The thresholds for the receive message rate event of the Message VPN.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event large-message-threshold
COMMAND:large-message-threshold <size>no large-message-threshold
DESCRIPTION:The threshold, in kilobytes, after which a message is considered to be large for the Message VPN.
The no version of the command returns its value to the default (1024).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..4294967295] - The value to set. enable configure message-vpn <vpn-name> event log-tag
COMMAND:log-tag <tag-string>no log-tag
DESCRIPTION:A prefix applied to all published Events in the Message VPN.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<tag-string> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> event publish-client
COMMAND:[no] publish-clientDESCRIPTION:Enable or disable Client level Event message publishing.
The default value is no publish-client.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> event publish-message-vpn
COMMAND:[no] publish-message-vpnDESCRIPTION:Enable or disable Message VPN level Event message publishing.
The default value is no publish-message-vpn.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> event publish-subscription
COMMAND:publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}]no publish-subscription
DESCRIPTION:Enable or disable subscription level event message publishing. When enabling subscription level event message publishing, if the event topic format is not specified, it defaults to v1.
The default value is no publish-subscription.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
event-topic-format - Specify the format of the topic used for publishing the subscription event no-unsubscribe-events-on-disconnect - Do not generate unsubscribe events for each of a client's subscriptions when the client disconnects v1 - The publish topic is of form: #LOG/INFO/SUB_ADD|SUB_DEL/<subscribedTopic> v2 - The publish topic is of form: #LOG/INFO/SUB/<routerName>/ADD|DEL/<vpnName>/<clientName>/<subscribedTopic> enable configure message-vpn <vpn-name> event publish-topic-format
COMMAND:publish-topic-format [smf] [mqtt]no publish-topic-format
DESCRIPTION:Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.
The default is publish-topic-format "smf".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
mqtt - publish MQTT topic format smf - publish SMF topic format enable configure message-vpn <vpn-name> event service
COMMAND:service [amqp | mqtt | rest | smf | web-transport]DESCRIPTION:Enter the "service" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
amqp - Enter the "amqp" mode. mqtt - Enter the "mqtt" mode. rest - Enter the "rest" mode. smf - Enter the "smf" mode. web-transport - Enter the "web-transport" mode. enable configure message-vpn <vpn-name> event service amqp
COMMAND:amqp [connections]DESCRIPTION:Enter the "amqp" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connections - Enter the "connections" mode. enable configure message-vpn <vpn-name> event service amqp connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter the "connections" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the AMQP client connection count event of the Message VPN, relative to service amqp max-connections. enable configure message-vpn <vpn-name> event service amqp connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the AMQP client connection count event of the Message VPN, relative to service amqp max-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event service mqtt
COMMAND:mqtt [connections]DESCRIPTION:Enter the "mqtt" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connections - Enter the "connections" mode. enable configure message-vpn <vpn-name> event service mqtt connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter the "connections" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the MQTT client connection count event of the Message VPN, relative to service mqtt max-connections. enable configure message-vpn <vpn-name> event service mqtt connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the MQTT client connection count event of the Message VPN, relative to service mqtt max-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event service rest
COMMAND:rest [incoming]DESCRIPTION:Enter the "rest" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
incoming - Enter the "incoming" mode. enable configure message-vpn <vpn-name> event service rest incoming
COMMAND:incoming [connections]DESCRIPTION:Enter the "incoming" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connections - Enter the "connections" mode. enable configure message-vpn <vpn-name> event service rest incoming connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter the "connections" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the incoming REST client connection count event of the Message VPN, relative to service rest incoming max-connections. enable configure message-vpn <vpn-name> event service rest incoming connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the incoming REST client connection count event of the Message VPN, relative to service rest incoming max-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event service smf
COMMAND:smf [connections]DESCRIPTION:Enter the "smf" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connections - Enter the "connections" mode. enable configure message-vpn <vpn-name> event service smf connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter the "connections" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the SMF client connection count event of the Message VPN, relative to service smf max-connections. enable configure message-vpn <vpn-name> event service smf connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the SMF client connection count event of the Message VPN, relative to service smf max-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event service web-transport
COMMAND:web-transport [connections]DESCRIPTION:Enter the "web-transport" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connections - Enter the "connections" mode. enable configure message-vpn <vpn-name> event service web-transport connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter the "connections" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Web Transport client connection count event of the Message VPN, relative to service web-transport max-connections. enable configure message-vpn <vpn-name> event service web-transport connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Web Transport client connection count event of the Message VPN, relative to service web-transport max-connections.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> event subscriptions
COMMAND:subscriptions [thresholds...]DESCRIPTION:Enter the "subscriptions" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the subscription count event of the Message VPN, relative to max-subscriptions. enable configure message-vpn <vpn-name> event subscriptions thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the subscription count event of the Message VPN, relative to max-subscriptions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> export-policy
COMMAND:export-policy [export-subscriptions]DESCRIPTION:Enter the "export-policy" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] export-subscriptions - Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links. enable configure message-vpn <vpn-name> export-policy export-subscriptions
COMMAND:[no] export-subscriptionsDESCRIPTION:Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links.
The default value is no export-subscriptions.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> max-connections
COMMAND:max-connections <value>no max-connections
DESCRIPTION:The maximum number of client connections to the Message VPN.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-vpn <vpn-name> max-subscriptions
COMMAND:max-subscriptions <value>no max-subscriptions
DESCRIPTION:The maximum number of local subscriptions that can be added to the Message VPN.
The no version of the command returns its value to the default (5000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..4294967295] - The value to set. enable configure message-vpn <vpn-name> mqtt
COMMAND:mqtt [mqtt-session... | retain]DESCRIPTION:Enter the "mqtt" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[create|no] mqtt-session - Create, modify, or delete a MQTT Session.
An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).retain - Enter the "retain" mode. enable configure message-vpn <vpn-name> mqtt mqtt-session
COMMAND:mqtt-session <client-id> [primary | backup | auto]create mqtt-session <client-id> [primary | backup | auto]
no mqtt-session <client-id> [primary | backup | auto]
DESCRIPTION:Create, modify, or delete a MQTT Session.
An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
auto - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role. backup - The MQTT Session belongs to the backup virtual router. <client-id> [1..128 chars] - The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet. primary - The MQTT Session belongs to the primary virtual router. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> owner
COMMAND:owner <owner>no owner
DESCRIPTION:The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<owner> [0..189 chars] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue
COMMAND:[create | no] queueDESCRIPTION:Enter the configuration mode for the mqtt-session queue.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue consumer-ack-propagation
COMMAND:[no] consumer-ack-propagationDESCRIPTION:Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.
The default value is consumer-ack-propagation.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue dead-message-queue
COMMAND:dead-message-queue <dmq-name>no dead-message-queue
DESCRIPTION:The name of the Dead Message Queue (DMQ) used by the MQTT Session Queue.
The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<dmq-name> [1..200 chars] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event
COMMAND:event [bind-count | reject-low-priority-msg-limit | spool-usage]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
bind-count - Enter the "bind-count" mode. reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode. spool-usage - Enter the "spool-usage" mode. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count
COMMAND:bind-count [thresholds...]DESCRIPTION:Enter the "bind-count" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - Thresholds for the high number of the MQTT Session Queue Consumers Event, relative to `queueMaxBindCount`. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:Thresholds for the high number of the MQTT Session Queue Consumers Event, relative to `queueMaxBindCount`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit [thresholds...]DESCRIPTION:Enter the "reject-low-priority-msg-limit" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The threshold for the maximum allowed number of any priority messages queued in the MQTT Session Queue, relative to `queueRejectLowPriorityMsgLimit`. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The threshold for the maximum allowed number of any priority messages queued in the MQTT Session Queue, relative to `queueRejectLowPriorityMsgLimit`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Enter the "spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The threshold for the Message Spool usage event of the MQTT Session Queue, relative to `queueMaxMsgSpoolUsage`. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The threshold for the Message Spool usage event of the MQTT Session Queue, relative to `queueMaxMsgSpoolUsage`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-bind-count
COMMAND:max-bind-count <value>no max-bind-count
DESCRIPTION:The maximum number of consumer flows that can bind to the MQTT Session Queue.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..10000] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-delivered-unacked-msgs-per-flow
COMMAND:max-delivered-unacked-msgs-per-flow <max>no max-delivered-unacked-msgs-per-flow
DESCRIPTION:The maximum number of messages delivered but not acknowledged per flow for the MQTT Session Queue.
The no version of the command returns its value to the default (10000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<max> [1..1000000] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-message-size
COMMAND:max-message-size <size>no max-message-size
DESCRIPTION:The maximum message size allowed in the MQTT Session Queue, in bytes (B).
The no version of the command returns its value to the default (10000000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..30000000] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-redelivery
COMMAND:max-redelivery <value>no max-redelivery
DESCRIPTION:The maximum number of times the MQTT Session Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..255] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage allowed by the MQTT Session Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.
The no version of the command returns its value to the default (5000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<size> [0..6000000] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-ttl
COMMAND:max-ttl <ttl>no max-ttl
DESCRIPTION:The maximum time in seconds a message can stay in the MQTT Session Queue when `queueRespectTtlEnabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queueMaxTtl` configured for the MQTT Session Queue, is exceeded. A value of 0 disables expiry.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<ttl> [0..4294967295] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg
COMMAND:[no] reject-low-priority-msgDESCRIPTION:Enable or disable the checking of low priority messages against the `queueRejectLowPriorityMsgLimit`. This may only be enabled if `queueRejectMsgToSenderOnDiscardBehavior` does not have a value of `"never"`.
The default value is no reject-low-priority-msg.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg-limit
COMMAND:reject-low-priority-msg-limit <limit>no reject-low-priority-msg-limit
DESCRIPTION:The number of messages of any priority in the MQTT Session Queue above which low priority messages are not admitted but higher priority messages are allowed.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<limit> [0..4294967295] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-msg-to-sender-on-discard
COMMAND:reject-msg-to-sender-on-discard [including-when-shutdown]no reject-msg-to-sender-on-discard
DESCRIPTION:Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.
The default value is reject-msg-to-sender-on-discard.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue respect-ttl
COMMAND:[no] respect-ttlDESCRIPTION:Enable or disable the respecting of the time-to-live (TTL) for messages in the MQTT Session Queue. When enabled, expired messages are discarded or moved to the DMQ.
The default value is no respect-ttl.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription
COMMAND:[create | no] subscription <topic>DESCRIPTION:Create, modify, or delete a Subscription.
An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<topic> [1..250 chars] - The MQTT subscription topic. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription <topic> qos
COMMAND:qos <qos-value>no qos
DESCRIPTION:The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<qos-value> [0..1] - The value to set. enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription-list
COMMAND:subscription-list qos <qos-value> [<topic-list>]DESCRIPTION:Create or delete multiple subscriptions for the MQTT Session. MQTT topic syntax is expected. The QoS value is either 0 (deliver at most once) or 1 (deliver at least once). When creating subscriptions (with +), the QoS of an existing subscription with the same topic will be changed to the new QoS value. When deleting subscriptions (with -), the QoS of each existing subscription must match for it to be removed.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<qos-value> [0..1] - Quality of service for the subscriptions <topic-list> [2..251 chars starting with + or -] - List of +/- MQTT topics, space separated. Maximum of 32 topics. enable configure message-vpn <vpn-name> mqtt retain
COMMAND:retain [cache... | max-memory...]DESCRIPTION:Enter the "retain" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[create|no] cache - Create, modify, or delete a MQTT Retain Cache.
Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.[no] max-memory - The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational. enable configure message-vpn <vpn-name> mqtt retain cache
COMMAND:[create | no] cache <cache-name>DESCRIPTION:Create, modify, or delete a MQTT Retain Cache.
Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<cache-name> [1..64 chars] - The name of the MQTT Retain Cache. enable configure message-vpn <vpn-name> mqtt retain cache <cache-name> message-lifetime
COMMAND:message-lifetime <seconds>no message-lifetime
DESCRIPTION:The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [0..4294967294] - The value to set. enable configure message-vpn <vpn-name> mqtt retain cache <cache-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable this MQTT Retain Cache. When the cache is disabled, neither retain messages nor retain requests will be delivered by the cache. However, live retain messages will continue to be delivered to currently connected MQTT clients.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> mqtt retain max-memory
COMMAND:max-memory <megabytes>no max-memory
DESCRIPTION:The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational.
The no version of the command returns its value to the default (-1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<megabytes> [-1..2147483647] - The value to set. enable configure message-vpn <vpn-name> proxy
COMMAND:[create | no] proxy <proxy-name>DESCRIPTION:Create, modify, or delete a Proxy.
Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<proxy-name> [1..32 chars] - The name of the proxy. enable configure message-vpn <vpn-name> proxy <proxy-name> authentication
COMMAND:authentication [auth-scheme... | basic]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] auth-scheme - The authentication scheme used to connect to the proxy. basic - Enter the "basic" mode. enable configure message-vpn <vpn-name> proxy <proxy-name> authentication auth-scheme
COMMAND:auth-scheme {none | basic}no auth-scheme
DESCRIPTION:The authentication scheme used to connect to the proxy.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
basic - Username/password authentication. none - No authentication. enable configure message-vpn <vpn-name> proxy <proxy-name> authentication basic
COMMAND:basic [password... | username...]DESCRIPTION:Enter the "basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] password - The password to use with basic authentication. [no] username - The username to use with basic authentication. enable configure message-vpn <vpn-name> proxy <proxy-name> authentication basic password
COMMAND:password <value>no password
DESCRIPTION:The password to use with basic authentication.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..64 chars] - The value to set. enable configure message-vpn <vpn-name> proxy <proxy-name> authentication basic username
COMMAND:username <value>no username
DESCRIPTION:The username to use with basic authentication.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> proxy <proxy-name> host
COMMAND:host <value>no host
DESCRIPTION:The IP address or host name of the proxy.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..253 chars: ] - The value to set. enable configure message-vpn <vpn-name> proxy <proxy-name> port
COMMAND:port <value>no port
DESCRIPTION:The port to connect to on the proxy host.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..65535] - The value to set. enable configure message-vpn <vpn-name> proxy <proxy-name> proxy-type
COMMAND:proxy-type {direct | http}no proxy-type
DESCRIPTION:The type of proxy.
The no version of the command returns its value to the default ("direct").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
direct - Direct connection (no proxy). http - HTTP proxy. enable configure message-vpn <vpn-name> proxy <proxy-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> replication
COMMAND:replication [ack-propagation | bridge | queue | reject-msg-when-sync-ineligible | replicated-topic... | shutdown | state... | transaction-replication-mode...]DESCRIPTION:Enter the "replication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
ack-propagation - Enter the "ack-propagation" mode. bridge - Enter the "bridge" mode. queue - Enter the "queue" mode. [no] reject-msg-when-sync-ineligible - Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible. [create|no] replicated-topic - Create, modify, or delete a Replicated Topic.
To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.[no] shutdown - Enable or disable replication for the Message VPN. The default behavior when enabling replication is fail-on-existing-queue. state - The replication role for the Message VPN. [no] transaction-replication-mode - The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction. enable configure message-vpn <vpn-name> replication ack-propagation
COMMAND:ack-propagation [interval]DESCRIPTION:Enter the "ack-propagation" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
interval - Enter the "interval" mode. enable configure message-vpn <vpn-name> replication ack-propagation interval
COMMAND:interval [messages...]DESCRIPTION:Enter the "interval" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] messages - The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages. enable configure message-vpn <vpn-name> replication ack-propagation interval messages
COMMAND:messages <num-messages>no messages
DESCRIPTION:The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages.
The no version of the command returns its value to the default (20).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num-messages> [1..65535] - The value to set. enable configure message-vpn <vpn-name> replication bridge
COMMAND:bridge [authentication | compressed-data | message-spool | retry-delay... | ssl | unidirectional]DESCRIPTION:Enter the "bridge" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
authentication - Enter the "authentication" mode. [no] compressed-data - Enable or disable use of compression for the replication Bridge. message-spool - Enter the "message-spool" mode. [no] retry-delay - The number of seconds that must pass before retrying the replication Bridge connection. [no] ssl - Enable or disable use of encryption (TLS) for the replication Bridge connection. unidirectional - Enter the "unidirectional" mode. enable configure message-vpn <vpn-name> replication bridge authentication
COMMAND:authentication [auth-scheme... | basic | client-certificate]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
auth-scheme - The authentication scheme for the replication Bridge in the Message VPN. basic - Enter the "basic" mode. client-certificate - Enter the "client-certificate" mode. enable configure message-vpn <vpn-name> replication bridge authentication auth-scheme
COMMAND:auth-scheme {basic | client-certificate}DESCRIPTION:The authentication scheme for the replication Bridge in the Message VPN.
The default is auth-scheme "basic".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
basic - Basic Authentication Scheme (via username and password). client-certificate - Client Certificate Authentication Scheme (via certificate file or content). enable configure message-vpn <vpn-name> replication bridge authentication basic
COMMAND:basic [client-username...]DESCRIPTION:Enter the "basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] client-username - The Client Username and password the replication Bridge uses to login to the remote Message VPN. enable configure message-vpn <vpn-name> replication bridge authentication basic client-username
COMMAND:client-username <name> [password <password> ]no client-username
DESCRIPTION:The Client Username and password the replication Bridge uses to login to the remote Message VPN.
The no version of the command returns its value to the default (no client-username configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router. <password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router. enable configure message-vpn <vpn-name> replication bridge authentication client-certificate
COMMAND:client-certificate [certificate-file...]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] certificate-file - The client certificate used by this Bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.enable configure message-vpn <vpn-name> replication bridge authentication client-certificate certificate-file
COMMAND:certificate-file <filename> [file-contents <file-contents> ]no certificate-file
DESCRIPTION:The client certificate used by this Bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<file-contents> [0..32768 chars] - The server certificate. <filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory. enable configure message-vpn <vpn-name> replication bridge compressed-data
COMMAND:[no] compressed-dataDESCRIPTION:Enable or disable use of compression for the replication Bridge.
The default value is no compressed-data.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> replication bridge message-spool
COMMAND:message-spool [window-size...]DESCRIPTION:Enter the "message-spool" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] window-size - The size of the window used for guaranteed messages published to the replication Bridge, in messages. enable configure message-vpn <vpn-name> replication bridge message-spool window-size
COMMAND:window-size <number>no window-size
DESCRIPTION:The size of the window used for guaranteed messages published to the replication Bridge, in messages.
The no version of the command returns its value to the default (255).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<number> [0..65535] - The value to set. enable configure message-vpn <vpn-name> replication bridge retry-delay
COMMAND:retry-delay <seconds>no retry-delay
DESCRIPTION:The number of seconds that must pass before retrying the replication Bridge connection.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [0..255] - The value to set. enable configure message-vpn <vpn-name> replication bridge ssl
COMMAND:[no] sslDESCRIPTION:Enable or disable use of encryption (TLS) for the replication Bridge connection.
The default value is no ssl.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> replication bridge unidirectional
COMMAND:unidirectional [client-profile...]DESCRIPTION:Enter the "unidirectional" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] client-profile - The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters. enable configure message-vpn <vpn-name> replication bridge unidirectional client-profile
COMMAND:client-profile <name>no client-profile
DESCRIPTION:The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters.
The no version of the command returns its value to the default ("#client-profile").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [1..32 chars] - The value to set. enable configure message-vpn <vpn-name> replication queue
COMMAND:queue [max-spool-usage... | reject-msg-to-sender-on-discard]DESCRIPTION:Enter the "queue" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
[no] max-spool-usage - The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes. [no] reject-msg-to-sender-on-discard - Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender. enable configure message-vpn <vpn-name> replication queue max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes.
The no version of the command returns its value to the default (60000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<size> [1..6000000] - The value to set. enable configure message-vpn <vpn-name> replication queue reject-msg-to-sender-on-discard
COMMAND:[no] reject-msg-to-sender-on-discardDESCRIPTION:Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender.
The default value is reject-msg-to-sender-on-discard.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> replication reject-msg-when-sync-ineligible
COMMAND:[no] reject-msg-when-sync-ineligibleDESCRIPTION:Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible.
The default value is no reject-msg-when-sync-ineligible.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> replication replicated-topic
COMMAND:[create | no] replicated-topic <topic>DESCRIPTION:Create, modify, or delete a Replicated Topic.
To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<topic> [1..250 chars] - The topic for applying replication. Published messages matching this topic will be replicated to the standby site. enable configure message-vpn <vpn-name> replication replicated-topic <topic> replication-mode
COMMAND:replication-mode {sync | async}no replication-mode
DESCRIPTION:The replication mode for the Replicated Topic.
The no version of the command returns its value to the default ("async").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
async - Messages are acknowledged when pending replication (spooled locally). sync - Messages are acknowledged when replicated (spooled remotely). enable configure message-vpn <vpn-name> replication shutdown
COMMAND:shutdownno shutdown [fail-on-existing-queue | force-use-existing-queue | force-recreate-queue]
DESCRIPTION:Enable or disable replication for the Message VPN. The default behavior when enabling replication is fail-on-existing-queue.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
fail-on-existing-queue - The data replication queue must not already exist. force-recreate-queue - The data replication queue must already exist. Any data messages on the Queue will be discarded. IMPORTANT: Before using this mode be certain that the messages on the existing data replication queue are not needed by interested applications. force-use-existing-queue - The data replication queue must already exist. Any data messages on the Queue will be forwarded to interested applications. IMPORTANT: Before using this mode be certain that the messages are not stale or otherwise unsuitable to be forwarded. This mode can only be specified when the existing queue is configured the same as is currently specified under replication configuration otherwise the enabling of replication will fail. enable configure message-vpn <vpn-name> replication state
COMMAND:state {active | standby}DESCRIPTION:The replication role for the Message VPN.
The default is state "standby".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
active - Configure the VPN replication state to be active standby - Configure the VPN replication state to be standby enable configure message-vpn <vpn-name> replication transaction-replication-mode
COMMAND:transaction-replication-mode {sync | async}no transaction-replication-mode
DESCRIPTION:The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction.
The no version of the command returns its value to the default ("async").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
async - Messages are acknowledged when pending replication (spooled locally). sync - Messages are acknowledged when replicated (spooled remotely). enable configure message-vpn <vpn-name> rest
COMMAND:rest [rest-delivery-point... | ssl]DESCRIPTION:Enter the "rest" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-manager or vpn/read-writePARAMETERS:
[create|no] rest-delivery-point - Create, modify, or delete a REST Delivery Point.
A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.ssl - Enter the "ssl" mode. enable configure message-vpn <vpn-name> rest rest-delivery-point
COMMAND:[create | no] rest-delivery-point <name>DESCRIPTION:Create, modify, or delete a REST Delivery Point.
A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..100 chars] - The name of the REST Delivery Point. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> client-profile
COMMAND:client-profile <name>no client-profile
DESCRIPTION:The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP.
The no version of the command returns its value to the default ("default").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding
COMMAND:[create | no] queue-binding <queue-name>DESCRIPTION:Create, modify, or delete a Queue Binding.
A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<queue-name> [1..200 chars] - The name of a queue in the Message VPN. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> gateway
COMMAND:gateway [replace-target-authority]DESCRIPTION:Enter the "gateway" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] replace-target-authority - Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> gateway replace-target-authority
COMMAND:[no] replace-target-authorityDESCRIPTION:Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode.
The default value is no replace-target-authority.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> post-request-target
COMMAND:post-request-target <post-request-target>no post-request-target
DESCRIPTION:The request-target string to use when sending requests. It identifies the target resource on the far-end REST Consumer upon which to apply the request. There are generally two common forms for the request-target. The origin-form is most often used in practice and contains the path and query components of the target URI. If the path component is empty then the client must generally send a "/" as the path. When making a request to a proxy, most often the absolute-form is required. This configuration is only applicable when the Message VPN is in REST messaging mode.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<post-request-target> [0..2000 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> protected-request-header
COMMAND:[create | no] protected-request-header <header-name>DESCRIPTION:Create, modify, or delete a Protected Request Header.
A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<header-name> [1..50 chars] - The name of the protected HTTP request header. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> protected-request-header <header-name> header-value
COMMAND:header-value <value>no header-value
DESCRIPTION:The value of the protected HTTP request header. Unlike a non-protected request header, this value cannot be displayed after it is set, and does not support substitution expressions.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..2000 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> request-header
COMMAND:[create | no] request-header <header-name>DESCRIPTION:Create, modify, or delete a Request Header.
