Command Line Interface Reference (APPLIANCE)
Purpose

This guide describes each of the commands available in the Solace Router Command Line Interface (CLI). The commands are listed separately for each CLI level.

The Solace Router CLI is the interface to the software that you use whenever you access Solace Systems routers, whether from the management console or through a remote network connection. The Solace router CLI, which automatically starts after the Solace routers finish powering up, provides commands that you use to perform various tasks, including configuring, monitoring and troubleshooting the software, network connectivity, and the router hardware.

Conventions

The following conventions are used in the product documentation:

CLI Commands

CLI Command Tree

 [no] alarm-display 
  cd [<directory>]
  dir [<pattern>]
  enable 
     admin 
        bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto]
           clear-event <event-name>
           disconnect 
        client <name> message-vpn <vpn-name> [primary] [backup] [static]
           clear-event <event-name>
           disconnect 
        client-certificate-authority <ca-name>
           refresh-crl 
        config-sync 
           assert-leader {router | message-vpn <vpn-name>}
           resync-follower message-vpn <vpn-name>
           resync-leader {router | message-vpn <vpn-name>}
        cspf 
           neighbor <physical-router-name>
              clear-event <event-name>
        delete-remote-router <router-name>
        disk 
           rebuild 
           rebuild-speed {high | low}
        distributed-cache <name> message-vpn <vpn-name>
           backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
           clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
           delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
           restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
           start [cache-cluster <cluster-name>] [cache-instance <instance-name>]
        gather-diagnostics [days-of-history <days-of-history>]
        interface <phy-interface>
           switch-active 
        message-spool message-vpn <vpn-name>
           commit-transaction xid <xid>
           copy-message {source {{queue <queue-name>} | {topic-endpoint <te-name>} | {replay-log 
                       <replay-log-name>}}} {destination {{queue*2 <queue-name>*2} | 
                       {topic-endpoint*2 <te-name>*2}}} {message 
                       <replication-group-msg-id>}
           delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to 
                          <to-msg-id>]]
           delete-transacted-session <name>
           delete-transaction xid <xid>
           queue <name>
              cancel-replay [force-complete]
              start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg 
                          <replication-group-msg-id>}]
           replay-log <name>
              trim-logged-messages older-than-date <older-than-date>
           rollback-transaction xid <xid>
           sequenced-topic <topic> next-sequence-number <seq-num>
           topic-endpoint <name>
              cancel-replay [force-complete]
              start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg 
                          <replication-group-msg-id>}]
       [no] product-key <key-value>
        redundancy 
           revert-activity 
        semp-session session-username <username-pattern> [session-id <session-id-value>]
           delete 
        system 
           message-spool 
              assert-disk-ownership 
              backup-adb-to-disk 
              defragment-spool-files {start | stop}
              override-flash-failure 
              reset 
     backup 
     boot {<version> [default-config] | backout}
     clear 
        bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] stats
        cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                      [message-vpn <vpn-name>] stats
        client <name> [message-vpn <vpn-name>] [primary] [backup] [static] stats
        client-certificate-authority stats
        client-username <name> [message-vpn <vpn-name>] stats
        compression stats
        cspf 
           neighbor <physical-router-name> stats
           stats 
        ldap-profile <profile-name> stats
        log 
           acl [client-connect | publish-topic | subscribe-topic]
           login diag
           no-subscription-match 
           rest rest-delivery-point errors
        message-spool 
           stats 
        message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest 
                   {{rest-delivery-point <rdp-name> } | {rest-consumer 
                   <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ]}} stats*2}
                    | {mqtt {mqtt-session <client-id-pattern> } [primary | backup | auto] 
                   stats*3} | oauth {{profile <profile>} } stats*4}
        oauth-profile <profile-name> stats
        queue <name> [message-vpn <vpn-name>] stats
        radius-profile <profile-name> stats
        replication stats
        smrp stats [router-name <router-name>]
        snmp 
           stats 
        stats 
           client 
           neighbor 
           ssl 
        topic-endpoint <name> [message-vpn <vpn-name>] stats
     configure 
       [create|no] acl-profile <name> message-vpn <vpn-name>
           client-connect 
              default-action {allow | disallow}
             [no] exception <cidr-addr>
           publish-topic 
              default-action {allow | disallow}
             [no] exceptions [smf | mqtt] list <exception-list>
           subscribe-share-name 
              default-action {allow | disallow}
             [no] exceptions [smf | mqtt] list <exception-list>
           subscribe-topic 
              default-action {allow | disallow}
             [no] exceptions [smf | mqtt] list <exception-list>
        authentication 
           access-level 
              default 
                 global-access-level <access-level>
                 message-vpn 
                   [create|no] access-level-exception <vpn-name>
                       access-level <access-level>
                    default-access-level <access-level>
              ldap 
                [create|no] group <group-name>
                    global-access-level <access-level>
                    message-vpn 
                      [create|no] access-level-exception <vpn-name>
                          access-level <access-level>
                       default-access-level <access-level>
                [no] group-membership-attribute-name <attribute-name>
          [no] allow-direct-shell-login [<shell-login-name>]
           auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}
           brute-force-protection 
             [no] shutdown 
          [create|no] client-certificate-authority <ca-name>
             [no] certificate {file <ca-certificate> | content <raw-data>}
              revocation-check 
                 crl 
                   [no] refresh-schedule [days <days-of-week> ] times <times-of-day>
                   [no] url <url>
                 ocsp 
                   [no] allow-non-responder-certificate 
                   [no] override-url <ocsp-override-url>
                   [no] responder-common-name {empty | name <common-name>}
                   [no] timeout <seconds>
                [no] shutdown 
           client-certificate-revocation-checking <mode>
           kerberos 
              keytab 
                 add-key <keytab-filename> [index <index>]
                 delete-keytab-entry <index>
          [create|no] ldap-profile <profile-name>
              admin dn <admin-dn> [password <admin-password> ]
             [no] allow-unauthenticated-authentication 
              group-membership-secondary-search 
                 base-dn <distinguished-name>
                 deref {never | search | base | always}
                 filter <filter>
                 filter-attribute-from-primary-search <attribute-name>
                [no] follow-continuation-references 
                 scope {base | one-level | subtree}
                [no] shutdown 
                 timeout <duration>
             [no] ldap-server <ldap-host> index <server-index>
              search 
                 base-dn <distinguished-name>
                 deref {never | search | base | always}
                 filter <filter>
                [no] follow-continuation-references 
                 scope {base | one-level | subtree}
                 timeout <duration>
             [no] shutdown 
             [no] starttls 
          [create|no] oauth