A request header to be added to the HTTP request.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<header-name> [1..50 chars] - The name of the HTTP request header. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> request-header <header-name> header-value
COMMAND:header-value <value>no header-value
DESCRIPTION:A substitution expression for the value of the HTTP request header.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..2000 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> request-target-evaluation
COMMAND:request-target-evaluation {none | substitution-expressions}DESCRIPTION:The type of evaluation to perform on the request target.
The default is request-target-evaluation "none".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
none - Do not evaluate substitution expressions on the request target. substitution-expressions - Evaluate substitution expressions on the request target. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer
COMMAND:[create | no] rest-consumer <name>DESCRIPTION:Create, modify, or delete a REST Consumer.
REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [1..32 chars] - The name of the REST Consumer. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication
COMMAND:authentication [auth-scheme... | aws | client-certificate | http-basic | http-header | oauth-client | oauth-jwt]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] auth-scheme - The authentication scheme used by the REST Consumer to login to the REST host. aws - Enter the "aws" mode. client-certificate - Enter the "client-certificate" mode. http-basic - Enter the "http-basic" mode. http-header - Enter the "http-header" mode. oauth-client - Enter the "oauth-client" mode. oauth-jwt - Enter the "oauth-jwt" mode. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication auth-scheme
COMMAND:auth-scheme {none | http-basic | client-certificate | http-header | oauth-client | oauth-jwt | transparent | aws}no auth-scheme
DESCRIPTION:The authentication scheme used by the REST Consumer to login to the REST host.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
aws - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256). client-certificate - Login with a client TLS certificate as per RFC 5246. Client certificate authentication is only available on TLS connections. http-basic - Login with a username and optional password according to HTTP Basic authentication as per RFC 2616. http-header - Login with a specified HTTP header. none - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication. oauth-client - Login with OAuth 2.0 client credentials. oauth-jwt - Login with OAuth (RFC 7523 JWT Profile). transparent - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws
COMMAND:aws [access-key-id... | region... | secret-access-key... | service...]DESCRIPTION:Enter the "aws" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] access-key-id - The AWS access key id. [no] region - The AWS region id [no] secret-access-key - The AWS secret access key. [no] service - The AWS service id. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws access-key-id
COMMAND:access-key-id <access-key-id>no access-key-id
DESCRIPTION:The AWS access key id.
The no version of the command returns its value to the default (no access-key-id configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<access-key-id> [0..32 chars] - The AWS access key id. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws region
COMMAND:region <region>no region
DESCRIPTION:The AWS region id
The no version of the command returns its value to the default (no region configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<region> [0..20 chars] - The AWS region id. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws secret-access-key
COMMAND:secret-access-key <secret-access-key>no secret-access-key
DESCRIPTION:The AWS secret access key.
The no version of the command returns its value to the default (no secret-access-key configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<secret-access-key> [0..64 chars] - The AWS secret access key. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws service
COMMAND:service <service>no service
DESCRIPTION:The AWS service id.
The no version of the command returns its value to the default (no service configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<service> [0..50 chars] - The AWS service id. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication client-certificate
COMMAND:client-certificate [certificate-file...]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] certificate-file - The client certificate that the REST Consumer will present to the REST host. The certificate file must be in the /certs directory and must be PEM formatted (have a .pem extension). If no certificate file is associated with a REST Consumer configured to use the client-certificate auth-scheme then the server certificate of the broker is used instead. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication client-certificate certificate-file
COMMAND:certificate-file <filename> [file-contents <file-contents> ]no certificate-file
DESCRIPTION:The client certificate that the REST Consumer will present to the REST host. The certificate file must be in the /certs directory and must be PEM formatted (have a .pem extension). If no certificate file is associated with a REST Consumer configured to use the client-certificate auth-scheme then the server certificate of the broker is used instead.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<file-contents> [0..32768 chars] - The server certificate. <filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-basic
COMMAND:http-basic [username...]DESCRIPTION:Enter the "http-basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] username - The username that the REST Consumer will use to login to the REST host. If a password is required for authentication, it can also be provided. Normally a username is only configured when basic authentication is selected for the REST Consumer. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-basic username
COMMAND:username <name> [password <password> ]no username
DESCRIPTION:The username that the REST Consumer will use to login to the REST host. If a password is required for authentication, it can also be provided. Normally a username is only configured when basic authentication is selected for the REST Consumer.
The no version of the command returns its value to the default (no username configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [0..189 chars] - The username used for authentication on the remote server. <password> [0..128 chars] - The password associated with the username used for authentication on the remote server. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-header
COMMAND:http-header [name... | value...]DESCRIPTION:Enter the "http-header" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] name - The header name that the REST Consumer will use to login to the REST host. [no] value - The header value that the REST Consumer will use to login to the REST host. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-header name
COMMAND:name <name>no name
DESCRIPTION:The header name that the REST Consumer will use to login to the REST host.
The no version of the command returns its value to the default (no name configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> [0..50 chars] - The authentication header name. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-header value
COMMAND:value <http-header-value>no value
DESCRIPTION:The header value that the REST Consumer will use to login to the REST host.
The no version of the command returns its value to the default (no value configured).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<http-header-value> [0..2100 chars] - The authentication header value. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client
COMMAND:oauth-client [client-id... | client-secret... | proxy... | scope... | token-endpoint... | token-expiry-default...]DESCRIPTION:Enter the "oauth-client" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] client-id - The OAuth client ID. [no] client-secret - The OAuth client secret. [no] proxy - The name of the proxy to use. Leave empty for no proxy. [no] scope - The OAuth scope. [no] token-endpoint - The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. [no] token-expiry-default - The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client client-id
COMMAND:client-id <client-id>no client-id
DESCRIPTION:The OAuth client ID.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<client-id> [0..200 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client client-secret
COMMAND:client-secret <client-secret>no client-secret
DESCRIPTION:The OAuth client secret.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<client-secret> [0..512 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client proxy
COMMAND:proxy <proxy-name>no proxy
DESCRIPTION:The name of the proxy to use. Leave empty for no proxy.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<proxy-name> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client scope
COMMAND:scope <scope>no scope
DESCRIPTION:The OAuth scope.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<scope> [0..200 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client token-endpoint
COMMAND:token-endpoint <token-endpoint>no token-endpoint
DESCRIPTION:The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<token-endpoint> [0..2048 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client token-expiry-default
COMMAND:token-expiry-default <value>no token-expiry-default
DESCRIPTION:The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync.
The no version of the command returns its value to the default (900).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [60..86400] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt
COMMAND:oauth-jwt [claim | proxy... | secret-key... | token-endpoint... | token-expiry-default...]DESCRIPTION:Enter the "oauth-jwt" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
{create|no} claim - Create or delete a Claim.
A Claim is added to the JWT sent to the OAuth token request endpoint.[no] proxy - The name of the proxy to use. Leave empty for no proxy. [no] secret-key - The OAuth secret key used to sign the token request JWT. [no] token-endpoint - The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. [no] token-expiry-default - The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt claim
COMMAND:create claim <name> <value>no claim <name>
DESCRIPTION:Create or delete a Claim.
A Claim is added to the JWT sent to the OAuth token request endpoint.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<name> - The name of the additional claim. Cannot be "exp", "iat", or "jti". <value> - The value of the additional claim, which must be a string containing a valid JSON value. For example, if the value is a string, it must be enclosed in double quotes. Note that since double quotes are special characters in the CLI, the quotes must be escaped: a claim value of "string" would be specified as \"string\". enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt proxy
COMMAND:proxy <proxy-name>no proxy
DESCRIPTION:The name of the proxy to use. Leave empty for no proxy.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<proxy-name> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt secret-key
COMMAND:secret-key <value>no secret-key
DESCRIPTION:The OAuth secret key used to sign the token request JWT.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..4096 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt token-endpoint
COMMAND:token-endpoint <value>no token-endpoint
DESCRIPTION:The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..2048 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt token-expiry-default
COMMAND:token-expiry-default <value>no token-expiry-default
DESCRIPTION:The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync.
The no version of the command returns its value to the default (900).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [60..86400] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> local
COMMAND:local [interface...]DESCRIPTION:Enter the "local" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] interface - The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> local interface
COMMAND:interface <phys-intf>no interface
DESCRIPTION:The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<phys-intf> [0..15 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote
COMMAND:remote [host... | http-method... | max-post-wait-time... | outgoing-connection-count... | port... | proxy... | retry | ssl]DESCRIPTION:Enter the "remote" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] host - The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up. [no] http-method - The HTTP method to use (POST or PUT). This is used only when operating in the REST service "messaging" mode and is ignored in "gateway" mode. [no] max-post-wait-time - The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset. [no] outgoing-connection-count - The number of concurrent TCP connections open to the REST Consumer. [no] port - The port associated with the host of the REST Consumer. [no] proxy - The name of the proxy to use. Leave empty for no proxy. retry - Enter the "retry" mode. [no] ssl - Enable or disable encryption (TLS) for the REST Consumer. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote host
COMMAND:host <dest-ip-addr-or-host>no host
DESCRIPTION:The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<dest-ip-addr-or-host> [0..253 chars: ] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote http-method
COMMAND:http-method {post | put}no http-method
DESCRIPTION:The HTTP method to use (POST or PUT). This is used only when operating in the REST service "messaging" mode and is ignored in "gateway" mode.
The no version of the command returns its value to the default ("post").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
post - Use the POST HTTP method. put - Use the PUT HTTP method. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote max-post-wait-time
COMMAND:max-post-wait-time <seconds>no max-post-wait-time
DESCRIPTION:The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset.
The no version of the command returns its value to the default (30).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [1..300] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote outgoing-connection-count
COMMAND:outgoing-connection-count <count>no outgoing-connection-count
DESCRIPTION:The number of concurrent TCP connections open to the REST Consumer.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<count> [1..50] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote port
COMMAND:port <port>no port
DESCRIPTION:The port associated with the host of the REST Consumer.
The no version of the command returns its value to the default. The default value is 8080, or 8443 if TLS is enabled.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<port> [1..65535] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote proxy
COMMAND:proxy <proxy-name>no proxy
DESCRIPTION:The name of the proxy to use. Leave empty for no proxy.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<proxy-name> [0..32 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote retry
COMMAND:retry [delay...]DESCRIPTION:Enter the "retry" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] delay - The number of seconds that must pass before retrying the remote REST Consumer connection. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote retry delay
COMMAND:delay <seconds>no delay
DESCRIPTION:The number of seconds that must pass before retrying the remote REST Consumer connection.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [1..300] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote ssl
COMMAND:[no] sslDESCRIPTION:Enable or disable encryption (TLS) for the REST Consumer.
The default value is no ssl.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the REST Consumer. When disabled, no connections are initiated or messages delivered to this particular REST Consumer.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> ssl
COMMAND:ssl [cipher-suite...]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] cipher-suite - The list of cipher suites the REST Consumer uses in its encrypted connection. The value "default" implies all supported suites ordered from most secure to least secure. The REST Consumer should choose the first suite from this list that it supports. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> ssl cipher-suite
COMMAND:cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }no cipher-suite name <suite-name>
DESCRIPTION:The list of cipher suites the REST Consumer uses in its encrypted connection. The value "default" implies all supported suites ordered from most secure to least secure. The REST Consumer should choose the first suite from this list that it supports.
The default is cipher-suite "default".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
after - Add the suite-name after the existing-suite-name before - Add the suite-name before the existing-suite-name default - The default cipher suite list. empty - Remove all cipher suites from the list <existing-suite-name> [1..64 chars] <suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present ( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite enable configure message-vpn <vpn-name> rest rest-delivery-point <name> service
COMMAND:service <value>no service
DESCRIPTION:The name of the service that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..50 chars] - The value to set. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the REST Delivery Point. When disabled, no connections are initiated or messages delivered to any of the contained REST Consumers.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> rest rest-delivery-point <name> vendor
COMMAND:vendor <value>no vendor
DESCRIPTION:The name of the vendor that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..50 chars] - The value to set. enable configure message-vpn <vpn-name> rest ssl
COMMAND:ssl [server-certificate-validation]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
server-certificate-validation - Enter the "server-certificate-validation" mode. enable configure message-vpn <vpn-name> rest ssl server-certificate-validation
COMMAND:server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]DESCRIPTION:Enter the "server-certificate-validation" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] max-certificate-chain-depth - The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. [no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the REST Consumer server certificate. [no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. enable configure message-vpn <vpn-name> rest ssl server-certificate-validation max-certificate-chain-depth
COMMAND:max-certificate-chain-depth <max-depth>no max-certificate-chain-depth
DESCRIPTION:The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<max-depth> [0..8] - The value to set. enable configure message-vpn <vpn-name> rest ssl server-certificate-validation validate-certificate-date
COMMAND:[no] validate-certificate-dateDESCRIPTION:Enable or disable validation of the "Not Before" and "Not After" validity dates in the REST Consumer server certificate.
The default value is validate-certificate-date.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> rest ssl server-certificate-validation validate-server-name
COMMAND:[no] validate-server-nameDESCRIPTION:Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.
The default value is validate-server-name.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> semp-over-msgbus
COMMAND:semp-over-msgbus [admin-cmds | legacy-show-clear-cmds | show-cmds | shutdown]DESCRIPTION:Enter the "semp-over-msgbus" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
admin-cmds - Enter the "admin-cmds" mode. legacy-show-clear-cmds - Enter the "legacy-show-clear-cmds" mode. show-cmds - Enter the "show-cmds" mode. [no] shutdown - Enable or disable SEMP over the message bus for the current Message VPN. enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds
COMMAND:admin-cmds [client-cmds | distributed-cache-cmds | shutdown]DESCRIPTION:Enter the "admin-cmds" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
client-cmds - Enter the "client-cmds" mode. distributed-cache-cmds - Enter the "distributed-cache-cmds" mode. [no] shutdown - Enable or disable "admin" SEMP over the message bus commands for the current Message VPN. enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds client-cmds
COMMAND:client-cmds [shutdown]DESCRIPTION:Enter the "client-cmds" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] shutdown - Enable or disable "admin client" SEMP over the message bus commands for the current Message VPN. enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds client-cmds shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable "admin client" SEMP over the message bus commands for the current Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds distributed-cache-cmds
COMMAND:distributed-cache-cmds [shutdown]DESCRIPTION:Enter the "distributed-cache-cmds" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] shutdown - Enable or disable "admin distributed-cache" SEMP over the message bus commands for the current Message VPN. enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds distributed-cache-cmds shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable "admin distributed-cache" SEMP over the message bus commands for the current Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable "admin" SEMP over the message bus commands for the current Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> semp-over-msgbus legacy-show-clear-cmds
COMMAND:legacy-show-clear-cmds [shutdown]DESCRIPTION:Enter the "legacy-show-clear-cmds" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] shutdown - Enable or disable "legacy-show-clear" SEMP over the message bus commands (that is, SEMP show and administration requests published to the topic "#P2P/[router name]/#client/SEMP") for the current Message VPN. enable configure message-vpn <vpn-name> semp-over-msgbus legacy-show-clear-cmds shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable "legacy-show-clear" SEMP over the message bus commands (that is, SEMP show and administration requests published to the topic "#P2P/[router name]/#client/SEMP") for the current Message VPN.
The default value is shutdown.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> semp-over-msgbus show-cmds
COMMAND:show-cmds [shutdown]DESCRIPTION:Enter the "show-cmds" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] shutdown - Enable or disable "show" SEMP over the message bus commands for the current Message VPN. enable configure message-vpn <vpn-name> semp-over-msgbus show-cmds shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable "show" SEMP over the message bus commands for the current Message VPN.
The default value is shutdown.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> semp-over-msgbus shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable SEMP over the message bus for the current Message VPN.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service
COMMAND:service [amqp | mqtt | rest | smf | web-transport]DESCRIPTION:Enter the "service" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
amqp - Enter the "amqp" mode. mqtt - Enter the "mqtt" mode. rest - Enter the "rest" mode. smf - Enter the "smf" mode. web-transport - Enter the "web-transport" mode. enable configure message-vpn <vpn-name> service amqp
COMMAND:amqp [listen-port... | max-connections... | plain-text | ssl]DESCRIPTION:Enter the "amqp" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] listen-port - The port number for AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. AMQP must not be enabled for the particular transport to change the port. [no] max-connections - The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits. plain-text - Enter the "plain-text" mode. ssl - Enter the "ssl" mode. enable configure message-vpn <vpn-name> service amqp listen-port
COMMAND:listen-port <port> [ssl]no listen-port [ssl]
DESCRIPTION:The port number for AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. AMQP must not be enabled for the particular transport to change the port.
The no version of this command removes the configured port of the specified type (plain-text or TLS).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [0..65535] - The value to set. ssl - The port uses TLS. enable configure message-vpn <vpn-name> service amqp max-connections
COMMAND:max-connections <value>no max-connections
DESCRIPTION:The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-vpn <vpn-name> service amqp plain-text
COMMAND:plain-text [shutdown]DESCRIPTION:Enter the "plain-text" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected. enable configure message-vpn <vpn-name> service amqp plain-text shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service amqp ssl
COMMAND:ssl [shutdown]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. enable configure message-vpn <vpn-name> service amqp ssl shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service mqtt
COMMAND:mqtt [authentication | listen-port... | max-connections... | plain-text | ssl | websocket | websocket-secure]DESCRIPTION:Enter the "mqtt" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
authentication - Enter the "authentication" mode. [no] listen-port - The port number for MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text, TLS, WebSocket, and WebSocket Secure ports are configured separately. MQTT must not be enabled for the particular transport to change the port. [no] max-connections - The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits. plain-text - Enter the "plain-text" mode. ssl - Enter the "ssl" mode. websocket - Enter the "websocket" mode. websocket-secure - Enter the "websocket-secure" mode. enable configure message-vpn <vpn-name> service mqtt authentication
COMMAND:authentication [client-certificate]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
client-certificate - Enter the "client-certificate" mode. enable configure message-vpn <vpn-name> service mqtt authentication client-certificate
COMMAND:client-certificate [request-client-certificate...]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] request-client-certificate - Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port. enable configure message-vpn <vpn-name> service mqtt authentication client-certificate request-client-certificate
COMMAND:request-client-certificate {always | never | when-enabled-in-message-vpn}no request-client-certificate
DESCRIPTION:Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port.
The no version of the command returns its value to the default ("when-enabled-in-message-vpn").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
always - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration. never - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration. when-enabled-in-message-vpn - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn > authentication > client-certificate > shutdown". enable configure message-vpn <vpn-name> service mqtt listen-port
COMMAND:listen-port <port> [ssl] [web]no listen-port [ssl] [web]
DESCRIPTION:The port number for MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text, TLS, WebSocket, and WebSocket Secure ports are configured separately. MQTT must not be enabled for the particular transport to change the port.
The no version of this command removes the configured port of the specified type (plain-text, TLS, WebSocket, or WebSocket Secure).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [0..65535] - The value to set. ssl - The port uses TLS. web - The port uses WebSocket. enable configure message-vpn <vpn-name> service mqtt max-connections
COMMAND:max-connections <value>no max-connections
DESCRIPTION:The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-vpn <vpn-name> service mqtt plain-text
COMMAND:plain-text [shutdown]DESCRIPTION:Enter the "plain-text" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected. enable configure message-vpn <vpn-name> service mqtt plain-text shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service mqtt ssl
COMMAND:ssl [shutdown]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. enable configure message-vpn <vpn-name> service mqtt ssl shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service mqtt websocket
COMMAND:websocket [shutdown]DESCRIPTION:Enter the "websocket" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected. enable configure message-vpn <vpn-name> service mqtt websocket shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service mqtt websocket-secure
COMMAND:websocket-secure [shutdown]DESCRIPTION:Enter the "websocket-secure" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected. enable configure message-vpn <vpn-name> service mqtt websocket-secure shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service rest
COMMAND:rest [incoming | mode... | outgoing]DESCRIPTION:Enter the "rest" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
incoming - Enter the "incoming" mode. [no] mode - The REST service mode for incoming REST clients that connect to the Message VPN. outgoing - Enter the "outgoing" mode. enable configure message-vpn <vpn-name> service rest incoming
COMMAND:incoming [authentication | authorization-header-handling... | listen-port... | max-connections... | plain-text | ssl]DESCRIPTION:Enter the "incoming" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
authentication - Enter the "authentication" mode. [no] authorization-header-handling - Handling of incoming Authorization headers. [no] listen-port - The port number for incoming REST clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. REST must not be enabled for the particular transport to change the port. [no] max-connections - The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits. plain-text - Enter the "plain-text" mode. ssl - Enter the "ssl" mode. enable configure message-vpn <vpn-name> service rest incoming authentication
COMMAND:authentication [client-certificate]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
client-certificate - Enter the "client-certificate" mode. enable configure message-vpn <vpn-name> service rest incoming authentication client-certificate
COMMAND:client-certificate [request-client-certificate...]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] request-client-certificate - Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port. enable configure message-vpn <vpn-name> service rest incoming authentication client-certificate request-client-certificate
COMMAND:request-client-certificate {always | never | when-enabled-in-message-vpn}no request-client-certificate
DESCRIPTION:Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port.
The no version of the command returns its value to the default ("when-enabled-in-message-vpn").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
always - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration. never - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration. when-enabled-in-message-vpn - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn > authentication > client-certificate > shutdown". enable configure message-vpn <vpn-name> service rest incoming authorization-header-handling
COMMAND:authorization-header-handling {drop | forward | legacy}no authorization-header-handling
DESCRIPTION:Handling of incoming Authorization headers.
The no version of the command returns its value to the default ("drop").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
drop - Do not attach the Authorization header to the message as a user property. This configuration is most secure. forward - Forward the Authorization header, attaching it to the message as a user property in the same way as other headers. For best security, use the drop setting. legacy - If the Authorization header was used for authentication to the broker, do not attach it to the message. If the Authorization header was not used for authentication to the broker, attach it to the message as a user property in the same way as other headers. For best security, use the drop setting. enable configure message-vpn <vpn-name> service rest incoming listen-port
COMMAND:listen-port <port> [ssl]no listen-port [ssl]
DESCRIPTION:The port number for incoming REST clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. REST must not be enabled for the particular transport to change the port.
The no version of this command removes the configured port of the specified type (plain-text or TLS).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [0..65535] - The value to set. ssl - The port uses TLS. enable configure message-vpn <vpn-name> service rest incoming max-connections
COMMAND:max-connections <value>no max-connections
DESCRIPTION:The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-vpn <vpn-name> service rest incoming plain-text
COMMAND:plain-text [shutdown]DESCRIPTION:Enter the "plain-text" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected. enable configure message-vpn <vpn-name> service rest incoming plain-text shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service rest incoming ssl
COMMAND:ssl [shutdown]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. enable configure message-vpn <vpn-name> service rest incoming ssl shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service rest mode
COMMAND:mode {gateway | messaging}no mode
DESCRIPTION:The REST service mode for incoming REST clients that connect to the Message VPN.
The no version of the command returns its value to the default ("messaging").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
gateway - Act as a message gateway through which REST messages are propagated. messaging - Act as a message broker on which REST messages are queued. enable configure message-vpn <vpn-name> service rest outgoing
COMMAND:outgoing [max-connections...]DESCRIPTION:Enter the "outgoing" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] max-connections - The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits. enable configure message-vpn <vpn-name> service rest outgoing max-connections
COMMAND:max-connections <value>no max-connections
DESCRIPTION:The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits.
The no version of the command returns its value to the default (varies by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..6000] - The value to set. enable configure message-vpn <vpn-name> service smf
COMMAND:smf [max-connections... | plain-text | ssl]DESCRIPTION:Enter the "smf" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] max-connections - The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits. plain-text - Enter the "plain-text" mode. ssl - Enter the "ssl" mode. enable configure message-vpn <vpn-name> service smf max-connections
COMMAND:max-connections <value>no max-connections
DESCRIPTION:The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.
The no version of the command returns its value to the default (varies by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-vpn <vpn-name> service smf plain-text
COMMAND:plain-text [shutdown]DESCRIPTION:Enter the "plain-text" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected. enable configure message-vpn <vpn-name> service smf plain-text shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service smf ssl
COMMAND:ssl [shutdown]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. enable configure message-vpn <vpn-name> service smf ssl shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service web-transport
COMMAND:web-transport [authentication | max-connections... | plain-text | ssl]DESCRIPTION:Enter the "web-transport" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
authentication - Enter the "authentication" mode. [no] max-connections - The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. plain-text - Enter the "plain-text" mode. ssl - Enter the "ssl" mode. enable configure message-vpn <vpn-name> service web-transport authentication
COMMAND:authentication [client-certificate]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
client-certificate - Enter the "client-certificate" mode. enable configure message-vpn <vpn-name> service web-transport authentication client-certificate
COMMAND:client-certificate [request-client-certificate...]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] request-client-certificate - Determines when to request a client certificate from a Web Transport client connecting via a TLS port. enable configure message-vpn <vpn-name> service web-transport authentication client-certificate request-client-certificate
COMMAND:request-client-certificate {always | never | when-enabled-in-message-vpn}no request-client-certificate
DESCRIPTION:Determines when to request a client certificate from a Web Transport client connecting via a TLS port.
The no version of the command returns its value to the default ("when-enabled-in-message-vpn").
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
always - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration. never - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration. when-enabled-in-message-vpn - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn > authentication > client-certificate > shutdown". enable configure message-vpn <vpn-name> service web-transport max-connections
COMMAND:max-connections <value>no max-connections
DESCRIPTION:The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-vpn <vpn-name> service web-transport plain-text
COMMAND:plain-text [shutdown]DESCRIPTION:Enter the "plain-text" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected. enable configure message-vpn <vpn-name> service web-transport plain-text shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> service web-transport ssl
COMMAND:ssl [shutdown]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. enable configure message-vpn <vpn-name> service web-transport ssl shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Message VPN.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> ssl
COMMAND:ssl [allow-downgrade-to-plain-text]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] allow-downgrade-to-plain-text - Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections. enable configure message-vpn <vpn-name> ssl allow-downgrade-to-plain-text
COMMAND:[no] allow-downgrade-to-plain-textDESCRIPTION:Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections.
The default value is no allow-downgrade-to-plain-text.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> telemetry-profile
COMMAND:[create | no] telemetry-profile <telemetry-profile-name>DESCRIPTION:Create, modify, or delete a Telemetry Profile.
Using the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<telemetry-profile-name> [1..21 chars] - The name of the Telemetry Profile. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue
COMMAND:queueDESCRIPTION:Enter the configuration mode for the telemetry data queue.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event
COMMAND:event [bind-count | spool-usage]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
bind-count - Enter the "bind-count" mode. spool-usage - Enter the "spool-usage" mode. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event bind-count
COMMAND:bind-count [thresholds...]DESCRIPTION:Enter the "bind-count" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to `queueMaxBindCount`. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event bind-count thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Queue consumer flows event, relative to `queueMaxBindCount`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Enter the "spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to `queueMaxMsgSpoolUsage`. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the message spool usage event of the Queue, relative to `queueMaxMsgSpoolUsage`.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue max-bind-count
COMMAND:max-bind-count <value>no max-bind-count
DESCRIPTION:The maximum number of consumer flows that can bind to the Queue.
The no version of the command returns its value to the default (1000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..10000] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue max-spool-usage
COMMAND:max-spool-usage <value>no max-spool-usage
DESCRIPTION:The maximum message spool usage allowed by the Queue, in megabytes (MB).
The no version of the command returns its value to the default (800000).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [1..6000000] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver
COMMAND:receiver [acl | event | max-connections-per-client-username... | shutdown | tcp]DESCRIPTION:Enter the "receiver" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
acl - Enter the "acl" mode. event - Enter the "event" mode. [no] max-connections-per-client-username - The maximum number of receiver connections per Client Username. [no] shutdown - Enable or disable the ability for receiver clients to consume from the #telemetry queue. tcp - Enter the "tcp" mode. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl
COMMAND:acl [connect]DESCRIPTION:Enter the "acl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connect - Enter the "connect" mode. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl connect
COMMAND:connect [default-action... | exception...]DESCRIPTION:Enter the "connect" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
default-action - The default action to take when a receiver client connects to the broker. [no] exception - Create or delete a Receiver ACL Connect Exception.
A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl connect default-action
COMMAND:default-action {allow | disallow}DESCRIPTION:The default action to take when a receiver client connects to the broker.
The default is default-action "disallow".
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
allow - Allow client connection unless an exception is found for it. disallow - Disallow client connection unless an exception is found for it. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl connect exception
COMMAND:[no] exception <cidr-addr>DESCRIPTION:Create or delete a Receiver ACL Connect Exception.
A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<cidr-addr> [0..43 chars] - The IP address/netmask of the receiver connect exception in CIDR form. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver event
COMMAND:event [connections-per-client-username]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver event connections-per-client-username
COMMAND:connections-per-client-username [thresholds...]DESCRIPTION:Enter the "connections-per-client-username" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] thresholds - The thresholds for the Client Username connection count event of the receiver, relative to max-connections-per-client-username. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver event connections-per-client-username thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the Client Username connection count event of the receiver, relative to max-connections-per-client-username.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver max-connections-per-client-username
COMMAND:max-connections-per-client-username <value>no max-connections-per-client-username
DESCRIPTION:The maximum number of receiver connections per Client Username.
The no version of the command returns its value to the default (maximum value supported by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<value> [0..200000] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the ability for receiver clients to consume from the #telemetry queue.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp
COMMAND:tcp [initial-cwnd... | keepalive | max-wnd... | mss...]DESCRIPTION:Enter the "tcp" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. keepalive - Enter the "keepalive" mode. [no] max-wnd - The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. [no] mss - The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp initial-cwnd
COMMAND:initial-cwnd <num-mss>no initial-cwnd
DESCRIPTION:The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.
The no version of the command returns its value to the default (2).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num-mss> [2..7826] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive
COMMAND:keepalive [count... | idle... | interval...]DESCRIPTION:Enter the "keepalive" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. [no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. [no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive count
COMMAND:count <num>no count
DESCRIPTION:The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
The no version of the command returns its value to the default (5).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num> [2..5] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive idle
COMMAND:idle <seconds>no idle
DESCRIPTION:The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [3..120] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive interval
COMMAND:interval <seconds>no interval
DESCRIPTION:The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<seconds> [1..30] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp max-wnd
COMMAND:max-wnd <num-kilo-bytes>no max-wnd
DESCRIPTION:The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.
The no version of the command returns its value to the default (256).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<num-kilo-bytes> [16..65536] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp mss
COMMAND:mss <byte-count>no mss
DESCRIPTION:The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections.
The no version of the command returns its value to the default (1460).
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<byte-count> [256..1460] - The value to set. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace
COMMAND:trace [filter... | send-spans | shutdown]DESCRIPTION:Enter the "trace" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[create|no] filter - Create, modify, or delete a Trace Filter.
A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.send-spans - Enter the "send-spans" mode. [no] shutdown - Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace filter
COMMAND:[create | no] filter <trace-filter-name>DESCRIPTION:Create, modify, or delete a Trace Filter.
A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<trace-filter-name> [1..127 chars] - A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as "appNameDebug". enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace filter <trace-filter-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace filter <trace-filter-name> subscription
COMMAND:[create | no] subscription <subscription> [smf | mqtt]DESCRIPTION:Create, modify, or delete a Telemetry Trace Filter Subscription.
Trace filter subscriptions control which messages will be attracted by the tracing filter.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
mqtt - Subscription uses MQTT syntax. smf - Subscription uses SMF syntax. <subscription> [1..250 chars] - Messages matching this subscription will follow this filter's configuration. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace send-spans
COMMAND:send-spans [shutdown]DESCRIPTION:Enter the "send-spans" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] shutdown - Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace send-spans shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: yesMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
This command does not take any parameters. enable configure mqtt
COMMAND:mqtt [retain]DESCRIPTION:Enter MQTT global configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
retain - Enter MQTT Retain global configuration. enable configure mqtt retain
COMMAND:retain [max-memory...]DESCRIPTION:Enter MQTT Retain global configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] max-memory - The maximum total memory usage of all MQTT Retain Caches across all VPNs, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded.
All messages in all MQTT Retain Caches are discarded when this value is 0.enable configure mqtt retain max-memory
COMMAND:max-memory <megabytes>no max-memory
DESCRIPTION:The maximum total memory usage of all MQTT Retain Caches across all VPNs, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded.
All messages in all MQTT Retain Caches are discarded when this value is 0.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<megabytes> [0 or 300..2147483647] - The number of megabytes, where 1 MB = 1024 x 1024 bytes. enable configure proxy
COMMAND:[create | no] proxy <proxy-name>DESCRIPTION:Create, modify, or delete a Proxy.
Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a OAuth Provider, select the proxy by name in the configuration for that object.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<proxy-name> [1..32 chars] - The name of the proxy. enable configure proxy <proxy-name> authentication
COMMAND:authentication [auth-scheme... | basic]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] auth-scheme - The authentication scheme used to connect to the proxy. basic - Enter the "basic" mode. enable configure proxy <proxy-name> authentication auth-scheme
COMMAND:auth-scheme {none | basic}no auth-scheme
DESCRIPTION:The authentication scheme used to connect to the proxy.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
basic - Username/password authentication. none - No authentication. enable configure proxy <proxy-name> authentication basic
COMMAND:basic [password... | username...]DESCRIPTION:Enter the "basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] password - The password to use with basic authentication. [no] username - The username to use with basic authentication. enable configure proxy <proxy-name> authentication basic password
COMMAND:password <value>no password
DESCRIPTION:The password to use with basic authentication.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..64 chars] - The value to set. enable configure proxy <proxy-name> authentication basic username
COMMAND:username <value>no username
DESCRIPTION:The username to use with basic authentication.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..32 chars] - The value to set. enable configure proxy <proxy-name> host
COMMAND:host <value>no host
DESCRIPTION:The IP address or host name of the proxy.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..253 chars: ] - The value to set. enable configure proxy <proxy-name> port
COMMAND:port <value>no port
DESCRIPTION:The port to connect to on the proxy host.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<value> [0..65535] - The value to set. enable configure proxy <proxy-name> proxy-type
COMMAND:proxy-type {direct | http}no proxy-type
DESCRIPTION:The type of proxy.
The no version of the command returns its value to the default ("direct").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
direct - Direct connection (no proxy). http - HTTP proxy. enable configure proxy <proxy-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
This command does not take any parameters. enable configure redundancy
COMMAND:redundancy [active-standby-role... | authentication | auto-revert | mate-router-name... | release-activity | shutdown | vrrp]DESCRIPTION:Use this command to configure redundancy parameters on the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] active-standby-role - The virtual router type this router is acting for in the Active-Standby scenario. authentication - Enter redundancy authentication configuration. [no] auto-revert - Backup router to give up activity if primary router is ready to provide service [no] mate-router-name - Configure the mate router name. Once configured, a subsequent change is not acted upon immediately and will cause redundancy to be down until after the next router restart. [no] release-activity - Surrender activity to the mate router for all virtual router ids [no] shutdown - Disable active-active redundancy vrrp - Enter redundancy VRRP configuration. enable configure redundancy active-standby-role
COMMAND:active-standby-role {primary | backup | none }no active-standby-role
DESCRIPTION:The virtual router type this router is acting for in the Active-Standby scenario.
The no version of the command returns its value to the default ("none").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
backup - The broker is acting as the backup virtual router in the Active-Standby scenario. none - The broker is using the Active-Active redundancy model, or its Active-Standby role is being derived from other configuration settings. The value 'none' is only recommended when using Active-Active redundancy. primary - The broker is acting as the primary virtual router in the Active-Standby scenario. enable configure redundancy authentication
COMMAND:authentication [pre-shared-key]DESCRIPTION:Enter redundancy authentication configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
pre-shared-key - Enter redundancy authentication PSK configuration. enable configure redundancy authentication pre-shared-key
COMMAND:pre-shared-key [key...]DESCRIPTION:Enter redundancy authentication PSK configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] key - A key that must be configured the same for all redundancy group members. The key is used to authenticate connections between group members. The key is 32-256 bytes of binary data encoded in base 64. For maximum security, the key should be randomly generated and as long as possible. enable configure redundancy authentication pre-shared-key key
COMMAND:key <pre-shared-key>no key
DESCRIPTION:A key that must be configured the same for all redundancy group members. The key is used to authenticate connections between group members. The key is 32-256 bytes of binary data encoded in base 64. For maximum security, the key should be randomly generated and as long as possible.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<pre-shared-key> [44..344 chars] - The pre-shared key is encoded in base 64. enable configure redundancy auto-revert
COMMAND:[no] auto-revertDESCRIPTION:Backup router to give up activity if primary router is ready to provide service
The default value is no auto-revert.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure redundancy mate-router-name
COMMAND:mate-router-name <name>no mate-router-name
DESCRIPTION:Configure the mate router name. Once configured, a subsequent change is not acted upon immediately and will cause redundancy to be down until after the next router restart.
The no version of the command returns its value to the default (no mate-router-name configured).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<name> [1..64 chars] - The router name. Cannot start with "v:", which stands for virtual router. enable configure redundancy release-activity
COMMAND:[no] release-activityDESCRIPTION:Surrender activity to the mate router for all virtual router ids
The default value is no release-activity.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure redundancy shutdown
COMMAND:[no] shutdownDESCRIPTION:Disable active-active redundancy
The default value is shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure redundancy vrrp
COMMAND:vrrp [backup-vrid... | failover-criteria... | interface... | primary-vrid...]DESCRIPTION:Enter redundancy VRRP configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] backup-vrid - Configure the backup virtual router ID used by VRRP. [no] failover-criteria - Configure the criteria to use when deciding whether or not to give up activity when a redundancy interface fails. [no] interface - Configure an interface to be used by redundancy. Failure of a redundancy interface causes the router to give up activity, subject to the configured failover-criteria. At least one interface must be designated as a redundancy interface in order to enable redundancy. The VRRP protocol is run on all redundancy interfaces. [no] primary-vrid - Configure the primary virtual router ID used by VRRP. enable configure redundancy vrrp backup-vrid
COMMAND:backup-vrid <vrid>no backup-vrid
DESCRIPTION:Configure the backup virtual router ID used by VRRP.
By default, no virtual router ID is configured for backup.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vrid> [0..255] - VRRP Virtual Router Id (VRID) in the form: nnn enable configure redundancy vrrp failover-criteria
COMMAND:failover-criteria {any-fail | all-fail}no failover-criteria
DESCRIPTION:Configure the criteria to use when deciding whether or not to give up activity when a redundancy interface fails.
The default is failover-criteria "any-fail".
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
all-fail - Release if all redundancy interface fails. any-fail - Release if any redundancy interface fails. enable configure redundancy vrrp interface
COMMAND:[no] interface <phy-interface>DESCRIPTION:Configure an interface to be used by redundancy. Failure of a redundancy interface causes the router to give up activity, subject to the configured failover-criteria. At least one interface must be designated as a redundancy interface in order to enable redundancy. The VRRP protocol is run on all redundancy interfaces.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<phy-interface> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"enable configure redundancy vrrp primary-vrid
COMMAND:primary-vrid <vrid>no primary-vrid
DESCRIPTION:Configure the primary virtual router ID used by VRRP.
By default, no virtual router ID is configured for primary.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vrid> [0..255] - VRRP Virtual Router Id (VRID) in the form: nnn enable configure replication
COMMAND:replication [config-sync | interface... | mate | ssl]DESCRIPTION:Enter global replication configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
config-sync - Enter replication Config-Sync configuration mode [no] interface - Configure the replication interface. mate - Enter replication mate configuration mode. ssl - Enter replication SSL configuration mode. enable configure replication config-sync
COMMAND:config-sync [bridge]DESCRIPTION:Enter replication Config-Sync configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
bridge - Enter replication Config-Sync bridge configuration mode. enable configure replication config-sync bridge
COMMAND:bridge [authentication | compressed-data | message-spool | retry-delay... | shutdown | ssl | ssl-server-certificate-validation]DESCRIPTION:Enter replication Config-Sync bridge configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
authentication - Enter replication Config-Sync bridge authentication configuration mode. [no] compressed-data - Enable or disable the use of compression on the Config-Sync replication bridge. message-spool - Enter replication Config-Sync bridge message-spool configuration mode. [no] retry-delay - Configure the retry-delay used on the config-sync replication bridge. [no] shutdown - Enable or disable the config-sync replication bridge. [no] ssl - Toggle whether ssl will be used for the config sync bridge. Changes may only be done when the config sync or the replication config sync bridge is shutdown. This setting may be overridden by the global config-sync ssl setting. ssl-server-certificate-validation - Enter replication Config-Sync bridge SSL server-certificate validation configuration mode. enable configure replication config-sync bridge authentication
COMMAND:authentication [auth-scheme...]DESCRIPTION:Enter replication Config-Sync bridge authentication configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
auth-scheme - Configure the authentication scheme for the config-sync bridge enable configure replication config-sync bridge authentication auth-scheme
COMMAND:auth-scheme {basic | client-certificate}DESCRIPTION:Configure the authentication scheme for the config-sync bridge
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
basic - Basic Authentication Scheme (via username and password). client-certificate - Client Certificate Authentication Scheme (via certificate file or content). enable configure replication config-sync bridge compressed-data
COMMAND:[no] compressed-dataDESCRIPTION:Enable or disable the use of compression on the Config-Sync replication bridge.
The default value is no compressed-data.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure replication config-sync bridge message-spool
COMMAND:message-spool [window-size...]DESCRIPTION:Enter replication Config-Sync bridge message-spool configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] window-size - Configure the window-size used on the config-sync replication bridge. enable configure replication config-sync bridge message-spool window-size
COMMAND:window-size <number>no window-size
DESCRIPTION:Configure the window-size used on the config-sync replication bridge.
The no version of the command returns its value to the default (65535).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<number> [1..65535] - The transport window size. enable configure replication config-sync bridge retry-delay
COMMAND:retry-delay <seconds>no retry-delay
DESCRIPTION:Configure the retry-delay used on the config-sync replication bridge.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [0..255] - Number of seconds. enable configure replication config-sync bridge shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the config-sync replication bridge.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure replication config-sync bridge ssl
COMMAND:[no] sslDESCRIPTION:Toggle whether ssl will be used for the config sync bridge. Changes may only be done when the config sync or the replication config sync bridge is shutdown. This setting may be overridden by the global config-sync ssl setting.
The default value is no ssl.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure replication config-sync bridge ssl-server-certificate-validation
COMMAND:ssl-server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]DESCRIPTION:Enter replication Config-Sync bridge SSL server-certificate validation configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] max-certificate-chain-depth - Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3). [no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate. [no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. enable configure replication config-sync bridge ssl-server-certificate-validation max-certificate-chain-depth
COMMAND:max-certificate-chain-depth <max-depth>no max-certificate-chain-depth
DESCRIPTION:Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8 enable configure replication config-sync bridge ssl-server-certificate-validation validate-certificate-date
COMMAND:[no] validate-certificate-dateDESCRIPTION:Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.
The default value is validate-certificate-date.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure replication config-sync bridge ssl-server-certificate-validation validate-server-name
COMMAND:[no] validate-server-nameDESCRIPTION:Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.
The default value is validate-server-name.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure replication interface
COMMAND:interface <phys-intf>no interface
DESCRIPTION:Configure the replication interface.
The no version of the command returns its value to the default (no interface configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<phys-intf> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"enable configure replication mate
COMMAND:mate [connect-port... | virtual-router-name...]DESCRIPTION:Enter replication mate configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] connect-port - Format the replication-mate connect port for either compressed and non-compressed links. The no version of the command sets the port to its default value for either compressed or non-compressed links. [no] virtual-router-name - Format the replication-mate virtual-router name. enable configure replication mate connect-port
COMMAND:connect-port <port> [compressed] [ssl]no connect-port [compressed] [ssl]
DESCRIPTION:Format the replication-mate connect port for either compressed and non-compressed links. The no version of the command sets the port to its default value for either compressed or non-compressed links.
The no version of the command returns its value to the default (no connect-port configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
compressed - For compressed traffic <port> [1..65535] - The port on the replication-mate virtual-router. ssl - For SSL traffic enable configure replication mate virtual-router-name
COMMAND:virtual-router-name <virtual-router-name> connect-via <addr>no virtual-router-name
DESCRIPTION:Format the replication-mate virtual-router name.
The no version of the command returns its value to the default (no virtual-router-name configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<addr> [1..253 chars: ] - The FQDN or IP address for the replication-mate virtual-router. <virtual-router-name> [1..66 chars] - The name of the replication-mate virtual-router. All virtual remote-router names start with "v:", for e.g. v:lab-128-97. enable configure replication ssl
COMMAND:ssl [cipher-suite...]DESCRIPTION:Enter replication SSL configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] cipher-suite - Configure the replication SSL authentication mechanism with an ordered list of cipher suites. The suite selected will be the first suite in the list that is supported by the remote router. enable configure replication ssl cipher-suite
COMMAND:cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }no cipher-suite name <suite-name>
DESCRIPTION:Configure the replication SSL authentication mechanism with an ordered list of cipher suites. The suite selected will be the first suite in the list that is supported by the remote router.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
after - Add the suite-name after the existing-suite-name before - Add the suite-name before the existing-suite-name default - The default cipher suite list. empty - Remove all cipher suites from the list <existing-suite-name> [1..64 chars] <suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present ( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite enable configure router-name
COMMAND:router-name <name> [defer]no router-name [defer]
DESCRIPTION:Sets the router name. Cannot start with "v:", which stands for virtual router. The "no" version of the command causes the router-name to "mirror" the hostname such that if the operator changes the hostname the router name also changes to the same value.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart. <name> [1..64 chars] - The router name. enable configure routing
COMMAND:routing [dynamic-message-routing | interface... | mode... | multi-node-routing]DESCRIPTION:Enter routing configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
dynamic-message-routing - Configure dynamic-message-routing [no] interface - Configure the interface used for all routing protocols. [no] mode - The routing mode for the router. This affects the way routers can be interconnected to form a network, and how the subscription sets of each router are dynamically learned by the others. A restart is needed for the new mode to becomes operational. multi-node-routing - Configure multi-node-routing enable configure routing dynamic-message-routing
COMMAND:dynamic-message-routing [cluster...]DESCRIPTION:Configure dynamic-message-routing
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[create|no] cluster - Create, modify, or delete a Cluster.
A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.enable configure routing dynamic-message-routing cluster
COMMAND:[no] cluster <cluster-name>create cluster <cluster-name> [direct-only]
DESCRIPTION:Create, modify, or delete a Cluster.
A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<cluster-name> [1..64 chars] - The name of the Cluster. direct-only - Enable or disable direct messaging only. Guaranteed messages will not be transmitted through the cluster. enable configure routing dynamic-message-routing cluster <cluster-name> authentication
COMMAND:authentication [basic | client-certificate]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
basic - Enter the "basic" mode. client-certificate - Enter the "client-certificate" mode. enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic
COMMAND:basic [auth-type... | password... | shutdown]DESCRIPTION:Enter the "basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] auth-type - The type of basic authentication to use for Cluster Links. [no] password - The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured. [no] shutdown - Enable or disable basic authentication for Cluster Links. enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic auth-type
COMMAND:auth-type {internal | none}no auth-type
DESCRIPTION:The type of basic authentication to use for Cluster Links.
The no version of the command returns its value to the default ("internal").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
internal - Use locally configured password. none - No authentication. enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic password
COMMAND:password <password>no password
DESCRIPTION:The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<password> [0..128 chars] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable basic authentication for Cluster Links.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate
COMMAND:client-certificate [certificate-file... | matching-rules | shutdown]DESCRIPTION:Enter the "client-certificate" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] certificate-file - The client certificate used by the Cluster Links to login to the remote node. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain. matching-rules - Enter the "matching-rules" mode. [no] shutdown - Enable or disable client certificate authentication for Cluster Links. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate certificate-file
COMMAND:certificate-file <filename> [file-contents <file-contents> ]no certificate-file
DESCRIPTION:The client certificate used by the Cluster Links to login to the remote node. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<file-contents> [0..32768 chars] - The server certificate. <filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules
COMMAND:matching-rules [rule...]DESCRIPTION:Enter the "matching-rules" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[create|no] rule - Create, modify, or delete a Certificate Matching Rule.
A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule
COMMAND:[create | no] rule <name>DESCRIPTION:Create, modify, or delete a Certificate Matching Rule.
A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [1..64 chars] - The name of the rule. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> attribute-filter
COMMAND:[create | no] attribute-filter <name>DESCRIPTION:Create, modify, or delete a Certificate Matching Rule Attribute Filter.
A Cert Matching Rule Attribute Filter compares a link attribute to a string.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [1..64 chars] - The name of the filter. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> attribute
COMMAND:attribute <value>no attribute
DESCRIPTION:Link Attribute to be tested.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..64 chars] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> value
COMMAND:value <value>no value
DESCRIPTION:Expected attribute value.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..256 chars] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> condition
COMMAND:[create] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address} {{matches-attribute <attribute>} | {matches-expression <expression>}}no condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address}
DESCRIPTION:Create, modify, or delete a Certificate Matching Rule Condition.
A Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<attribute> [1..64 chars] - Link Attribute to be compared with certificate content. certificate-thumbprint - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate. common-name - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN. common-name-last - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN. dns-name - The attribute is extracted from the certificate's Subject Alt Name DNS Name. <expression> [1..256 chars] - Glob expression to be matched with certificate content. ip-address - The attribute is extracted from the certificate's Subject Alt Name IP Address. issuer - The attribute is extracted from the certificate's Issuer DN. org-unit - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN. org-unit-last - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN. serial-number - The attribute is extracted from the certificate's Serial Number. subject - The attribute is extracted from the certificate's Subject DN. subject-alternate-name-msupn - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature. uid - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN. uid-last - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable a certificate matching rule.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable client certificate authentication for Cluster Links.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> link
COMMAND:[no] link <remote-node-name>create link <remote-node-name>
DESCRIPTION:Create, modify, or delete a Link.
A Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<remote-node-name> [1..64 chars] - The name of the node at the remote end of the Link. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> attribute
COMMAND:[create | no] attribute <name> <value>DESCRIPTION:Create, modify, or delete a Link Attribute.
A Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<name> [1..64 chars] - The name of the Attribute. <value> [1..256 chars] - The value of the Attribute. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication
COMMAND:authentication [auth-scheme... | basic]DESCRIPTION:Enter the "authentication" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] auth-scheme - The authentication scheme to be used by the Link which initiates connections to the remote node. basic - Enter the "basic" mode. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication auth-scheme
COMMAND:auth-scheme {basic | client-certificate}no auth-scheme
DESCRIPTION:The authentication scheme to be used by the Link which initiates connections to the remote node.
The no version of the command returns its value to the default ("basic").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
basic - Basic Authentication Scheme (via username and password). client-certificate - Client Certificate Authentication Scheme (via certificate file or content). enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication basic
COMMAND:basic [password...]DESCRIPTION:Enter the "basic" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] password - The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication basic password
COMMAND:password <password>no password
DESCRIPTION:The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<password> [0..128 chars] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile
COMMAND:client-profile [queue... | tcp]DESCRIPTION:Enter the "client-profile" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
queue - Enter the "queue" mode. tcp - Enter the "tcp" mode. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile queue
COMMAND:queue <type>DESCRIPTION:Enter the "queue" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<type> [G-1 | D-1 | D-2 | D-3 | C-1] - The type of queue to configure (G-Guaranteed, D-Direct, C-Control). enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile queue <type> max-depth
COMMAND:max-depth <depth>no max-depth
DESCRIPTION:The maximum depth of the specified priority queue, in work units. Each work unit is 2048 bytes of message data.
The no version of the command returns its value to the default (20000).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<depth> [2..262144] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile queue <type> min-msg-burst
COMMAND:min-msg-burst <depth>no min-msg-burst
DESCRIPTION:The number of messages that are always allowed entry into the specified priority queue, regardless of the max-depth value.
The no version of the command returns its value to the default. The default depends on the priority queue type.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<depth> [0..262144] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp
COMMAND:tcp [initial-cwnd... | keepalive | max-wnd... | mss...]DESCRIPTION:Enter the "tcp" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. keepalive - Enter the "keepalive" mode. [no] max-wnd - The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. [no] mss - The TCP maximum segment size, in bytes. Changes are applied to all existing connections. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp initial-cwnd
COMMAND:initial-cwnd <num-mss>no initial-cwnd
DESCRIPTION:The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.
The no version of the command returns its value to the default (2).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num-mss> [2..7826] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive
COMMAND:keepalive [count... | idle... | interval...]DESCRIPTION:Enter the "keepalive" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] count - The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available. [no] idle - The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds. [no] interval - The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive count
COMMAND:count <num>no count
DESCRIPTION:The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available.
The no version of the command returns its value to the default (5).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num> [2..5] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive idle
COMMAND:idle <seconds>no idle
DESCRIPTION:The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [3..120] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive interval
COMMAND:interval <seconds>no interval
DESCRIPTION:The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [1..30] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp max-wnd
COMMAND:max-wnd <num-kilo-bytes>no max-wnd
DESCRIPTION:The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.
The no version of the command returns its value to the default (256).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num-kilo-bytes> [16..65536] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp mss
COMMAND:mss <byte-count>no mss
DESCRIPTION:The TCP maximum segment size, in bytes. Changes are applied to all existing connections.
The no version of the command returns its value to the default (1460).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<byte-count> [256..1460] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> connect-via
COMMAND:[no] connect-via <addr-port>DESCRIPTION:Create or delete a Remote Address.
Each Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<addr-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - The FQDN or IP address (and optional port) of the remote node. If port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed). Ex.
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> initiator
COMMAND:initiator {lexical | local | remote}no initiator
DESCRIPTION:The initiator of the Link's TCP connections.
The no version of the command returns its value to the default ("lexical").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
lexical - The "higher" node-name initiates. local - The local node initiates. remote - The remote node initiates. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> message-spool
COMMAND:message-spool [window-size...]DESCRIPTION:Enter the "message-spool" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] window-size - The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> message-spool window-size
COMMAND:window-size <number>no window-size
DESCRIPTION:The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender.
The no version of the command returns its value to the default (255).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<number> [0..65535] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue
COMMAND:queue [dead-message-queue... | event | max-delivered-unacked-msgs-per-flow... | max-redelivery... | max-spool-usage... | max-ttl... | reject-msg-to-sender-on-discard... | respect-ttl]DESCRIPTION:Enter the "queue" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] dead-message-queue - The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages. event - Enter the "event" mode. [no] max-delivered-unacked-msgs-per-flow - The maximum number of messages delivered but not acknowledged per flow for the Queue. [no] max-redelivery - The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. [no] max-spool-usage - The maximum message spool usage by the Queue (quota), in megabytes (MB). [no] max-ttl - The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry. [no] reject-msg-to-sender-on-discard - Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail. [no] respect-ttl - Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue dead-message-queue
COMMAND:dead-message-queue <dmq-name>no dead-message-queue
DESCRIPTION:The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages.
The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<dmq-name> [1..200 chars] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue event
COMMAND:event [spool-usage]DESCRIPTION:Enter the "event" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
spool-usage - Enter the "spool-usage" mode. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue event spool-usage
COMMAND:spool-usage [thresholds...]DESCRIPTION:Enter the "spool-usage" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to max-spool-usage. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue event spool-usage thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-delivered-unacked-msgs-per-flow
COMMAND:max-delivered-unacked-msgs-per-flow <max>no max-delivered-unacked-msgs-per-flow
DESCRIPTION:The maximum number of messages delivered but not acknowledged per flow for the Queue.
The no version of the command returns its value to the default (1000000).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<max> [1..1000000] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-redelivery
COMMAND:max-redelivery <value>no max-redelivery
DESCRIPTION:The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<value> [0..255] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-spool-usage
COMMAND:max-spool-usage <size>no max-spool-usage
DESCRIPTION:The maximum message spool usage by the Queue (quota), in megabytes (MB).
The no version of the command returns its value to the default (800000).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<size> [1..6000000] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-ttl
COMMAND:max-ttl <ttl>no max-ttl
DESCRIPTION:The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<ttl> [0..4294967295] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue reject-msg-to-sender-on-discard
COMMAND:reject-msg-to-sender-on-discard [including-when-shutdown]no reject-msg-to-sender-on-discard
DESCRIPTION:Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.
The default is reject-msg-to-sender-on-discard "including-when-shutdown".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue respect-ttl
COMMAND:[no] respect-ttlDESCRIPTION:Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.
The default value is no respect-ttl.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> retry
COMMAND:retry [count... | delay...]DESCRIPTION:Enter the "retry" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] count - The number of retry attempts to establish a connection before moving on to the next remote Message VPN. [no] delay - The number of seconds the broker waits for the bridge connection to be established before attempting a new connection. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> retry count
COMMAND:count <count>no count
DESCRIPTION:The number of retry attempts to establish a connection before moving on to the next remote Message VPN.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<count> [0..255] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> retry delay
COMMAND:delay <seconds>no delay
DESCRIPTION:The number of seconds the broker waits for the bridge connection to be established before attempting a new connection.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [0..255] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Link. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> span
COMMAND:span {internal | external}no span
DESCRIPTION:The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters.
The no version of the command returns its value to the default ("external").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
external - Link to other cluster. internal - Link to same cluster. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> transport
COMMAND:transport [compressed | ssl]DESCRIPTION:Enter the "transport" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] compressed - Enable or disable compression on the Link. [no] ssl - Enable or disable encryption (TLS) on the Link. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> transport compressed
COMMAND:[no] compressedDESCRIPTION:Enable or disable compression on the Link.
The default value is no compressed.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> transport ssl
COMMAND:[no] sslDESCRIPTION:Enable or disable encryption (TLS) on the Link.
The default value is no ssl.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the Cluster.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> ssl
COMMAND:ssl [server-certificate-validation]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
server-certificate-validation - Enter the "server-certificate-validation" mode. enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation
COMMAND:server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]DESCRIPTION:Enter the "server-certificate-validation" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] max-certificate-chain-depth - The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. [no] validate-certificate-date - Enable or disable the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates. [no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation max-certificate-chain-depth
COMMAND:max-certificate-chain-depth <max-depth>no max-certificate-chain-depth
DESCRIPTION:The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<max-depth> [0..8] - The value to set. enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation validate-certificate-date
COMMAND:[no] validate-certificate-dateDESCRIPTION:Enable or disable the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates.
The default value is validate-certificate-date.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation validate-server-name
COMMAND:[no] validate-server-nameDESCRIPTION:Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.
The default value is validate-server-name.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing interface
COMMAND:interface <phy-interface>no interface
DESCRIPTION:Configure the interface used for all routing protocols.
The no version of the command returns its value to the default (no interface configured).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<phy-interface> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"enable configure routing mode
COMMAND:mode {dynamic-message-routing | multi-node-routing} [defer]no mode [defer]
DESCRIPTION:The routing mode for the router. This affects the way routers can be interconnected to form a network, and how the subscription sets of each router are dynamically learned by the others. A restart is needed for the new mode to becomes operational.
The no version of the command returns its value to the default ("multi-node-routing").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
defer - Defer configuration. The deferred value will be applied following a router restart. dynamic-message-routing - Supports Clustering and Guaranteed Messaging. multi-node-routing - Supports Neighbors, but not Guaranteed Messaging. enable configure routing multi-node-routing
COMMAND:multi-node-routing [cspf | shutdown]DESCRIPTION:Configure multi-node-routing
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
cspf - Configure the CSPF routing protocol [no] shutdown - Shuts down the routing protocols. The no version enables the routing protocols. enable configure routing multi-node-routing cspf
COMMAND:cspf [neighbor... | queue | ssl]DESCRIPTION:Configure the CSPF routing protocol
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[create|no] neighbor - Enter neighbor configuration mode queue - Enter the cspf queue configuration mode. ssl - Enter SSL configuration mode for CSPF routing data connections. enable configure routing multi-node-routing cspf neighbor
COMMAND:[create | no] neighbor <physical-router-name>DESCRIPTION:Enter neighbor configuration mode
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<physical-router-name> [1..64 chars] - Physical Router name of the neighbor router. CANNOT begin with 'v:', which indicates virtual router ( no ) <physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ? ( create ) <physical-router-name> [1..64 chars] - Physical Router name of the neighbor router. CANNOT begin with 'v:', which indicates virtual router enable configure routing multi-node-routing cspf neighbor <physical-router-name> compressed-data
COMMAND:[no] compressed-dataDESCRIPTION:Use compression across the neighbor's data connections. Only data connections are affected. Control connections are always uncompressed.
Setting the data connections to both Compression and SSL on the same neighbor is not supported.
The no version of this command disables compression.
The default value is no compressed-data.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing multi-node-routing cspf neighbor <physical-router-name> connect-via
COMMAND:connect-via <ip-port>no connect-via
DESCRIPTION:IP address or FQDN, and optional port that the neighbor data port is reachable from. In the absence of NATs this is the ip-address associated with the neighbor's routing>interface, and port associated with service>smf>listen-port. If port is not specified it defaults to 55555. To change neighbor's listening ports use 'listen-port' command on the neighboring router.
The no version of this command clears the IP address and port value.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<ip-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - FQDN or IP address (and optional port).
Examples:
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345enable configure routing multi-node-routing cspf neighbor <physical-router-name> control-port
COMMAND:control-port <port>no control-port
DESCRIPTION:TCP control listen-port number of the neighbor. If left unspecified the control port that will be used is the control port that is returned by the neighbor during the neighbor link establishment phase. Only in the presence of NATs will this mechanism fail to work. If specified this value takes precedence over any returned port from the neighbor
The no version of this command clears any set value in the listen-port.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<port> [1..65535] - TCP control listen-port of the neighbor enable configure routing multi-node-routing cspf neighbor <physical-router-name> link-cost
COMMAND:link-cost <cost>no link-cost
DESCRIPTION:Configure the link cost to the neighbor
The no version of the command returns its value to the default (100).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<cost> [1..255] - cost of a neighbor link (1-255) enable configure routing multi-node-routing cspf neighbor <physical-router-name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Shuts down the current cspf neighbor. When shutdown, connections to the neighbor are disconnected and prevented from reconnecting.
The no version of this command enables the neighbor.
The default value is shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl
COMMAND:ssl [cipher-suite... | trusted-common-name...]DESCRIPTION:Enter SSL configuration mode for the current CSPF neighbor.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] cipher-suite - Configure the cipher-suite list for the current neighbor.
The neighbor link uses this ordered list of cipher-suites in its encrypted data connections.
All supported suites are included by default, from most-secure to least-secure.
The remote router should choose the first suite from this list that it supports.
This attribute can be modified when cspf neighbor is shutdown.
The no version of the command removes the named cipher-suite from the list.[no] trusted-common-name - Configure the trusted-common-name list for the current neighbor.
The router uses this list of common-names in its encrypted connection to verify the name in the certificate presented by the neighbor. To ensure that link will be established regardless of whether the router is initiating or accepting the neighbor connection, this list should contain both the server-certificate CN and client-certificate CN of the neighbor router.
The no version of the command removes the named common-name from the list.enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl cipher-suite
COMMAND:cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }no cipher-suite name <suite-name>
DESCRIPTION:Configure the cipher-suite list for the current neighbor.
The neighbor link uses this ordered list of cipher-suites in its encrypted data connections.
All supported suites are included by default, from most-secure to least-secure.
The remote router should choose the first suite from this list that it supports.
This attribute can be modified when cspf neighbor is shutdown.
The no version of the command removes the named cipher-suite from the list.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
after - Add the suite-name after the existing-suite-name before - Add the suite-name before the existing-suite-name default - The default cipher suite list. empty - Remove all cipher suites from the list <existing-suite-name> [1..64 chars] <suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present ( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl trusted-common-name
COMMAND:trusted-common-name {empty | name <common-name>}no trusted-common-name name <common-name>
DESCRIPTION:Configure the trusted-common-name list for the current neighbor.
The router uses this list of common-names in its encrypted connection to verify the name in the certificate presented by the neighbor. To ensure that link will be established regardless of whether the router is initiating or accepting the neighbor connection, this list should contain both the server-certificate CN and client-certificate CN of the neighbor router.
The no version of the command removes the named common-name from the list.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate. empty - Removes all common names from the list. enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl-data
COMMAND:[no] ssl-dataDESCRIPTION:Use SSL across the neighbor's data connections. Only data connections are encrypted. Control connections are always in plain-text.
Setting the data connections to both Compression and SSL on the same neighbor is not supported.
The no version of this command disables SSL.
The default value is no ssl-data.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp
COMMAND:tcp [initial-cwnd... | keepalive | max-wnd... | mss...]DESCRIPTION:Enter TCP configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] initial-cwnd - Configure the TCP initial congestion window size for this neighbor.
The initial congestion window size is used when starting up a TCP connection or recovery from idle (i.e. no traffic). It is the number of segments TCP sends before waiting for an acknowledgment from the peer. Larger values of initial window allows a connection to come up to speed quickly. However, care must be taken for if this parameter's value is too high, it may cause congestion in the network. For further details on initial window, refer to RFC 2581.
Changing the initial window from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support personnel before changing this parameter.
The no version of this command sets the initial TCP congestion window size to its default value of 2.keepalive - Enter configuration of TCP keepalives. [no] max-wnd - Configure the TCP maximum window size for this neighbor. The maximum window should be at least the bandwidth-delay product of the link between the TCP peers. If the maximum window is less than the bandwidth-delay product, then the TCP connection operates below its maximum potential throughput. If the maximum window is less than about twice the bandwidth-delay product, then occasional packet loss causes TCP connection to operate below its maximum potential throughput as it handles the missing ACKs and retransmissions. There are also problems with a maximum window that's too large. In the presence of a high offered load, TCP gradually increases its congestion window until either (a) the congestion window reaches the maximum window, or (b) packet loss occurs in the network. Initially, when the congestion window is small, the network's physical bandwidth-delay acts as a memory buffer for packets in flight. As the congestion window crosses the bandwidth-delay product, though, the buffering of in-flight packets moves to queues in various switches, routers, etc. in the network. As the congestion window continues to increase, some such queue in some equipment overflows, causing packet loss and TCP back-off.
The no version of this command sets the initial TCP maximum window size to its default value of 2048 KB.
This setting is ignored on the software broker.[no] mss - Configure the TCP maximum segment size for the CSPF neighbor. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp initial-cwnd
COMMAND:initial-cwnd <num-mss>no initial-cwnd
DESCRIPTION:Configure the TCP initial congestion window size for this neighbor.
The initial congestion window size is used when starting up a TCP connection or recovery from idle (i.e. no traffic). It is the number of segments TCP sends before waiting for an acknowledgment from the peer. Larger values of initial window allows a connection to come up to speed quickly. However, care must be taken for if this parameter's value is too high, it may cause congestion in the network. For further details on initial window, refer to RFC 2581.
Changing the initial window from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support personnel before changing this parameter.
The no version of this command sets the initial TCP congestion window size to its default value of 2.
The no version of the command returns its value to the default (2).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num-mss> [2..7826] - The size of the initial congestion window measured in number of MSS. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive
COMMAND:keepalive [count... | idle... | interval...]DESCRIPTION:Enter configuration of TCP keepalives.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. [no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. [no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive count
COMMAND:count <num>no count
DESCRIPTION:The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
The no version of the command returns its value to the default (5).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num> [2..5] - The maximum number of keepalive probes TCP should send before dropping the connection. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive idle
COMMAND:idle <seconds>no idle
DESCRIPTION:The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [3..120] - The time (in seconds) the connection needs to be idle before TCP starts sending keepalive probes. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive interval
COMMAND:interval <seconds>no interval
DESCRIPTION:The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.
The no version of the command returns its value to the default (1).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<seconds> [1..30] - The time (in seconds) between individual keepalive probes. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp max-wnd
COMMAND:max-wnd <num-kilo-bytes>no max-wnd
DESCRIPTION:Configure the TCP maximum window size for this neighbor. The maximum window should be at least the bandwidth-delay product of the link between the TCP peers. If the maximum window is less than the bandwidth-delay product, then the TCP connection operates below its maximum potential throughput. If the maximum window is less than about twice the bandwidth-delay product, then occasional packet loss causes TCP connection to operate below its maximum potential throughput as it handles the missing ACKs and retransmissions. There are also problems with a maximum window that's too large. In the presence of a high offered load, TCP gradually increases its congestion window until either (a) the congestion window reaches the maximum window, or (b) packet loss occurs in the network. Initially, when the congestion window is small, the network's physical bandwidth-delay acts as a memory buffer for packets in flight. As the congestion window crosses the bandwidth-delay product, though, the buffering of in-flight packets moves to queues in various switches, routers, etc. in the network. As the congestion window continues to increase, some such queue in some equipment overflows, causing packet loss and TCP back-off.
The no version of this command sets the initial TCP maximum window size to its default value of 2048 KB.
This setting is ignored on the software broker.
The no version of the command returns its value to the default (2048).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<num-kilo-bytes> [16..65536] - The size of the maximum TCP window size in KB. enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp mss
COMMAND:mss <byte-count>no mss
DESCRIPTION:Configure the TCP maximum segment size for the CSPF neighbor.
The no version of the command returns its value to the default (1460).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<byte-count> [256..1460] - The size in bytes of MSS. enable configure routing multi-node-routing cspf queue
COMMAND:queue [max-depth... | min-msg-burst...]DESCRIPTION:Enter the cspf queue configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] max-depth - Configure the maximum depth of the neighbor queues. [no] min-msg-burst - Configure the minimum number of messages that must be on a priority queue before the queue's depth is checked against the max-depth setting. enable configure routing multi-node-routing cspf queue max-depth
COMMAND:max-depth <depth>no max-depth
DESCRIPTION:Configure the maximum depth of the neighbor queues.
The no version of the command returns its value to the default (20000).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<depth> [50..262144] - The queue depth in number of work units enable configure routing multi-node-routing cspf queue min-msg-burst
COMMAND:min-msg-burst <depth>no min-msg-burst
DESCRIPTION:Configure the minimum number of messages that must be on a priority queue before the queue's depth is checked against the max-depth setting.
The no version of the command returns its value to the default (255).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<depth> [0..262144] - The queue burst depth in messages enable configure routing multi-node-routing cspf ssl
COMMAND:ssl [certificate-validation | client-certificate]DESCRIPTION:Enter SSL configuration mode for CSPF routing data connections.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
certificate-validation - Enter certificate-validation configuration mode. client-certificate - Enter client-certificate configuration mode. enable configure routing multi-node-routing cspf ssl certificate-validation
COMMAND:certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]DESCRIPTION:Enter certificate-validation configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] max-certificate-chain-depth - Configure the maximum depth for the certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.
The 'no' version resets the value to the default value.[no] validate-certificate-date - Enable the validation of the "Not Before" and "Not After" validity dates in the certificate.
This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.
The 'no' version disables the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.[no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the neighbor. If enabled, the name used to connect to the neighbor is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. enable configure routing multi-node-routing cspf ssl certificate-validation max-certificate-chain-depth
COMMAND:max-certificate-chain-depth <max-depth>no max-certificate-chain-depth
DESCRIPTION:Configure the maximum depth for the certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.
The 'no' version resets the value to the default value.
The no version of the command returns its value to the default (3).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8 enable configure routing multi-node-routing cspf ssl certificate-validation validate-certificate-date
COMMAND:[no] validate-certificate-dateDESCRIPTION:Enable the validation of the "Not Before" and "Not After" validity dates in the certificate.
This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.
The 'no' version disables the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.
The default value is validate-certificate-date.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing multi-node-routing cspf ssl certificate-validation validate-server-name
COMMAND:[no] validate-server-nameDESCRIPTION:Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the neighbor. If enabled, the name used to connect to the neighbor is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.
The default value is validate-server-name.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure routing multi-node-routing cspf ssl client-certificate
COMMAND:client-certificate [certificate-file...]DESCRIPTION:Enter client-certificate configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] certificate-file - Configure the client certificate that the neighbor links will present to the remote router when initiating the data connections with the neighbor. The certificate file must be in the certs directory in the jail. Once installed the file in the jail can be removed if desired.
There is no SEMP support to configure the certificate-file since the security of the password cannot be assured over the wire.
The no version of the command removes the certificate.enable configure routing multi-node-routing cspf ssl client-certificate certificate-file
COMMAND:certificate-file <filename> [file-contents <file-contents> ]no certificate-file
DESCRIPTION:Configure the client certificate that the neighbor links will present to the remote router when initiating the data connections with the neighbor. The certificate file must be in the certs directory in the jail. Once installed the file in the jail can be removed if desired.
There is no SEMP support to configure the certificate-file since the security of the password cannot be assured over the wire.
The no version of the command removes the certificate.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
<file-contents> [0..32768 chars] - The server certificate. <filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory. enable configure routing multi-node-routing shutdown
COMMAND:[no] shutdownDESCRIPTION:Shuts down the routing protocols. The no version enables the routing protocols.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
This command does not take any parameters. enable configure schedule
COMMAND:schedule [backup...]DESCRIPTION:Use this command to schedule automatic local backups of configuration database files on the router. The no version of this command deletes all automatic file backup schedules and returns the router to its default (that is, no scheduled backups).
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
[no] backup - Schedule backups of the router's config enable configure schedule backup
COMMAND:backup [days <days-of-week>] times <times-of-day> [max-backups <max-backups>]no backup
DESCRIPTION:Schedule backups of the router's config
The no version of the command returns its value to the default (no backup configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none". <max-backups> [1..25] - Max number of scheduled backups to keep. Default 5. <times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none" enable configure service
COMMAND:service [amqp | event | health-check | mqtt | msg-backbone | rest | semp | smf | ssl | virtual-hostname... | web-transport]DESCRIPTION:Enter service configuration mode
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
amqp - Configure AMQP service event - Enter service events configuration. health-check - Configure health check service mqtt - Configure MQTT service msg-backbone - Enter message backbone service configuration. rest - Configure REST service semp - Configure SEMP service smf - Configure SMF service ssl - Configure SSL service. [create|no] virtual-hostname - Create, modify, or delete a Virtual Hostname.
A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.
Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.
This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.web-transport - Configure Web Transport service enable configure service amqp
COMMAND:amqp [listen-port... | shutdown]DESCRIPTION:Configure AMQP service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] listen-port - The global port number for AMQP clients that connect to the router. The port must be unique across the message backbone. Plain-text and SSL ports are configured separately. AMQP must be disabled to change the port. [no] shutdown - Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected. enable configure service amqp listen-port
COMMAND:listen-port <port> [ssl]no listen-port [ssl]
DESCRIPTION:The global port number for AMQP clients that connect to the router. The port must be unique across the message backbone. Plain-text and SSL ports are configured separately. AMQP must be disabled to change the port.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [0..65535] - The value to set. ssl - The port uses TLS. enable configure service amqp shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service event
COMMAND:event [connections]DESCRIPTION:Enter service events configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
connections - Enter connections event configuration. enable configure service event connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter connections event configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - The thresholds for the connection count event. enable configure service event connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the connection count event.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure service health-check
COMMAND:health-check [listen-port... | shutdown...]DESCRIPTION:Configure health check service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] listen-port - The port number for health check clients that connect to the router. Plain-text and TLS ports are configured separately. The health check service must be disabled for the given transport to change the port. [no] shutdown - Enable or disable plain-text or TLS health check service. enable configure service health-check listen-port
COMMAND:listen-port <port> [ssl]no listen-port [ssl]
DESCRIPTION:The port number for health check clients that connect to the router. Plain-text and TLS ports are configured separately. The health check service must be disabled for the given transport to change the port.
The no version of this command returns its value to the default (5550 for plain-text, unset for TLS).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [0..65535] - The value to set. ssl - The port uses TLS. enable configure service health-check shutdown
COMMAND:[no] shutdown [plain-text] [ssl]DESCRIPTION:Enable or disable plain-text or TLS health check service.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
plain-text - For plain-text health check requests ssl - For SSL/TLS health check requests enable configure service mqtt
COMMAND:mqtt [shutdown]DESCRIPTION:Configure MQTT service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected. enable configure service mqtt shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service msg-backbone
COMMAND:msg-backbone [shutdown]DESCRIPTION:Enter message backbone service configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected. enable configure service msg-backbone shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected.
The default value is no shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service rest
COMMAND:rest [event | incoming | outgoing]DESCRIPTION:Configure REST service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
event - Enter REST service events configuration. incoming - Enter REST service incoming connections configuration. outgoing - Enter REST service outgoing connections configuration. enable configure service rest event
COMMAND:event [outgoing]DESCRIPTION:Enter REST service events configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
outgoing - Enter outgoing event configuration. enable configure service rest event outgoing
COMMAND:outgoing [connections]DESCRIPTION:Enter outgoing event configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
connections - Enter connections event configuration. enable configure service rest event outgoing connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter connections event configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - The thresholds for the outgoing REST connection count event, relative to the maximum capacity of the router. enable configure service rest event outgoing connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the outgoing REST connection count event, relative to the maximum capacity of the router.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..6000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..6000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure service rest incoming
COMMAND:incoming [shutdown]DESCRIPTION:Enter REST service incoming connections configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Enable or disable the REST service incoming connections on the broker. enable configure service rest incoming shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the REST service incoming connections on the broker.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service rest outgoing
COMMAND:outgoing [shutdown]DESCRIPTION:Enter REST service outgoing connections configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Enable or disable the REST service outgoing connections on the broker. enable configure service rest outgoing shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the REST service outgoing connections on the broker.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service semp
COMMAND:semp [cors | legacy-timeout | listen-port... | session-idle-timeout... | session-max-lifetime... | shutdown...]DESCRIPTION:Configure SEMP service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
cors - Configure CORS on SEMP service [no] legacy-timeout - Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full. When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds. The recommended setting is disabled (no legacy-timeout). This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages. This setting will be removed in a future release. [no] listen-port - The port number for SEMP clients that connect to the router. Plain-text and SSL ports are configured separately. SEMP must be disabled for the given transport to change the port. [no] session-idle-timeout - The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time. [no] session-max-lifetime - The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity. [no] shutdown - Enable or disable plain-text or ssl SEMP service. enable configure service semp cors
COMMAND:cors [allow-any-host]DESCRIPTION:Configure CORS on SEMP service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] allow-any-host - Enable or disable cross origin resource requests for the SEMP service. enable configure service semp cors allow-any-host
COMMAND:[no] allow-any-hostDESCRIPTION:Enable or disable cross origin resource requests for the SEMP service.
The default value is allow-any-host.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service semp legacy-timeout
COMMAND:[no] legacy-timeoutDESCRIPTION:Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full. When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds. The recommended setting is disabled (no legacy-timeout). This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages. This setting will be removed in a future release.
The default value is no legacy-timeout.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service semp listen-port
COMMAND:listen-port <port> [ssl]no listen-port [ssl]
DESCRIPTION:The port number for SEMP clients that connect to the router. Plain-text and SSL ports are configured separately. SEMP must be disabled for the given transport to change the port.
The no version of this command returns its value to the default (80 for plain-text, 443 for SSL).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [1..65535] - The value to set. ssl - The port uses TLS. enable configure service semp session-idle-timeout
COMMAND:session-idle-timeout <value>no session-idle-timeout
DESCRIPTION:The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time.
The no version of the command returns its value to the default (15).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [1..5256000] - The value to set. enable configure service semp session-max-lifetime
COMMAND:session-max-lifetime <value>no session-max-lifetime
DESCRIPTION:The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity.
The no version of the command returns its value to the default (43200).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<value> [1..5256000] - The value to set. enable configure service semp shutdown
COMMAND:[no] shutdown [plain-text] [ssl]DESCRIPTION:Enable or disable plain-text or ssl SEMP service.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
plain-text - For plain-text SEMP requests ssl - For SSL/TLS SEMP requests enable configure service smf
COMMAND:smf [event | listen-port... | shutdown]DESCRIPTION:Configure SMF service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
event - Enter SMF service events configuration. [no] listen-port - The port number for SMF clients and neighbors that connect to the router. Plain-text, compressed, SSL, and routing-control ports are configured separately. SMF must be disabled to change the port. [no] shutdown - Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected. enable configure service smf event
COMMAND:event [connections]DESCRIPTION:Enter SMF service events configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
connections - Enter connections event configuration. enable configure service smf event connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter connections event configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - The thresholds for the SMF connection count event. enable configure service smf event connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the SMF connection count event.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure service smf listen-port
COMMAND:listen-port <port> [compressed] [routing-control] [ssl]no listen-port [compressed] [routing-control] [ssl]
DESCRIPTION:The port number for SMF clients and neighbors that connect to the router. Plain-text, compressed, SSL, and routing-control ports are configured separately. SMF must be disabled to change the port.
The no version of this command returns its value to the default (55555 for plain-text, 55003 for compressed, 55443 for SSL/TLS, 55556 for routing-control).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
compressed - The port uses compressed. <port> [1..65535] - The value to set. routing-control - The port uses routing-control. ssl - The port uses TLS. enable configure service smf shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected.
The default value is no shutdown.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service ssl
COMMAND:ssl [event]DESCRIPTION:Configure SSL service.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
event - Enter SSL service events configuration. enable configure service ssl event
COMMAND:event [connections]DESCRIPTION:Enter SSL service events configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
connections - Enter connections event configuration. enable configure service ssl event connections
COMMAND:connections [thresholds...]DESCRIPTION:Enter connections event configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] thresholds - The thresholds for the incoming and outgoing TLS connection count event of the broker. enable configure service ssl event connections thresholds
COMMAND:thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}no thresholds
DESCRIPTION:The thresholds for the incoming and outgoing TLS connection count event of the broker.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. <clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. <set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. <set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. enable configure service virtual-hostname
COMMAND:[create | no] virtual-hostname <name>DESCRIPTION:Create, modify, or delete a Virtual Hostname.
A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.
Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.
This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<name> [1..253 chars: ] - The virtual hostname. enable configure service virtual-hostname <name> message-vpn
COMMAND:message-vpn <vpn-name>no message-vpn
DESCRIPTION:The message VPN to which this virtual hostname is mapped.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vpn-name> [0..32 chars] - The value to set. enable configure service virtual-hostname <name> shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable Virtual Hostname to Message VPN mapping.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service web-transport
COMMAND:web-transport [listen-port... | shutdown | web-url-suffix...]DESCRIPTION:Configure Web Transport service
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] listen-port - The port number for web-transport clients that connect to the router. Plain-text and SSL ports are configured separately. Web-transport must be disabled to change the port. [no] shutdown - Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected. [no] web-url-suffix - Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. enable configure service web-transport listen-port
COMMAND:listen-port <port> [ssl]no listen-port [ssl]
DESCRIPTION:The port number for web-transport clients that connect to the router. Plain-text and SSL ports are configured separately. Web-transport must be disabled to change the port.
The no version of the command returns its value to the default (varies by platform).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [1..65535] - The value to set. ssl - The port uses TLS. enable configure service web-transport shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure service web-transport web-url-suffix
COMMAND:web-url-suffix <suffix>no web-url-suffix
DESCRIPTION:Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<suffix> [0..127 chars] - The value to set. enable configure snmp-server
COMMAND:[no] snmp-serverDESCRIPTION:Configure the SNMP server
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server community
COMMAND:community <name> group <group>no community <name>
DESCRIPTION:Configure a community access string
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<group> [0..31 chars] - The group to add the community to <name> [0..31 chars] - The community string enable configure snmp-server contact
COMMAND:contact <name>no contact
DESCRIPTION:Configure the contact name for the router
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<name> [0..255 chars] - The contact name enable configure snmp-server group
COMMAND:group <name> {v2c | v3 {auth | noauth | priv}}no group <name>
DESCRIPTION:Configure a group
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
auth - Use authentication <name> [0..31 chars] - The group name noauth - Use no authentication priv - Use authentication and encryption v2c - Use SNMPv2c v3 - Use SNMPv3 enable configure snmp-server host
COMMAND:host <ip-addr> traps [{v2c | v3 {{auth | noauth | priv} user <name>}}] [port <port>] [community <community-name>]no host <ip-addr>
DESCRIPTION:Configure destination host
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
auth - Use authentication <community-name> [0..31 chars] - The community string <ip-addr> [1..253 chars: ] - FQDN or IP address <name> [0..31 chars] - The user name noauth - Use no authentication <port> [1..65535] - UDP port number. Port 162 is used as a default if this parameter is not provided priv - Use authentication and encryption v2c - Use SNMPv2c v3 - Use SNMPv3 enable configure snmp-server location
COMMAND:location <name>no location
DESCRIPTION:Configure the location of the router
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<name> [0..255 chars] - The location enable configure snmp-server shutdown
COMMAND:[no] shutdownDESCRIPTION:Shuts down the snmp server. The no version of the command starts the snmp server
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap
COMMAND:[no] trapDESCRIPTION:Configure traps. The no version of the command resets all configured traps to their default thresholds
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap connections
COMMAND:connections [shutdown | thresholds...]DESCRIPTION:Configure a trap for the number of TCP connections in the system.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables connections trap. [no] thresholds - Configure/reset thresholds for the connections trap. enable configure snmp-server trap connections shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables connections trap.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap connections thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:Configure/reset thresholds for the connections trap.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap. <set-value> [0..31 chars] - The {set} value to be configured for this trap. enable configure snmp-server trap disk-utilization
COMMAND:disk-utilization [disk <disk-name>]DESCRIPTION:Configure the disk-utilization trap.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<disk-name> [md2 | md6 | externalSpool/p1 | externalSpool/p2] - Disk name having one of the following values: "md2" (root disk), "md6" (internal disk), "externalSpool/p1", or "externalSpool/p2". If it is left unspecified specified it defaults to "md6". enable configure snmp-server trap disk-utilization shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables disk utilization trap.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap disk-utilization thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:Configure/reset thresholds for the disk utilization trap.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap. <set-value> [0..31 chars] - The {set} value to be configured for this trap. enable configure snmp-server trap egress-msg-rate
COMMAND:egress-msg-rate [shutdown | thresholds...]DESCRIPTION:Configures a trap for aggregate egress message rates in msgs/sec. If configured, a trap is sent when the aggregate egress message rate exceeds the configured limit.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables egress message rate trap. [no] thresholds - Configure/reset thresholds for the egress message rate trap. enable configure snmp-server trap egress-msg-rate shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables egress message rate trap.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap egress-msg-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:Configure/reset thresholds for the egress message rate trap.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap. <set-value> [0..31 chars] - The {set} value to be configured for this trap. enable configure snmp-server trap fan-speed
COMMAND:fan-speed [shutdown]DESCRIPTION:Configure all fanSpeed sensor traps in the system with a high and a low threshold. The value polled is the speed of the fan with a unit of RPM.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables fan speed traps. enable configure snmp-server trap fan-speed shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables fan speed traps.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap ingress-msg-rate
COMMAND:ingress-msg-rate [shutdown | thresholds...]DESCRIPTION:Configures a trap for aggregate ingress message rates in msgs/sec. If configured, a trap is sent when the aggregate ingress message rate exceeds the configured limit.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables ingress message rate trap. [no] thresholds - Configure/reset thresholds for the ingress message rate trap. enable configure snmp-server trap ingress-msg-rate shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables ingress message rate trap.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap ingress-msg-rate thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:Configure/reset thresholds for the ingress message rate trap.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap. <set-value> [0..31 chars] - The {set} value to be configured for this trap. enable configure snmp-server trap power-status
COMMAND:power-status [shutdown]DESCRIPTION:Configures a binary trap for power-status. Value polled is componentPresence that gives status information of the power-modules. 1 indicates a failure of one of the power-modules and 0 indicates no failure.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables power status traps. enable configure snmp-server trap power-status shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables power status traps.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap shutdown
COMMAND:[no] shutdownDESCRIPTION:Stops the generation of traps. The no version of the command enables the generation of all configured traps.
The default value is shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap subscriptions
COMMAND:subscriptions [shutdown | thresholds...]DESCRIPTION:Configure a trap for the number of subscriptions.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables subscriptions trap. [no] thresholds - Configure/reset thresholds for the subscriptions trap. enable configure snmp-server trap subscriptions shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables subscriptions trap.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap subscriptions thresholds
COMMAND:thresholds [set-value <set-value>] [clear-value <clear-value>]no thresholds
DESCRIPTION:Configure/reset thresholds for the subscriptions trap.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap. <set-value> [0..31 chars] - The {set} value to be configured for this trap. enable configure snmp-server trap temperature
COMMAND:temperature [shutdown]DESCRIPTION:Configure traps for all temperature sensors in the system with a high and a possible low threshold.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables temperature traps. enable configure snmp-server trap temperature shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables temperature traps.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server trap voltage
COMMAND:voltage [shutdown]DESCRIPTION:Configure traps for all voltage sensors in the system with a high and a low threshold.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] shutdown - Disables/Enables voltage traps. enable configure snmp-server trap voltage shutdown
COMMAND:[no] shutdownDESCRIPTION:Disables/Enables voltage traps.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure snmp-server user
COMMAND:user <name> group <group> {password <password> }no user <name>
DESCRIPTION:Configure a user
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<group> [1..31 chars] - The group name <name> [1..31 chars] - The user name <password> [8..128 chars] - The password enable configure ssl
COMMAND:ssl [allow-tls-version-1.0 | allow-tls-version-1.1 | cipher-suite | crime-exploit-protection | domain-certificate-authority... | server-certificate... | standard-domain-certificate-authorities | tls-session-timeout...]DESCRIPTION:Enter the "ssl" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] allow-tls-version-1.0 - Enable or disable the blocking of incoming TLS version 1.0 connections. When blocked, existing TLS 1.0 connections from Clients and SEMP users remain connected while new connections are blocked. Note that support for TLS 1.0 will eventually be discontinued, at which time TLS 1.0 connections will be blocked regardless of this setting. [no] allow-tls-version-1.1 - Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting. cipher-suite - Enter the "cipher-suite" mode. [no] crime-exploit-protection - Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit. [create|no] domain-certificate-authority - Create, modify, or delete a Domain Certificate Authority.
Certificate Authorities trusted for domain verification.[no] server-certificate - Configure the server certificate used for TLS connections. The certificate file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain. [no] standard-domain-certificate-authorities - Enable or disable the standard domain certificate authority list. [no] tls-session-timeout - The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session. enable configure ssl allow-tls-version-1.0
COMMAND:[no] allow-tls-version-1.0DESCRIPTION:Enable or disable the blocking of incoming TLS version 1.0 connections. When blocked, existing TLS 1.0 connections from Clients and SEMP users remain connected while new connections are blocked. Note that support for TLS 1.0 will eventually be discontinued, at which time TLS 1.0 connections will be blocked regardless of this setting.
The default value is no allow-tls-version-1.0.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure ssl allow-tls-version-1.1
COMMAND:[no] allow-tls-version-1.1DESCRIPTION:Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting.
The default value is allow-tls-version-1.1.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure ssl cipher-suite
COMMAND:cipher-suite [management... | msg-backbone... | ssh...]DESCRIPTION:Enter the "cipher-suite" mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
[no] management - The list of cipher suites used for TLS management connections (e.g. SEMP, LDAP). [no] msg-backbone - The list of cipher suites used for TLS data connections (e.g. client pub/sub). [no] ssh - The list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP). enable configure ssl cipher-suite management
COMMAND:management {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }no management {name <suite-name>}
DESCRIPTION:The list of cipher suites used for TLS management connections (e.g. SEMP, LDAP).
The default is management "default".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
after - Add the suite-name after the existing-suite-name before - Add the suite-name before the existing-suite-name default - The default cipher suite list empty - Remove all cipher suites from the list <existing-suite-name> [1..64 chars] <suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present ( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite enable configure ssl cipher-suite msg-backbone
COMMAND:msg-backbone {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }no msg-backbone {name <suite-name>}
DESCRIPTION:The list of cipher suites used for TLS data connections (e.g. client pub/sub).
The default is msg-backbone "default".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/mesh-managerPARAMETERS:
after - Add the suite-name after the existing-suite-name before - Add the suite-name before the existing-suite-name default - The default cipher suite list empty - Remove all cipher suites from the list <existing-suite-name> [1..64 chars] <suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present ( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite enable configure ssl cipher-suite ssh
COMMAND:ssh {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }no ssh {name <suite-name>}
DESCRIPTION:The list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP).
The default is ssh "default".
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
after - Add the suite-name after the existing-suite-name before - Add the suite-name before the existing-suite-name default - The default cipher suite list empty - Remove all cipher suites from the list <existing-suite-name> [1..64 chars] <suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present ( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite enable configure ssl crime-exploit-protection
COMMAND:[no] crime-exploit-protectionDESCRIPTION:Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit.
The default value is crime-exploit-protection.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure ssl domain-certificate-authority
COMMAND:[create | no] domain-certificate-authority <ca-name>DESCRIPTION:Create, modify, or delete a Domain Certificate Authority.
Certificate Authorities trusted for domain verification.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<ca-name> [1..64 chars] - The name of the Certificate Authority. enable configure ssl domain-certificate-authority <ca-name> certificate
COMMAND:certificate {file <ca-certificate> | content <raw-data>}no certificate
DESCRIPTION:The trusted root certificate for a domain certificate authority. The file must be located in the /certs directory and must be PEM formatted.
The no version of the command returns its value to the default (no certificate configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<ca-certificate> [1..127 chars] - The CA certificate file. <raw-data> [0..32768 chars] - The CA certificate content. enable configure ssl server-certificate
COMMAND:server-certificate <filename> [file-contents <file-contents> ]no server-certificate
DESCRIPTION:Configure the server certificate used for TLS connections. The certificate file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
The no version of the command returns its value to the default ("").
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<file-contents> [0..32768 chars] - The server certificate. <filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory. enable configure ssl standard-domain-certificate-authorities
COMMAND:[no] standard-domain-certificate-authoritiesDESCRIPTION:Enable or disable the standard domain certificate authority list.
The default value is standard-domain-certificate-authorities.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure ssl tls-session-timeout
COMMAND:tls-session-timeout <seconds>no tls-session-timeout
DESCRIPTION:The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session.
The no version of the command returns its value to the default (86400).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<seconds> [1..86400] - The value to set. enable configure syslog
COMMAND:[create | no] syslog <name>DESCRIPTION:Enter syslog configuration mode, to configure file and remote logging destination parameters
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<name> [1..64 chars] - The name to identify this Syslog destination definition. The "no" version of the command removes this Syslog destination definition. enable configure syslog <name> facility
COMMAND:[no] facility {command | event | system }DESCRIPTION:Configure syslog facility
By default, no facilities are configured.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
command - Add or remove command facility to this Syslog destination definition. event - Add or remove event facility to this Syslog destination definition. system - Add or remove system facility to this Syslog destination definition. enable configure syslog <name> host
COMMAND:[no] host <hostname-or-address> [transport {tcp | udp | tls}]DESCRIPTION:Change remote syslog receiver
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<hostname-or-address> [1..70 chars: [:nnnnn]] - Hostname or IP address (and optional port).
Examples:
192.1.2.3:12345
solace
[1111:0:1::4]:12345tcp - Send Syslog via TCP tls - Send Syslog via TLS transport - Set the transport protocol mode to one of the following: udp - Send Syslog via UDP enable configure system
COMMAND:system [topic-routing]DESCRIPTION:Enter system configuration mode.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
topic-routing - Configure topic routing system options enable configure system topic-routing
COMMAND:topic-routing [subscription-exceptions...]DESCRIPTION:Configure topic routing system options
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[no] subscription-exceptions - This command is used to enable subscription-exceptions for the router. When subscription-exceptions are enabled, a leading '!' character in a guaranteed messaging queue's topic subscription, or in an MQTT QoS-1 subscription, indicates a subscription exception. Any messages published to a topic matching a subscription exception will not be delivered to the guaranteed message queue (or the client), but will simply be discarded.
Subscription-exceptions are not supported for Durable Topic Endpoint subscriptions, Direct messaging subscriptions, ACL topic exceptions, or SolCache topics. The router will not accept a leading '!' in these topic strings when subscription-exceptions are enabled.
The 'no' version of the command disables subscript-exceptions for the router. When subscription-exceptions are disabled, a leading '!' character in a topic is treated as a literal character in the topic.
If the defer option is NOT used, this command triggers an immediate reboot of the system. If the defer option is used, the value is applied following a router restart.enable configure system topic-routing subscription-exceptions
COMMAND:[no] subscription-exceptions [defer]DESCRIPTION:This command is used to enable subscription-exceptions for the router. When subscription-exceptions are enabled, a leading '!' character in a guaranteed messaging queue's topic subscription, or in an MQTT QoS-1 subscription, indicates a subscription exception. Any messages published to a topic matching a subscription exception will not be delivered to the guaranteed message queue (or the client), but will simply be discarded.
Subscription-exceptions are not supported for Durable Topic Endpoint subscriptions, Direct messaging subscriptions, ACL topic exceptions, or SolCache topics. The router will not accept a leading '!' in these topic strings when subscription-exceptions are enabled.
The 'no' version of the command disables subscript-exceptions for the router. When subscription-exceptions are disabled, a leading '!' character in a topic is treated as a literal character in the topic.
If the defer option is NOT used, this command triggers an immediate reboot of the system. If the defer option is used, the value is applied following a router restart.
The default value is subscription-exceptions.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart. enable configure username
COMMAND:username <name>create username <name> [{password <password> }] [cli [global-access-level <access-level>] | file-transfer]
no username <name>
DESCRIPTION:Use this command to create new Solace PubSub+ Broker CLI or SFTP user accounts, or to change passwords on existing user accounts. The no version deletes the specified user. Deleting a user will also cause all SEMP sessions associated with the user to be deleted.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/none
global/read-write is required for "create username" and "no username".
Notes/Exceptions: global/read-write is required to access usernames with global-access-level=none other than yourself. global/admin is required to access usernames with global-access-level>none other-than yourself. global/admin is required for "create username" and "no username" for usernames with global-access-level>none and for file-transfer usernames.PARAMETERS:
<name> [1..32 chars] - Username ( no ) <name> [1..32 chars] - Username to delete <access-level> - CLI global access level cli - CLI user (default) file-transfer - File transfer user. Used for remotely copying files to/from the router. Supported protocols are SFTP and SCP. global-access-level - Allows the default global access level assigned to CLI users be overridden when creating a CLI username ( create ) <name> [1..32 chars] - Username to add <password> - Set password for the user. This parameter is not required for the "no" version of the command enable configure username <name> change-password
COMMAND:change-password <password>no change-password
DESCRIPTION:Change the password of the user. This will cause all SEMP sessions associated with this user to be deleted.
The no version of the command returns its value to the default (no change-password configured).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/none
Notes/Exceptions: global/read-write is required when run against any username with global-access-level=none other than yourself. global/admin is required when run against any username with global-access-level>none other than yourself.PARAMETERS:
<password> [0..128 chars] - New password enable configure username <name> global-access-level
COMMAND:global-access-level <access-level>DESCRIPTION:Set the global-scope access-level of a CLI username.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<access-level> [none | read-only | mesh-manager | read-write | admin] - CLI global access level enable configure username <name> message-vpn
COMMAND:message-vpn [access-level-exception... | default-access-level...]DESCRIPTION:Enter sub-mode to configure the access level at Message VPN level for CLI users.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed. default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence. enable configure username <name> message-vpn access-level-exception
COMMAND:[create | no] access-level-exception <vpn-name>DESCRIPTION:The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured. enable configure username <name> message-vpn access-level-exception <vpn-name> access-level
COMMAND:access-level <access-level>DESCRIPTION:vpn-scope access-level to assign to CLI users.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level enable configure username <name> message-vpn default-access-level
COMMAND:default-access-level <access-level>DESCRIPTION:The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN enable configure username <name> rename
COMMAND:rename <name>DESCRIPTION:Change the name of the user. This will cause all SEMP sessions associated with this user to be deleted.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-write
Notes/Exceptions: global/admin is required to rename any username with global-access-level > none.PARAMETERS:
<name> [1..32 chars] - New username enable configure web-manager
COMMAND:web-manager [allow-unencrypted-wizards | redirect-http]DESCRIPTION:Use this command to access commands related to the web-based broker manager UI.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] allow-unencrypted-wizards - Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure. Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping. redirect-http - Configure HTTP to HTTPS redirections for web-manager access over the SEMP/SEMPS ports enable configure web-manager allow-unencrypted-wizards
COMMAND:[no] allow-unencrypted-wizardsDESCRIPTION:Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure. Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping.
The default value is no allow-unencrypted-wizards.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable configure web-manager redirect-http
COMMAND:redirect-http [override-ssl-port... | shutdown]DESCRIPTION:Configure HTTP to HTTPS redirections for web-manager access over the SEMP/SEMPS ports
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
[no] override-ssl-port - The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value. [no] shutdown - Enable or disable redirection of HTTP requests for the broker manager to HTTPS. enable configure web-manager redirect-http override-ssl-port
COMMAND:override-ssl-port <port>no override-ssl-port
DESCRIPTION:The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value.
The no version of the command returns its value to the default (0).
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
<port> [0..65535] - The value to set. enable configure web-manager redirect-http shutdown
COMMAND:[no] shutdownDESCRIPTION:Enable or disable redirection of HTTP requests for the broker manager to HTTPS.
The default value is no shutdown.
CONFIG-SYNC:HA: yes Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable copy
COMMAND:copy <source> <destination>DESCRIPTION:Use this command to copy files to and from the router.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<destination> [0..255 chars] - destination file. Possible formats: sftp://[<username>@]<ip-addr>/<remote-pathname>, scp://[<username>@]<ip-addr>/<remote-pathname>, or <local-pathname>. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files. <source> [0..255 chars] - source file. Possible formats: current-config, sftp://[<username>@]<ip-addr>/<remote-pathname>, scp://[<username>@]<ip-addr>/<remote-pathname>, or <local-pathname>. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files. enable delete
COMMAND:delete <file>DESCRIPTION:Use this command to delete files from the router. Note: Some files are not allowed to be deleted (for example, rotating system event logs such as solcbr.log.X files).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<file> [0..255 chars] - file(s) to delete. Only <local-pathname> formats may be used. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files. enable delete-load
COMMAND:delete-load <version>DESCRIPTION:Use this command to delete a SolOS software version already installed in the /loads subdirectory on the router (as displayed through the show version User EXEC command), which may not be the current version or the backout version. It may also be used to delete a SolBase version installed in the /loads subdirectory, which may not be the SolBase for the current version or the backout version.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<version> [0..63 chars] - Load version to delete enable disable
COMMAND:disableDESCRIPTION:Use this command to return yourself to the User EXEC level of the CLI from the Privileged EXEC level.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. enable disconnect
COMMAND:disconnect sessionid <session-id>DESCRIPTION:Disconnect a CLI session
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/none
Notes/Exceptions: global/admin is required to disconnect any session belonging to someone else's username.PARAMETERS:
<session-id> [1..8] - session Id of an existing session enable power-down
COMMAND:power-downDESCRIPTION:Use this command to turn off power to the router, on a router by router basis. Note: The router does NOT restart automatically after this command is run.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable reload
COMMAND:reload [default-config | config <config-file>]DESCRIPTION:Use this command to restart the router using the currently installed software version. Optionally, the system configuration can be set to a backed-up configuration or the system default configuration during the restart.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-write
Notes/Exceptions: global/admin is required to use the config parameter.PARAMETERS:
<config-file> [0..255 chars] - Reload from a backed-up configuration file default-config - Reload with a default configuration enable rename
COMMAND:rename <old> <new>DESCRIPTION:Use this command to rename a regular (that is, Pathname) router file in the jail subdirectory.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-writePARAMETERS:
<new> [0..255 chars] - new file. Only <local-pathname> formats may be used <old> [0..255 chars] - old file. Only <local-pathname> formats may be used enable setup
COMMAND:setupDESCRIPTION:Use this command to quickly set the hostname, interfaces, clock and time zone on the router.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-writePARAMETERS:
This command does not take any parameters. enable shell
COMMAND:shell <reason>DESCRIPTION:Use this command to access the SolOS shell.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<reason> [0..32768 chars] - Specify the reason for accessing the SolOS shell end
COMMAND:endDESCRIPTION:Use this command to exit the current CONFIG command level of the CLI and return to the Privileged EXEC level.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. exit
COMMAND:exitDESCRIPTION:Use this command to exit the current command level of the CLI and return to the previous level. From the User EXEC level, use it to exit the CLI.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. help
COMMAND:helpDESCRIPTION:Use this command to display the Help facility for the command line interface.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. home
COMMAND:homeDESCRIPTION:Use this command to exit the current command level of the CLI and return to the User EXEC level.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. logout
COMMAND:logoutDESCRIPTION:Use this command to log out of a current CLI session.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. more
COMMAND:more <pattern>DESCRIPTION:Use this command to display the contents of a text file in a directory.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<pattern> [0..255 chars] - text file(s) to display. Only <local-pathname> formats may be used. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files. paging
COMMAND:[no] paging [size <size>]DESCRIPTION:Use this command to control the output page size for show commands. The no version disables paging.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
<size> [1..2147483647] - Page size, default is current screen size ping
COMMAND:ping <vrf-ip-addr-or-host> [ip-interface <ip-interface>]DESCRIPTION:Use this command to send ICMP ECHO_REQUEST packets to a specified host.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"<vrf-ip-addr-or-host> [0..266 chars] - VRF scoped IP address or hostname. VRF defaults to "management" if omitted. Examples: management:myhost, management:192.168.1.21 ping6
COMMAND:ping6 <ip-addr> [ip-interface <ip-interface>]DESCRIPTION:Use this command to send ICMP ECHO_REQUEST packets to a specified host.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<ip-addr> [0..39 chars] - IPv6 address. <ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"pwd
COMMAND:pwdDESCRIPTION:Use this command to display the present working directory (pwd).
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
This command does not take any parameters. session
COMMAND:session [timeout...]DESCRIPTION:Use this command to change the CLI inactivity timeout setting for your current CLI user session.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
timeout - Configure the current session's inactivity timeout. If not specified during a CLI session, the global console inactivity timeout is used. session timeout
COMMAND:timeout <idle-timeout>DESCRIPTION:Configure the current session's inactivity timeout. If not specified during a CLI session, the global console inactivity timeout is used.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<idle-timeout> [0..43200] - timeout value in minutes (0 to disable) show
COMMAND:show [acl-profile... | alarm | authentication... | backup | bridge... | cache-cluster... | cache-instance... | client... | client-certificate-authority... | client-profile... | client-username... | clock... | cluster... | compression | config-sync... | console... | cspf | current-config | debug... | deferred-config | disk... | distributed-cache... | dns | domain-certificate-authority... | environment | hardware... | home-cache-cluster... | hostname | interface... | ip | jndi | kerberos... | ldap-profile... | log | logging | memory | message-spool... | message-vpn... | mqtt | oauth-profile... | paging | process... | product-key | proxy... | queue... | queue-template... | radius-profile... | redundancy... | replay-log... | replicated-topic... | replication... | router-name | routing | semp-session... | sequenced-topic... | service... | session | smrp | snmp... | ssl | standard-domain-certificate-authority... | stats | syslog... | system... | telemetry | topic-endpoint... | topic-endpoint-template... | transaction... | username... | version | web-manager]DESCRIPTION:Use this command to display a variety of configuration and statistical information about the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
acl-profile - Show ACL profile information alarm - Show current alarm status authentication - Show authentication parameters for a class of users backup - Show information on configuration backups bridge - Show bridge information cache-cluster - Show the contents of the distributed-cache cluster cache-instance - Show the contents of the distributed-cache instance client - Show client information client-certificate-authority - Show client certificate authority settings client-profile - Show client-profile information client-username - Show client-username information clock - Show system clock cluster - Show cluster status compression - Show compression information config-sync - Show Config-Sync information. With no parameters configuration and basic operational state are displayed. console - Show console configuration cspf - Show CSPF routing information current-config - Enter show current configuration mode. The subcommands are typically used with output redirection via '>' to create a script of CLI commands to create or remove the requested configuration debug - Show internal debug information deferred-config - Show the deferred configuration which will be applied on a router restart. disk - Show local disk usage and the RAID status distributed-cache - Show the contents of the distributed-cache dns - Show Domain Name System (DNS) configuration. domain-certificate-authority - Show domain certificate authority settings environment - Show system environment information hardware - Show system hardware information home-cache-cluster - Show the contents of the home cache cluster hostname - Show hostname interface - Show the parameters configured for the interface ip - Show Internet Protocol Parameters jndi - Show JNDI configuration kerberos - Show Kerberos authentication information ldap-profile - Show ldap profile settings log - Show the router log logging - Show logging information memory - Show memory usage message-spool - Show message spool message-vpn - Show Message VPN information mqtt - Show MQTT information. oauth-profile - Show OAuth profile settings paging - Use this command to control the output page size for show commands. The no version disables paging. process - Show system process information. Given a pid, displays detailed information for that process. product-key - Show installed product-keys and the features they unlock proxy - Show proxy settings queue - Show queue information queue-template - Show queue template information radius-profile - Show radius profile settings redundancy - Show redundancy configuration replay-log - Show replay-log information replicated-topic - Show replicated-topic information replication - Show global replication information router-name - Show router's name routing - Show routing configuration semp-session - Show information regarding currently active SEMP sessions. sequenced-topic - Show sequenced-topic information service - Show the port configuration for the protocols/services supported session - Show information regarding currently active CLI sessions. smrp - Show SMRP routing information snmp - Show SNMP agent configuration ssl - Show SSL configuration and state standard-domain-certificate-authority - Show standard domain certificate authority settings stats - Show global level stats syslog - Show the configured syslog destinations system - Show system telemetry - Show telemetry information topic-endpoint - Show topic-endpoint information topic-endpoint-template - Show topic endpoint template information transaction - Show transaction information username - Show the names of all the CLI and file transfer users configured on a router version - Show information on software loads web-manager - Show web manager information show acl-profile
COMMAND:acl-profile <name> [message-vpn <vpn-name>] [{detail [[client-connect ] [publish-topic] [subscribe-topic] [subscribe-share-name] ]} | {users } ]DESCRIPTION:Show ACL profile information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
client-connect - Show client-connect information detail - Show detailed information <name> [1..32 chars] - ACL profile name; may contain wildcard characters publish-topic - Show publish-topic information subscribe-share-name - Show subscribe share name information subscribe-topic - Show subscribe-topic information users - Show users of this profile <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show alarm
COMMAND:alarmDESCRIPTION:Show current alarm status
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show authentication
COMMAND:authentication [user-class cli-semp] [{current-user } | access-level [{default | ldap [group <group-name-pattern>]}] [detail ]]DESCRIPTION:Show authentication parameters for a class of users
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/none
Notes/Exceptions: global/read-only is required to access any variant other than "current-user".PARAMETERS:
access-level - Show access level configuration. cli-semp - Show auth parameters for CLI and SEMP users. current-user - Show access level for the current user. default - Show only the default access level configuration. detail - Show access level detailed configuration group - Filter the display of LDAP access level configuration based on the group name. <group-name-pattern> [1..256 chars] - The group name filter to apply to the show command; may contain wildcard characters * or ? ldap - Show only the LDAP access level configuration. <num-elements>*2 user-class - Class of user to operate on. show backup
COMMAND:backupDESCRIPTION:Show information on configuration backups
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show bridge
COMMAND:bridge <bridge-name-pattern> [message-vpn <vpn-name-pattern>] [remote-message-vpn <remote-vpn-name-pattern>] [remote-router-name <remote-router-name-pattern>] [connect-via <addr-port>] [primary | backup | auto] [subscriptions [local | remote] | stats [queues] | connections [wide] | detail | message-spool-stats | ssl | client-certificate]DESCRIPTION:Show bridge information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<addr-port> [0..259 chars] - FQDN or IP address (and optional port).
Examples:
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345auto - Restrict output to only auto virtual routers backup - Restrict output to only backup virtual routers <bridge-name-pattern> [0..300 chars] - Bridge name; may contain wildcard characters * or ? client-certificate - Display client certificate information connections - Show connections. detail - Show the detailed version. local*2 - Show only local bridges. message-spool-stats - Display message spool statistics. primary - Restrict output to only primary virtual routers queues - Show queue stats. remote - Show only remote subscriptions. <remote-router-name-pattern> [0..66 chars] - Router name; may contain wildcard characters * and ? <remote-vpn-name-pattern> [0..32 chars] - Message VPN name; may contain wildcard characters * or ? ssl - Display ssl information stats - Show stats. subscriptions - Show details about subscriptions configured for the bridge. <vpn-name-pattern> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? wide - Show more information on connections in wide format. OUTPUT:show bridge (Inbound/Outbound Oper State) NotApplicable - The connection is not relevant in the indicated direction. Shutdown - The bridge is down in the indicated direction. There are many potential reasons: - the bridge is shutdown - the bridge has no remote message-vpns - all remote message-vpns are shutdown - the local message-vpn is shutdown - the SMF service is shutdown - not active for virtual-router (VR): - no ip-interface for phys-interface - phys-interface is shutdown - ip-interface is shutdown - redundant mate has taken activity for VR - local message-vpn is replication-standby NotReady-Connecting - The bridge is down in the indicated direction. It is in the process of connecting to the remote host. NotReady-Handshaking - The bridge is down in the indicated direction. It has connected to the remote host and is in the process of negotiating with it. NotReady-WaitNext - The bridge is down in the indicated direction. It has failed to connect to a remote host and is waiting for the configured remote retry delay to expire before retrying. NotReady-WaitReuse - The bridge is down in the indicated direction. It established its own connection to the remote host but determined instead that it should use an pre-existing connection established from that remote host. It is waiting for its own connection to close before reusing the existing connection. NotReady-WaitCleanup - The bridge is down in the indicated direction. Its connection has closed and is in the process of being cleaned up. Ready-Subscribing - The bridge is up and is attracting traffic plus is in the process of adding configured subscriptions to the remote router. Ready-InSync - The bridge is up and is attracting traffic. All configured subscriptions have been added to the remote router.show cache-cluster
COMMAND:cache-cluster <name> [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | topics [filter <topic-pattern>] [type {local | global [home-cache-cluster <home-cache-cluster-name>]}] ]DESCRIPTION:Show the contents of the distributed-cache cluster
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ? detail - Show details for each cache-cluster <following-cache-cluster-name>*2 - Show cach clusters from this Cache cluster name global - Show only global topics <home-cache-cluster-name> [1..200 chars] - Home-cache-cluster name, can contain wildcard characters * or ? local - Show only local topics <name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? <num-elements>*2 - The number of elements to display. <topic-pattern> [0..255 chars] - Filter topics, can contain wildcard characters * or ? topics - Show configured topics type - Show only topics of specified type <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show cache-instance
COMMAND:cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | remote {status | home-cache-clusters [<home-cluster-name>] | topics [detail*2] [filter <topic-pattern> ] [type {local | global}] }]DESCRIPTION:Show the contents of the distributed-cache instance
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ? <cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? detail - Show details for each cache-instance detail*2 - Show more detailed display of each topic <following-cache-cluster-name>*2 - Show cach clusters from this Cache cluster name <following-cache-instance-name>*2 global - Show only global topics home-cache-clusters - Show remote global caching home-cache-clusters status <home-cluster-name> [1..200 chars] - Home cache-cluster name, can contain wildcard characters * or ? local - Show only local topics <name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ? <num-elements>*2 - The number of elements to display. remote - Show info from the remote instance status - Show remote status info <topic-pattern> [0..255 chars] - Filter topics, can contain wildcard characters * or ? topics - Show remote cached topics type - Show only topics of specified type <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show client
COMMAND:client <name> [client-username <username>] [message-vpn <vpn-name>] [authorization-group <group-name>] [{[{stats [congestion | queues]} | {connections [wide]}] } | {subscriptions [{subscription <subscription-name>}]} | {{message-spool | message-spool-stats | {transaction-stats [session <session-id>]}} [{{ingress | egress }} [flow <flow-id>]] } | {transacted-session [{session*2 <session-name>}]} | {sorted-stats [<stats-to-show>] [sort-by <stats-to-sort-by>] [clear-high-water-marks]} | web-transport ] [detail] [primary] [backup] [static] [slow-subscriber] [connected | disconnected]DESCRIPTION:Show client information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
authorization-group - Display only clients associated with certain authorization groups backup - Show info for clients associated with the backup virtual router. clear-high-water-marks - Clear the high water marks statistics. client-username - Display clients associated with certain client-usernames congestion - Display congestion discards stats. If applicable, output will be sorted in descending order connected - Show info for connected clients only connections - Display connection information detail - Show detailed information for clients matching 'name' disconnected - Show info for disconnected clients only egress - Display egress message spool info/stats. <fc-client-name>*2 - Client name. <fc-client-name>*3 - Client name. <fc-vpn-id>*2 - Message VPN id. <fc-vpn-id>*3 - Message VPN id. <fc-vr-index>*2 - Virtual router index. <fc-vr-index>*3 - Virtual router index. <flow-id> [0..4294967294] - Flow id to be displayed (associated with ingress/egress). <group-name> [1..256 chars] ingress - Display ingress message spool info/stats. message-spool-stats - Display client message spool stats. <name> [1..160 chars] - Client name; may contain wildcard characters * or ? primary - Show info for clients associated with the primary virtual router. queues - Display queue information <session-id> [0..4294967295] - Session id to be displayed. <session-name> [1..63 chars] - The name of the transacted session to be displayed. slow-subscriber - Show info for clients that are unable to drain the load offered to them by the router static - Show info for clients associated with the static virtual router. stats - Display client traffic stats <stats-to-show> [0..1024 chars] - Show the specified stats (comma separated list) in descending sorted order. <stats-to-sort-by> [0..1024 chars] - The stats will be sorted in descending order based on the sorting criteria. If more than one criteria is present, multiple sets of stats are shown, each being sorted based on only one criteria. <subscription-name> [1..250 chars] - The name of the subscription to be displayed. subscriptions - Display subscription information transacted-session - Display transacted session information. transaction-stats - Display transaction information <username> [1..189 chars] - client-username; may contain wildcard characters <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? web-transport - Show info for web transport connections. wide - Output connection info in a wide format show client-certificate-authority
COMMAND:client-certificate-authority {ca-name <ca-name> [cert [raw-content] | crl | stats | detail] [count <num-elements>] | stats*2}DESCRIPTION:Show client certificate authority settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<ca-name> [1..64 chars] - Certificate authority name; may contain wildcards * or ?. ca-name [1..64 chars] - Display only the certificate authorities matching the given pattern. cert - Display the CA certificate information crl - Display Certificate Revocation List (CRL) information detail - Display detailed information <num-elements> [1..4294967295] - The maximum number of elements to display. raw-content - Display the CA certificate raw content. stats - Display statistics information stats*2 - Display globals statistics information show client-profile
COMMAND:client-profile <name> [message-vpn <vpn-name>] [detail]DESCRIPTION:Show client-profile information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Display detailed information on client profile(s). <name> [1..32 chars] - The name of the Client Profile. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show client-username
COMMAND:client-username <name> [message-vpn <vpn-name>] [authorization-group <group-name>] [stats | detail ]DESCRIPTION:Show client-username information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Display detailed information about the specified client-username <group-name> [1..256 chars] - Display only client usernames associated with certain authorization groups; may contain wildcard characters * or ? <name> [1..189 chars] - Client Username; may contain wildcard characters stats - Display client-username statistics <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show clock
COMMAND:clock [{detail | {timezones [<pattern>]} | {synchronization ntp-source <host>}}]DESCRIPTION:Show system clock
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - List information about clock synchronization <host> [1..253 chars] - Display NTP Sources matching the host, which may include wildcards * and ?. <pattern> [0..32 chars] - Patterns may include wildcard characters * or ? (e.g. America*, U??, *East*) timezones - List all or matching available time zones show cluster
COMMAND:cluster <cluster-name-pattern> [detail | link <link-name-pattern> [detail*2 | client-profile | queue | ssl | channel [message-vpn <vpn-name>] [detail*3] ] ]DESCRIPTION:Show cluster status
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
channel - Display channels of link client-profile - Display client-profile link information <cluster-name-pattern> [0..64 chars] - The cluster name, which may include wildcards * and ?. detail - Display detailed cluster information detail*2 - Display detailed link information detail*3 - Display detailed channel information <link-name-pattern> [0..64 chars] - Display cluster links to nodes matching the pattern, which may include wildcards * or ? no-wildcard*2 - Do not use wildcarding queue - Display queue link information ssl - Display SSL link information <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show compression
COMMAND:compressionDESCRIPTION:Show compression information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show config-sync
COMMAND:config-sync [database [router | message-vpn <vpn-name>] [detail | remote] [count <num-elements>]]DESCRIPTION:Show Config-Sync information. With no parameters configuration and basic operational state are displayed.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-only
Notes/Exceptions: A minimum access scope/level of global/read-only is required to view the router table.PARAMETERS:
database - Display database table(s) detail - Display details for selected table message-vpn - Display only the VPN tables matching the given pattern <num-elements> [1..4294967295] - The maximum number of elements to display. remote - Display latest remote database info router - Display only the router table <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show console
COMMAND:console [login-banner]DESCRIPTION:Show console configuration
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
login-banner - Displays the current banner text that is displayed on user login show cspf
COMMAND:cspf [database | neighbor... | queue | route... | ssl | stats]DESCRIPTION:Show CSPF routing information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
database - Show the CSPF database neighbor - Show the state of CSPF links queue - Show the CSPF queue settings route - Show the CSPF route ssl - Show the CSPF ssl stats - Show the CSPF statistics show cspf database
COMMAND:databaseDESCRIPTION:Show the CSPF database
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show cspf neighbor
COMMAND:neighbor <physical-router-name> [stats [queues | detail] | connections [wide] | detail*2]DESCRIPTION:Show the state of CSPF links
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
connections - Show neighbor tcp connection info detail - Show detailed information detail*2 - Show neighbor details <physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ? queues - Show queue statistics stats - Show neighbor statistics wide - Display cli output suitable for wide terminals (300+ character width) show cspf queue
COMMAND:queueDESCRIPTION:Show the CSPF queue settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show cspf route
COMMAND:route [destination <router-destination>] [source <router-source>]DESCRIPTION:Show the CSPF route
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
destination - Filter to only show routes that have router-name as the final destination <router-destination> [1..66 chars] - Router name; may contain wildcard characters * and ? <router-source> [1..66 chars] - Router name; may contain wildcard characters * and ? source - Filter to only show routes that assume router-name is the ingress node show cspf ssl
COMMAND:sslDESCRIPTION:Show the CSPF ssl
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show cspf stats
COMMAND:statsDESCRIPTION:Show the CSPF statistics
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. OUTPUT:show cspf stats (Error Conditions) Neighbor Dead Timer Expires - Number of inactive CSPF links due to the neighbor dead timer expiration. Neighbor Response Timer Expires - Number of non-responses received after CSPF sends a Neighbor Acquisition Request to a neighbor router. LSP Response Timer Expires - Number of non-responses received after CSPF sends an LSP to a neighbor router. Connect Response Timer Expires - CSPF has not established a connection after ~30 seconds of trying. Neighbor Handshake Fails - Number of CSPF links between routers made inactive during the Neighbor Handshake process. Neighbor Response Timer Expires - Number of non-responses received after CSPF sends a Neighbor Acquisition Request to a neighbor router. Neighbor Fails - Number of inactive connections on previously established CSPF links between routers. Unexpected Messages Received - Number of unrecognizable messages received. If you receive this error, please contact your Solace technical support representative for assistance. Unexpected Datapath Requests Received - Number of unrecognized CSPF request message types received. Unexpected Datapath Responses Received - Number of unrecognized CSPF response message types received. LSDD Timer Expires - Number of non-responses received after LSDD messages are sent to neighbor routers. Packet Processing Errors (Request) - A total of all errors encountered while handling a request packet. Packet Processing Errors (Response) - A total of all errors encountered while handling a response packet.show current-config
COMMAND:current-config [all... | message-vpn...]DESCRIPTION:Enter show current configuration mode. The subcommands are typically used with output redirection via '>' to create a script of CLI commands to create or remove the requested configuration
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
all - Show the CLI commands needed to create the current configuration for the router, including configuration for all Message VPNs. The global/admin access level is required unless the redact parameter is used. message-vpn - Show the CLI commands needed to create (or remove) the current configuration for Message VPNs. The global/admin access level is required unless the redact parameter is used. show current-config all
COMMAND:all [redact]DESCRIPTION:Show the CLI commands needed to create the current configuration for the router, including configuration for all Message VPNs. The global/admin access level is required unless the redact parameter is used.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
redact - Remove any sensitive information. show current-config message-vpn
COMMAND:message-vpn <vpn-name> [redact] [remove]DESCRIPTION:Show the CLI commands needed to create (or remove) the current configuration for Message VPNs. The global/admin access level is required unless the redact parameter is used.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
redact - Remove any sensitive information. remove - Generate remove commands rather than create <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show debug
COMMAND:debug [process-name <process-name>] [process-instance <process-instance>] [timeout <seconds>] <command> [<parameter-list>]DESCRIPTION:Show internal debug information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/adminPARAMETERS:
<command> [0..1024 chars] - Debug command to execute. <parameter-list> [0..32768 chars] - Parameters to pass to debug command, space separated. <process-instance> [0..255] - Process instance to query. <process-name> [cli | mgmtplane | controlplane | dataplane | soldebug | watchdog | adbtool | smlmanager | solsnmp | trmmanager | msgbusadapter | solcachemgr | smrp | solevent | dnsmanager | cmdserver | nab] - Name of process to query. <seconds> [0..65535] - Time to wait for command to complete. show deferred-config
COMMAND:deferred-configDESCRIPTION:Show the deferred configuration which will be applied on a router restart.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show disk
COMMAND:disk [detail]DESCRIPTION:Show local disk usage and the RAID status
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - show detailed information show distributed-cache
COMMAND:distributed-cache {<name> [message-vpn <vpn-name>] [detail] | summary}DESCRIPTION:Show the contents of the distributed-cache
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show details for each cache <name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ? summary - Show summary of all caches <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show dns
COMMAND:dnsDESCRIPTION:Show Domain Name System (DNS) configuration.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show domain-certificate-authority
COMMAND:domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>]DESCRIPTION:Show domain certificate authority settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<ca-name> [1..64 chars] - Certificate authority name; may contain wildcards * or ?. ca-name [1..64 chars] - Display only the certificate authorities matching the given pattern. cert - Display the CA certificate information detail - Display detailed information <num-elements> [1..4294967295] - The maximum number of elements to display. raw-content - Display the CA certificate raw content. show environment
COMMAND:environmentDESCRIPTION:Show system environment information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show hardware
COMMAND:hardware [details | post]DESCRIPTION:Show system hardware information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
details - Show detailed information about hardware post - Show Power-On Self Test (POST) status show home-cache-cluster
COMMAND:home-cache-cluster <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>]DESCRIPTION:Show the contents of the home cache cluster
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ? <cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? <name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show hostname
COMMAND:hostnameDESCRIPTION:Show hostname
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. show interface
COMMAND:interface [<phy-interface>] [detail]DESCRIPTION:Show the parameters configured for the interface
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed information <phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"show ip
COMMAND:ip [route | vrf...]DESCRIPTION:Show Internet Protocol Parameters
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
route - Show Global IP routing information vrf - Show Virtual Forwarding Instance information show ip route
COMMAND:routeDESCRIPTION:Show Global IP routing information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show ip vrf
COMMAND:vrf [<name> [link-local-address | {route | interface <interface-pattern>} [detail]]]DESCRIPTION:Show Virtual Forwarding Instance information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed information <interface-pattern> [0..15 chars] - show VRF IP interface information link-local-address - show VRF IP link local address information <name> [0..12 chars] - VRF name route - show VRF IP routing information show jndi
COMMAND:jndi [connection-factory... | object... | queue... | schema... | summary... | topic...]DESCRIPTION:Show JNDI configuration
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
connection-factory - Show JNDI connection-factory objects object - Show JNDI objects queue - Show JNDI queue objects schema - Show JNDI object schema summary - Show JNDI configuration summary topic - Show JNDI topic objects show jndi connection-factory
COMMAND:connection-factory <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail]DESCRIPTION:Show JNDI connection-factory objects
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show detailed information <name> [1..256 chars] - Object name; may contain wildcard characters. <property-name> [1..64 chars] - Show the objects containing this property. <property-value> [0..256 chars] - Show the objects containing this property. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show jndi object
COMMAND:object <name> [message-vpn <vpn-name>]DESCRIPTION:Show JNDI objects
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<name> [1..256 chars] - Object name; may contain wildcard characters. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show jndi queue
COMMAND:queue <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail]DESCRIPTION:Show JNDI queue objects
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show detailed information <name> [1..256 chars] - Object name; may contain wildcard characters. <property-name> [1..64 chars] - Show the objects containing this property. <property-value> [0..256 chars] - Show the objects containing this property. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show jndi schema
COMMAND:schema [connection-factory | topic | queue]DESCRIPTION:Show JNDI object schema
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
connection-factory - Show connection-factory schema only. queue - Show queue schema only. topic - Show topic schema only. show jndi summary
COMMAND:summary [message-vpn <vpn-name>]DESCRIPTION:Show JNDI configuration summary
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show jndi topic
COMMAND:topic <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail]DESCRIPTION:Show JNDI topic objects
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show detailed information <name> [1..256 chars] - Object name; may contain wildcard characters. <property-name> [1..64 chars] - Show the objects containing this property. <property-value> [0..256 chars] - Show the objects containing this property. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show kerberos
COMMAND:kerberos [{keytab | keytab-file <file-name>} [detail]]DESCRIPTION:Show Kerberos authentication information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Display detail information about each keytab entry. <file-name> [Filename of keytab in jail/keytabs directory.] - Kerberos keytab file within the keytabs directory. Wildcard characters are allowed to specify multiple files. keytab - Display internal keytab store for incoming clients. keytab-file - Display keytab file in keytabs directory. show ldap-profile
COMMAND:ldap-profile <profile-name> [detail | [index <server-index>] stats | users]DESCRIPTION:Show ldap profile settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Display detailed information. <profile-name> [1..32 chars] - Ldap profile name. May contain wildcard characters * and ?. <server-index> [1..3] - Show statistics for the ldap-server at the specified index. stats - Show ldap-profile statistics users - Show ldap-profile users OUTPUT:show ldap-profile (Last Error States and Statistics) None - No error has been found so far. OK - A successful connection has been made. Encoding Error - This indicates that the LDAP client ran into errors when trying to encode the request. Out of Memory - This indicates that the LDAP client was unable to allocate memory for the outgoing request or incoming response. Server Down - This indicates that the LDAP client was unable to send a request because the LDAP server is down. Decoding Error - This indicates that the LDAP client was unable to decode a server response. No Such Object - This indicates that the LDAP client was unable to bind as a given entity because that entity doesn't exist. Timeout - This indicates that the LDAP client's request has timed out. Filter Error - This indicates that the LDAP client encountered errors when trying to encode or parse the filter string. Multiple Entries - This indicates that a search returned more than one entry. Invliad Syntax - This indicates that the LDAP server found a syntax errors in the request. Referral - This indicates that the LDAP client has returned at least one referral in search reponse. Referral Limit Exceeded - This indicates that the LDAP client's referral has exceeded the referral limit of 10 levels. Invalid Credentials - This indicates that the LDAP server replies with Invalid when we attempt to a bind operation Start TLS Failed - This indicates that the LDAP client fails to enable TLS when connecting with the LDAP server. Local Error - This indicates that a LDAP_LOCAL_ERROR has occurred in the LDAP routine. Operations Error - This indicates that the intialization of the LDAP library failed, or an internal operations error has occurred. Auth Method Not Supported - This indicates that the authentication method is not supported. Protocol Error - This indicates that a protocol error has occurred. Parameter Error - This indicates that an incorrect parameter has been passed to a routine. Peer Disconnect - This indicates that the LDAP connection has timed out and the LDAP server issues a disconnect. Not Supported - This indicates that the feature is not supported. Other - This statistic encapsulates any additional errors not covered above. (timestamp) - If an error has been detected, a timestamp of the error is also given in the last error field.show log
COMMAND:log [acl... | command... | debug... | event... | login... | no-subscription-match... | rest... | system...]DESCRIPTION:Show the router log
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
acl - Display ACL logs. command - Display command logs. debug - Display debug logs. event - Display event logs. login - Display login logs. no-subscription-match - Display no-subscription-match logs. rest - Display REST logs. system - Display system logs. show log acl
COMMAND:acl [client-connect | publish-topic | subscribe-topic] [client-username <username>] [message-vpn <vpn-name>] [wide]DESCRIPTION:Display ACL logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
client-connect - Show only logs relating to client-connect ACLs publish-topic - Show only logs relating to publish-topic ACLs subscribe-topic - Show only logs relating to subscribe-topic ACLs <username> [1..189 chars] - Client username; may contain wildcard characters <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? wide - Output log in a wide format show log command
COMMAND:command [lines <num-lines>] [find <search-string>]DESCRIPTION:Display command logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000. <search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default. show log debug
COMMAND:debug [lines <num-lines>] [find <search-string>]DESCRIPTION:Display debug logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000. <search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default. show log event
COMMAND:event [lines <num-lines>] [find <search-string>]DESCRIPTION:Display event logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000. <search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default. show log login
COMMAND:login diag [wide]DESCRIPTION:Display login logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
diag - Show logs for login diagnostics wide - Output log in a wide format show log no-subscription-match
COMMAND:no-subscription-match [client-username <username>] [client-name <name>] [message-vpn <vpn-name>] [wide]DESCRIPTION:Display no-subscription-match logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<name> [1..160 chars] - Show only logs for the specified client-name <username> [1..189 chars] - Show only logs for the specified client-username <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? wide - Output log in a wide format show log rest
COMMAND:rest rest-delivery-point errors [wide]DESCRIPTION:Display REST logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
errors - Show logs for error responses rest-delivery-point - Show logs for REST Delivery Points wide - Output log in a wide format show log system
COMMAND:system [lines <num-lines>] [find <search-string>]DESCRIPTION:Display system logs.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000. <search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default. show logging
COMMAND:logging [command | config | debug... | event]DESCRIPTION:Show logging information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
command - Show command logging information config - Show global logging configuration debug - Show debug logging information event - Show system publish event logging information show logging command
COMMAND:commandDESCRIPTION:Show command logging information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show logging config
COMMAND:configDESCRIPTION:Show global logging configuration
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show logging debug
COMMAND:debug [<subsystem-id>]DESCRIPTION:Show debug logging information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<subsystem-id> [0..50 chars] - Show logging info for the given subsystem ID. Default: Show logging info for all subsystems. If the logging info for each process varies, it will be displayed with a process name prefixed to it (DP = Dataplane, CP = Controlplane). show logging event
COMMAND:eventDESCRIPTION:Show system publish event logging information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show memory
COMMAND:memoryDESCRIPTION:Show memory usage
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show message-spool
COMMAND:message-spool [message-vpn <vpn-name> [sort-by-messages-spooled]] [stats | detail | rates ]DESCRIPTION:Show message spool
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-only
Notes/Exceptions: global/read-only is required to run this command without the "message-vpn" argument.PARAMETERS:
detail - Show detailed information rates - Show rate information sort-by-messages-spooled - Sort the output in descending order of number of messages spooled stats - Show spooled message stats <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show message-vpn
COMMAND:message-vpn <vpn-name> {[[detail | stats [detail*2] | service [stats*2]] | subscriptions [primary] [backup] [static] ] | proxy <proxy-name> [detail*3] | replication [stats*3 | detail*4 | client-certificate] | rest [{rest-delivery-point <rdp-name> [stats*4 | queue-binding <queue-binding-name> [request-header <header-name> ] [protected-request-header <header-name>*2 ]] [count*3 <num-elements>*3] [detail*5] | rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ] [stats*5 | outgoing-connections [tcp [wide]] | authentication [{oauth-jwt-claim <oauth-jwt-claim-name> }] | client-certificate*2 | ssl | detail*6] [count*4 <num-elements>*4] }] | authorization [authorization-group <name> [detail*7]] [count*5 <num-elements>*5] | mqtt [{mqtt-session <client-id-pattern> [owner <owner-pattern>] [auto] [primary*2] [backup*2] [detail*8 | subscriptions*2 [qos <qos-value>] | stats*6 | client | queue]} | {retain {cache <cache-name> [detail*9]}}] | bridging | dynamic-message-routing [dmr-bridge <remote-node-name-pattern> ] | oauth {{profile <profile> [client*2 required-claim <required-claim-name-pattern> | resource-server required-claim*2 <required-claim-name-pattern>*2 ]} } [detail*10 [stats*7]] | telemetry-profile <telemetry-profile-name> [{receiver acl connect exception <cidr-addr>} | {trace filter <filter-name> [subscription <subscription-name> [smf | mqtt*2] ]}] }DESCRIPTION:Show Message VPN information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
authentication - Display the authentication configured for the REST Consumer authorization - Show authorization information authorization-group - Show authorization group information auto - Filter mqtt-session by auto virtual-router (default) backup - Show subscriptions for the backup virtual router. backup*2 - Filter mqtt-session by backup virtual-router (default) bridging - Display bridging message VPN information. cache - Show MQTT Retain Cache information. <cache-name> [1..64 chars] - Filter MQTT Retain Cache by name. <cidr-addr> [0..43 chars] - Filter exception by CIDR address; may contain wildcard characters * or ? client - Display the client of each mqtt-session client-certificate - Show replication client certificate client-certificate*2 - Display the certificate configured for the REST Consumer <client-id-pattern> [0..128 chars] - Filter mqtt-session by client-id count*10 - The maximum number of certificate matching rules or rule conditions to be displayed. count*3 - Specifies that a limited number of REST Delivery Points, Queue Bindings, or Request Headers should be displayed count*4 - Specifies that a limited number of REST Consumers or OAuth JWT claims should be displayed. count*5 - The maximum number of authorization groups to be displayed count*6 - Specifies that a limited number of mqtt objects should be displayed. count*7 - Specifies that a limited number of dmr-bridge objects should be displayed. count*8 - Specifies that a limited number of oauth objects should be displayed. count*9 - Specifies that a limited number of telemetry-profile objects should be displayed. detail - Show detailed message VPN information detail*10 - Show detailed information about the Provider. detail*2 - Show statistics detailed information detail*3 - Show proxy details detail*4 - Show replication details detail*5 - Display detailed information about the REST Delivery Point detail*6 - Display detailed information about the REST Consumer. detail*7 - detail detail*8 - Display details for each mqtt-session detail*9 - Display details for each MQTT Retain Cache. dynamic-message-routing - Show dynamic-message-routing information <filter-name> [1..127 chars] - Filter trace-filter by name; may contain wildcard characters * or ? following*2 - following keyword following*3 - following keyword <following-vpn-name>*2 - following message vpn name <following-vpn-name>*3 - the vpn name <following-vpn-name>*4 <header-name> [1..50 chars] - The pattern that filters the request header name. May contain wildcard characters * and ? <header-name>*2 - The pattern that filters the request header name. May contain wildcard characters * and ? mqtt*2 - Subscription uses MQTT syntax. mqtt-session - Show MQTT session information. <name> [1..256 chars] - Authorization group name; may contain wildcard characters * or ? no-wildcard*10 - Do not use wildcarding no-wildcard*11 - Do not use wildcarding no-wildcard*2 - Do not use wildcarding no-wildcard*3 - Do not use wildcarding no-wildcard*4 - Do not use wildcarding no-wildcard*5 - Do not use wildcarding no-wildcard*6 - Do not use wildcarding no-wildcard*7 - Do not use wildcarding no-wildcard*8 - Do not use wildcarding no-wildcard*9 - Do not use wildcarding <num-elements>*10 <num-elements>*2 - The maximum number of elements to display. <num-elements>*3 <num-elements>*4 <num-elements>*5 <num-elements>*6 <num-elements>*7 <num-elements>*8 <num-elements>*9 oauth - Display OAuth information about this VPN. oauth-jwt-claim - Show OAuth JWT claim information. <oauth-jwt-claim-name> [1..100 chars] - The pattern that filters the claim object name. May contain wildcard characters * and ?. outgoing-connections - Show outgoing connection information for the REST Consumer <owner-pattern> [0..189 chars] - Filter mqtt-session by owner (default *) primary - Show subscriptions for the primary virtual router. primary*2 - Filter mqtt-session by primary virtual-router (default) <profile> [1..32 chars] - The name of the profile, which may include wildcards * or ? protected-request-header - Show protected request headers for the queue binding. proxy - Show proxies <proxy-name> [0..32 chars] - The pattern that filters the proxy name. May contain wildcard characters * and ?. <qos-value> [0..1] - Display subscriptions only of this QoS queue - Display the Queue of each mqtt-session queue-binding - Show queue bindings information for the REST Delivery Point. <queue-binding-name> [0..200 chars] - The pattern that filters the Queue binding name. May contain wildcard characters * and ? <rdp-name> [1..100 chars] - The pattern that filters the RDP object name. May contain wildcard characters * and ?. <rdp-name>*2 - The pattern that filters the RDP object name. May contain wildcard characters * and ?. <remote-node-name-pattern> [0..64 chars] - Display dmr-bridges to nodes matching the pattern, which may include wildcards * or ? replication - Show replication request-header - Show request headers for the queue binding. required-claim - Show claim values required to be present in the access token. required-claim*2 - Show claim values required to be present in the access token. <required-claim-name-pattern> [1..100 chars] - The required claim name filter to apply to the show command; may contain wildcard characters * or ? <required-claim-name-pattern>*2 - The required claim name filter to apply to the show command; may contain wildcard characters * or ? rest - Show REST rest-consumer - Show REST Consumer information. Omit all optional parameters to display aggregates. <rest-consumer-name> [1..32 chars] - REST Consumer name specified. String wildcarding is supported. rest-delivery-point - Show REST Delivery Point information. Omit all optional parameters to display aggregates. service - Show services smf - Subscription uses SMF syntax. ssl - Display ssl attributes of the REST Consumer. static - Show subscriptions for the static virtual router. stats - Show message VPN statistics stats*2 - Show services statistics stats*3 - Show replication statistics stats*4 - Show summary statistics for the REST Delivery Point stats*5 - Show summary statistics for the REST Consumer. stats*6 - Display stats for each mqtt-session stats*7 - Show statistics about the Provider. <subscription-name> [1..250 chars] - Filter subscription by name; may contain wildcard characters * or ? subscriptions - Show message VPN subscriptions subscriptions*2 - Display subscriptions for each mqtt-session tcp - Show outgoing connection TCP information for the REST Consumer telemetry-profile - Show telemetry-profile information. <telemetry-profile-name> [1..21 chars] - Filter telemetry-profile by name; may contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? wide - Display output suitable for wide terminals (300+ characters) show mqtt
COMMAND:mqttDESCRIPTION:Show MQTT information.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show oauth-profile
COMMAND:oauth-profile <profile-name-pattern> [access-level [{default | group <group-name-pattern> } ] [detail] | client {allowed-host <allowed-host-name-pattern> | authorization-parameter <authorization-parameter-name-pattern> | required-claim <required-claim-name-pattern> } | resource-server {required-claim*2 <required-claim-name-pattern>*2 } | detail*2 | stats]DESCRIPTION:Show OAuth profile settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
access-level - Show access level configuration. allowed-host - Show allowed Host header values for incoming redirects. <allowed-host-name-pattern> [1..255 chars] - The allowed host name filter to apply to the show command; may contain wildcard characters * or ? authorization-parameter - Show additional parameters for OAuth Authorization server requests. <authorization-parameter-name-pattern> [1..32 chars] - The authorization parameter name filter to apply to the show command; may contain wildcard characters * or ? default - Show only the default access level configuration. detail - Show access level detailed configuration detail*2 - Display detailed information. group - Filter the display of OAuth access level configuration based on the group name. <group-name-pattern> [1..64 chars] - The group name filter to apply to the show command; may contain wildcard characters * or ? no-wildcard*2 - Do not use wildcarding no-wildcard*3 - Do not use wildcarding no-wildcard*4 - Do not use wildcarding no-wildcard*5 - Do not use wildcarding <profile-name-pattern> [1..32 chars] - OAuth profile name. May contain wildcard characters * and ?. required-claim - Show claim values required to be present in the ID token. required-claim*2 - Show claim values required to be present in the access token. <required-claim-name-pattern> [1..100 chars] - The required claim name filter to apply to the show command; may contain wildcard characters * or ? <required-claim-name-pattern>*2 - The required claim name filter to apply to the show command; may contain wildcard characters * or ? stats - Show oauth-profile statistics show paging
COMMAND:pagingDESCRIPTION:Use this command to control the output page size for show commands. The no version disables paging.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. show process
COMMAND:process [pid <pid>]DESCRIPTION:Show system process information. Given a pid, displays detailed information for that process.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<pid> [1..4194303] - process ID show product-key
COMMAND:product-keyDESCRIPTION:Show installed product-keys and the features they unlock
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show proxy
COMMAND:proxy <proxy-name> [detail]DESCRIPTION:Show proxy settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed proxy information <proxy-name> [0..32 chars] - Proxy name. May contain wildcard characters * and ?. show queue
COMMAND:queue <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] | subscriptions | rates | sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue <dmq-filter> [dmq-list] | replay | partitions] [durable | non-durable] [detail] [replay-state {initializing | active | pending-complete | failed | all}] [count <num-elements>]DESCRIPTION:Show queue information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
active - Only show queues with an active replay all - Show queues regardless of their replay state detail - Show detailed information <dmq-filter> [1..200 chars] - Shows only those queues that use <dmq-filter> as their dead-message queue; may contain wildcard characters dmq-list - Show the Queues associated with the dead-message-queue durable - Show durable queues only failed - Only show queues with in the failed replay state flows - Show flows initializing - Only show queues with an initializing replay messages - Show message spool messages <msg-id> [1..18446744073709551615] - Show message spool starting from this msg-id <name> [1..200 chars] - Queue name; may contain wildcard characters * or ? newest - Show message spool ordered from newest to oldest messages non-durable - Show non-durable queues only <num-elements> [1..4294967295] - The number of elements to display. oldest - Show message spool ordered from oldest to newest messages partitions - Show partitions associated with the Queue pending-complete - Only show queues with a pending-complete replay priorities - Show priority stats also <priority> [0..9 (lowest to highest)] - Show only messages in message spool with this priority rates - Show rates associated with the Queue replay - Show replay log information replay-state - filter on replay states <replication-group-msg-id> [41..41 chars] - Show message spool starting from this replication-group-msg-id sort-by-messages-spooled - Sort the output in descending order of number of messages spooled sort-by-unacked-messages-spooled - Sort the output in descending order of number of unacked messages spooled stats - Show queue statistics subscriptions - Show subscriptions associated with the Queue <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show queue-template
COMMAND:queue-template <name> [message-vpn <vpn-name>] [detail]DESCRIPTION:Show queue template information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show detailed information <name> [1..255 chars] - Queue Template name; may contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show radius-profile
COMMAND:radius-profile <profile-name> [detail | stats]DESCRIPTION:Show radius profile settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed RADIUS profile information <profile-name> [1..32 chars] - RADIUS profile name. May contain wildcard characters * and ?. stats - Show RADIUS profile statistics show redundancy
COMMAND:redundancy [detail]DESCRIPTION:Show redundancy configuration
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - show detailed information OUTPUT:show redundancy (General Status Items) Activity Status - Indicates whether the local router is active for the VRID. Values: Local Active, Mate Active. VRRP Status - Indicates whether the local router owns the VRID from the viewpoint of the VRRP. Values: Master, Backup. Local Priority - The priority the local router is announcing for the VRID. Values: Assert Activity, Active, Standby, Primary Reconcile, Backup Reconcile, Release. show redundancy (Local Priority Levels) Assert-Activity - The priority level the virtual router uses when it wants to assert itself as the 'master' of the VRID. After a timeout period, when the virtual router is sure that the mate router does not claim to be the Master, the local priority value for the virtual router is reduced to Active. Active - The normal priority level to indicate that the virtual router is currently active. Standby - The priority level that a backup virtual router uses to advertise that it is not currently active, but it is capable of taking activity if the primary virtual router unavailable. Primary-Reconcile - The priority level that a virtual router uses on start up, to ensure that it does not take activity before it is ready. Backup-Reconcile - The priority level that a backup virtual router uses to indicate that it is initializing, and it will not be able to take activity even if the primary virtual router is unavailable. Release - The priority level that a virtual router uses to indicate that it is no longer willing to act on behalf of the IP address. This priority level is advertised when the release-activity Router Redundancy CONFIG command is used. It is also the priority advertised for the backup virtual router whenever the redundancy feature is shutdown on the virtual router. show redundancy (Activity Status Items) Redundancy Status - Indicates whether the redundancy facility believes the router is in a state where it could provide service for the VRID. Values: Up, Down. SMRP Status - Indicates whether SMRP is ready to provide service for the VRID. Values: Ready, Not Ready. Db Build Status - Whenever a router is restarted while running Multi-Node Routing, SMRP needs to learn of the topic subscriptions it is to become active for. It does this by synchronizing its database with its neighbor routers. This value indicates the status of this SMRP synchronization. Values: Ready, Not Ready. Db Sync Status - Whenever redundancy is enabled on a router, it can take SMRP up to one minute to initialize its database to the state required of it for taking activity from its mate router on demand. This value indicates the readiness of SMRP to take such activity. Values: Ready, Not Ready. Internal Priority - The priority of the VRID within the redundancy facility. Values: Assert Activity, Active, Backup Reconcile, Release. Internal Activity Status - An indication of whether the local or mate router should be active, based solely on priorities exchanged between routers. Due to debounce timers, and the need for the mate router to acknowledge activity switches, this status can be different than the overall activity status for the VRID. Values: Local Active, Mate Active. Internal Redundancy State - The internal state of the Redundancy facility. Values: Primary-NotReady, Primary-WaitForLA, Primary-Active, Primary-Assert, Primary-Shutdown, Bkup-NotReady, Bkup-Standby, Bkup-DebounceLA, Bkup-Active, Bkup-Assert, Bkup-Shutdown. show redundancy (Redundancy Status Items) Redundancy Config Status - The operator-configured state of the Redundancy facility. Values: Enabled, Release, Shutdown. Message Spool Status - The readiness of the message spooler to provide Guaranteed Messaging. Values: Ready, Not Ready. show redundancy (CSMP Status Items) Internal Redundancy Status - The internal state of the CSMP Redundancy facility. Values: Primary-Shutdown, Bkup-Shutdown, LA-WaitForCspfLink, LA-WaitForDsdbSync, LA-CsmpReady, MA-WaitForDsdbSync, MA-CsmpReady, MA-CspfDownDebounce. show redundancy (Message Spool Status Items) Message Spool Config Status - The operator-configured status of message spooling on the Guaranteed Messaging VRID. Values: Enabled, Shutdown. VRID Config Status - Indicates whether the local Guaranteed Messaging VRID configuration matches what has been reported by the ADB. Values: Ready, Config Mismatch. ADB Status - Indicates the high-level status of the ADB. Values: Ready, Not Ready. Flash Module Status - Indicates the high-level status of the Flash Memory Module on the ADB. Values: Ready, Not Ready. Power Module Status - Indicates the high-level status of the power module on the ADB. Values: Ready, Not Ready. ADB Contents - Indicates whether the contents of the ADB appear to be valid. Values: Invalid, Stale, Ready. Disk Status - Indicates the status of the external disk storage array. Values: Ready, Not Ready. Disk Contents - Indicates whether the spool file directory on the external disk storage array appears to be valid. This value will generally be Unknown on a router that is not active. Values: Unknown, Mount Error, Invalid, Stale, Ready. ADB Datapath Status - Indicates the high-level status of the power module on the ADB. Values: Ready, Not Ready. ADB Contents - Indicates whether the contents of the ADB appear to be valid. Values: Invalid, Stale, Ready.show replay-log
COMMAND:replay-log <name> [message-vpn <vpn-name>] [messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] [detail] | topic-filters ] [count <num-elements>]DESCRIPTION:Show replay-log information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show detailed information <msg-id> [1..18446744073709551615] - Show message spool starting from this msg-id <name> [1..185 chars] - Queue name; may contain wildcard characters * or ? newest - Show message spool ordered from newest to oldest messages <num-elements> [1..4294967295] - The number of elements to display. oldest - Show message spool ordered from oldest to newest messages <priority> [0..9 (lowest to highest)] - Show only messages in message spool with this priority <replication-group-msg-id> [41..41 chars] - Show message spool starting from this replication-group-msg-id topic-filters - Show subscriptions associated with the replay log. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show replicated-topic
COMMAND:replicated-topic <topic> [message-vpn <vpn-name>] [replication-mode {sync | async}] [count <num-elements>]DESCRIPTION:Show replicated-topic information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
async - Asynchronous replication-mode <num-elements> [1..4294967295] - The number of elements to display. replication-mode - Only this replication-mode sync - Synchronous replication-mode <topic> [0..255 chars] - Topic pattern, can contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show replication
COMMAND:replication [stats]DESCRIPTION:Show global replication information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
stats - Show stats. show router-name
COMMAND:router-nameDESCRIPTION:Show router's name
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show routing
COMMAND:routingDESCRIPTION:Show routing configuration
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show semp-session
COMMAND:semp-session [<username-pattern>] [session-id <id-pattern>] [count <num-elements>]DESCRIPTION:Show information regarding currently active SEMP sessions.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<id-pattern> [1..56 chars] - The session ID pattern to use as a filter. <num-elements> [1..4294967295] - The number of elements to display. <username-pattern> [1..189 chars] - The username pattern to use as a filter. show sequenced-topic
COMMAND:sequenced-topic <topic> [message-vpn <vpn-name>] [count <num-elements>]DESCRIPTION:Show sequenced-topic information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
<num-elements> [1..4294967295] - The number of elements to display. <topic> [0..255 chars] - Topic pattern, can contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show service
COMMAND:service [web-transport | {virtual-hostname <hostname-name> } | semp]DESCRIPTION:Show the port configuration for the protocols/services supported
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<hostname-name> [1..253 chars: ] - FQDN or IPv4 address semp - Show the SEMP service configuration. web-transport - Show the web transport service configuration. show session
COMMAND:sessionDESCRIPTION:Show information regarding currently active CLI sessions.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/none
Notes/Exceptions: global/admin is required to see any session belonging to someone else's username.PARAMETERS:
This command does not take any parameters. show smrp
COMMAND:smrp [database... | route... | stats... | subscription-block... | subscriptions...]DESCRIPTION:Show SMRP routing information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
database - Show SMRP database information route - Show SMRP routing information stats - Show SMRP statistics. Global stats across all router names are shown if no router-name is specified otherwise router-name specific stats are shown. subscription-block - Show SMRP subscription-block information subscriptions - Show SMRP subscription information show smrp database
COMMAND:database [router-name <router-name>] [detail]DESCRIPTION:Show SMRP database information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Display detailed information on router. <router-name> [1..66 chars] - Router name; may contain wildcard characters * and ? show smrp route
COMMAND:route topic <topic-string> [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] [backup] [static] [persistent | non-persistent]DESCRIPTION:Show SMRP routing information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
backup - Only show routes to backup local destinations client - Only show routes to local clients <destination-name> [1..160 chars] - Only show routes to the specified destination. May contain wildcard characters * and ? non-persistent - Only show routes for non-persistent topics persistent - Only show routes for persistent topics primary - Only show routes to primary local destinations queue - Only show routes to local queues remote-router - Only show routes to remote routers static - Only show routes to static local destinations topic-endpoint - Only show routes to local topic-endpoints <topic-string> [1..250 chars] - Topic to display route information about <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show smrp stats
COMMAND:stats [router-name [<router-name>]]DESCRIPTION:Show SMRP statistics. Global stats across all router names are shown if no router-name is specified otherwise router-name specific stats are shown.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ? show smrp subscription-block
COMMAND:subscription-block [router-name <router-name>] [block-id <block-id>] [message-vpn <vpn-name>] [persistent | non-persistent] [detail]DESCRIPTION:Show SMRP subscription-block information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<block-id> [1..127 chars] - (output filter) range indicating which block numbers to display. Range example: 0-23,33,39 - display any blocks from 0 through 23 inclusive as well as blocks 33, and 39 (if they exist). Default is all blocks if left unspecified. detail - Display detailed information on subscription block. non-persistent - Only show non-persistent subscription block persistent - Only show persistent subscription block <router-name> [1..66 chars] - Router name; may contain wildcard characters * and ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show smrp subscriptions
COMMAND:subscriptions [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] [backup] [static] [{[dto-priority <priority>] [topic <topic-str>] [persistent | non-persistent] } | {summary }]DESCRIPTION:Show SMRP subscription information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
backup - Only show subscriptions from backup local destinations client - Only show subscriptions from local clients <destination-name> [1..160 chars] - Only show subscriptions from the specified destination. May contain wildcard characters * and ? non-persistent - Only show routes for non-persistent topics persistent - Only show persistent subscription primary - Only show subscriptions from primary local destinations <priority> [P1 | P2 | P3 | P4 | DA] - Only show subscription with this priority queue - Only show subscriptions from local queues remote-router - Only show subscriptions from remote routers static - Only show subscriptions from static local destinations summary - Show per-destination summary information topic-endpoint - Only show subscriptions from local topic-endpoints <topic-str> [1..250 chars] - The value of the Topic in the form a/b/c. Wildcard characters * and ? are allowed. <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show snmp
COMMAND:snmp [trap [<name>]]DESCRIPTION:Show SNMP agent configuration
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<name> [0..42 chars] - Trap name trap - Show snmp trap configuration show ssl
COMMAND:ssl [allow-tls-version | certificate-files... | cipher-suite-list... | crime-exploit-protection | server-certificate... | standard-domain-certificate-authorities | supported-cipher-suites... | supported-tls-versions | tls-session-timeout]DESCRIPTION:Show SSL configuration and state
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
allow-tls-version - This command is used to display the versions of TLS that clients and SEMP users are allowed to use when connecting to the router. As well as which versions of TLS the router's LDAP authentication connections can use when communicating with an external LDAP server certificate-files - Show certificates uploaded to the router cipher-suite-list - Show the preconfigured cipher suite lists. crime-exploit-protection - This command is used to display whether CRIME exploit protection is enabled. server-certificate - Show the router's configured SSL certificate standard-domain-certificate-authorities - show the standard domain certificate authorities supported-cipher-suites - Show the cipher suites supported by the router. supported-tls-versions - show TLS versions tls-session-timeout - Show the router's tls-session-timeout in seconds show ssl allow-tls-version
COMMAND:allow-tls-versionDESCRIPTION:This command is used to display the versions of TLS that clients and SEMP users are allowed to use when connecting to the router. As well as which versions of TLS the router's LDAP authentication connections can use when communicating with an external LDAP server
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show ssl certificate-files
COMMAND:certificate-files [filename <filename>] [detail]DESCRIPTION:Show certificates uploaded to the router
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed information for each certificate <filename> [Filename of certificate in /certs directory.] - Certificate filename; may contain wildcard characters * and ? show ssl cipher-suite-list
COMMAND:cipher-suite-list {default | management [default*2] | msg-backbone [default*3] | ssh [default*4]}DESCRIPTION:Show the preconfigured cipher suite lists.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
default - show the generic default default*2 - Show the default cipher suite list. default*3 - show the default cipher suite list. default*4 - show the default cipher list. management - show the list for the management plane msg-backbone - show the list for the message backbone ssh - show the list for the SSH applications show ssl crime-exploit-protection
COMMAND:crime-exploit-protectionDESCRIPTION:This command is used to display whether CRIME exploit protection is enabled.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show ssl server-certificate
COMMAND:server-certificate [detail]DESCRIPTION:Show the router's configured SSL certificate
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed information on configured certificate show ssl standard-domain-certificate-authorities
COMMAND:standard-domain-certificate-authoritiesDESCRIPTION:show the standard domain certificate authorities
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
This command does not take any parameters. show ssl supported-cipher-suites
COMMAND:supported-cipher-suites [{management | msg-backbone | ssh}]DESCRIPTION:Show the cipher suites supported by the router.
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
management - show the list for the management plane msg-backbone - show the list for the message backbone ssh - show the list for the SSH applications show ssl supported-tls-versions
COMMAND:supported-tls-versionsDESCRIPTION:show TLS versions
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
This command does not take any parameters. show ssl tls-session-timeout
COMMAND:tls-session-timeoutDESCRIPTION:Show the router's tls-session-timeout in seconds
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show standard-domain-certificate-authority
COMMAND:standard-domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>]DESCRIPTION:Show standard domain certificate authority settings
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<ca-name> [1..64 chars] - Certificate authority name; may contain wildcards * or ?. ca-name [1..64 chars] - Display only the certificate authorities matching the given pattern. cert - Display the CA certificate information detail - Display detailed information <num-elements> [1..4294967295] - The maximum number of elements to display. raw-content - Display the CA certificate raw content. show stats
COMMAND:stats [client... | neighbor... | ssl]DESCRIPTION:Show global level stats
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
client - Show aggregate client statistics neighbor - Show aggregate neighbor statistics ssl - Show global SSL statistics show stats client
COMMAND:client [detail]DESCRIPTION:Show aggregate client statistics
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed stats information show stats neighbor
COMMAND:neighbor [detail]DESCRIPTION:Show aggregate neighbor statistics
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed stats information show stats ssl
COMMAND:sslDESCRIPTION:Show global SSL statistics
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. OUTPUT:show stats ssl Connections Accepted - The total number of SSL connections that completed the SSL handshake. Note that this also includes connections that are later rejected for other reasons, such as client certificate validation faliures, client authentication failures or VPN shutdown. Connections Rejected - The aggregate number of connections that were rejected for reasons to do with the SSL handshake. Unsupported Cipher Suite - The number of connections rejected due to the client requesting an unsupported cipher suite. SSL Not operational - The number of connections rejected because SSL is not in the operational state. Other failure - The number of connections rejected for all other reasons. For example, unexpected data framing within the encrypted data stream.show syslog
COMMAND:syslog [<name>]DESCRIPTION:Show the configured syslog destinations
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<name> [0..64 chars] - Syslog destination definition name show system
COMMAND:system [detail | post]DESCRIPTION:Show system
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
detail - Show detailed information. post - Show Power-On Self Test (POST) status show telemetry
COMMAND:telemetryDESCRIPTION:Show telemetry information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
This command does not take any parameters. show topic-endpoint
COMMAND:topic-endpoint <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] | topics | rates | sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue <dmq-filter> [dmq-list] | replay] [durable | non-durable] [replay-state {initializing | active | pending-complete | failed | all}] [detail] [flow <flow-id>] [count <num-elements>]DESCRIPTION:Show topic-endpoint information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
active - Only show topic-endpoints with an active replay all - Show topic-endpoints regardless of their replay state detail - Show detailed information <dmq-filter> [1..200 chars] - Shows only those topic-endpoints that use <dmq-filter> as their dead-message queue; may contain wildcard characters dmq-list - Show the topic-endpoints associated with the dead-message-queue durable - Show durable topic-endpoint only failed - Only show topic-endpoints with in the failed replay state <flow-id> [0..4294967294] - Flow id to be displayed flows - Show flows initializing - Only show topic-endpoints with an initializing replay messages - Show message spool messages <msg-id> [1..18446744073709551615] - Show message spool starting from this msg-id <name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ? newest - Show message spool ordered from newest to oldest messages non-durable - Show non-durable topic-endpoint only <num-elements> [1..4294967295] - The number of elements to display. oldest - Show message spool ordered from oldest to newest messages pending-complete - Only show topic-endpoints with a pending-complete replay priorities - Show priority stats also <priority> [0..9 (lowest to highest)] - Show only messages in message spool with this priority rates - Show rates associated with the topic-endpoint replay - Show replay log information replay-state - filter on replay states <replication-group-msg-id> [41..41 chars] - Show message spool starting from this replication-group-msg-id sort-by-messages-spooled - Sort the output in descending order of number of messages spooled sort-by-unacked-messages-spooled - Sort the output in descending order of number of messages spooled stats - Show topic-endpoint statistics topics - Show topics associated with the topic-endpoint <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show topic-endpoint-template
COMMAND:topic-endpoint-template <name> [message-vpn <vpn-name>] [detail]DESCRIPTION:Show topic endpoint template information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show detailed information <name> [1..255 chars] - Topic Endpoint Template name; may contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? show transaction
COMMAND:transaction [xid <xid>] [message-vpn <vpn-name>] [state <transaction-state>] [replicated] [detail | sort-by-last-state-change | sort-by-messages-spooled] [count <num-elements>]DESCRIPTION:Show transaction information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
detail - Show detailed information <num-elements> [1..4294967295] - The number of elements to display. replicated - Show only replicated transactions sort-by-last-state-change - Sort the output in descending order of time since last state change sort-by-messages-spooled - Sort the output in descending order of number of messages spooled <transaction-state> [0..31 chars] - Transaction state, may contain wildcard characters * or ? <vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ? <xid> [1..266 chars] - XID for a distributed transaction, may contain wildcard characters * or ? OUTPUT:show transaction Session - This is a unique name for the associated transacted session if there is one. If there is no associated session, then this field is N/A. Session Id - This is a unique identifier for the associated transacted session if there is one. If there is no associated session, then this field is N/A. Idle Timeout - The number of seconds before an idle transaction may be automatically rolled back and freed. Type - The type of transaction (XA or Local) State - The state of the transaction: Active - the transaction is associated to a transacted-session. Suspended - the transaction is associated to a transacted-session but is suspended. Idle - the transaction is not associated to any transacted-session and will be rolled back if not prepared, committed or rolled back within the idle-timeout period. Last State Change - The elapsed time since the last state change. This does not include a status change from in-Progress to complete, but only the time since entering the state.show username
COMMAND:username <username-pattern> [detail]DESCRIPTION:Show the names of all the CLI and file transfer users configured on a router
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
<username-pattern> [1..32 chars] - The username pattern to use as a filter. show version
COMMAND:versionDESCRIPTION:Show information on software loads
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
This command does not take any parameters. show web-manager
COMMAND:web-managerDESCRIPTION:Show web manager information
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:vpn/read-onlyPARAMETERS:
This command does not take any parameters. source
COMMAND:source script <script-name> [stop-on-error] [no-prompt]DESCRIPTION:Use this command to run a cli script.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/read-onlyPARAMETERS:
no-prompt - Skip yes/no confirmation prompting. <script-name> [0..255 chars] stop-on-error - Stop running script on encountering an error. strict-column-wrapping
COMMAND:[no] strict-column-wrappingDESCRIPTION:By default, this is enabled. Use the 'no' version of this command to allow designated columns to be displayed without wrapping. A column may be designated to be controlled by this setting if it is identified as a column where the content would need to be frequently cut and pasted. This is more easily performed if the content is not wrapped.
The default value is strict-column-wrapping.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
This command does not take any parameters. tree
COMMAND:tree [all | global]DESCRIPTION:Use this command to show the CLI command tree, starting from the current mode.
CONFIG-SYNC:HA: no Replicated VPNs: noMINIMUM REQUIRED SCOPE/ACCESS LEVEL:global/nonePARAMETERS:
all - Display both the global command tree and the command tree for mode-specific commands (starting from the current mode) global - Display the command tree for global commands (commands that are available in all modes Copyright 2005-2024 Solace Corporation. All rights reserved.The information contained herein is the property of Solace Corporation. and is strictly confidential. Except as expressly authorized in writing by Solace Corporation, the holder shall keep all information contained herein confidential, shall disclose it only to its employees with a need to know, and shall protect it, in whole or in part, from disclosure and dissemination to third parties with the same degree of care it uses to protect its own confidential information, but with noless than reasonable care.
Except as expressly authorized in writing by Solace Corporation, the holder is granted no rights to use the informationcontained herein.
Solace and Corporation. corporate logo are trademarks of Solace Corporation.All other trademarks used in this document are the property of their respective owners. The use of the word partner doesnot imply a partnership relationship between Solace Corporation and any other company.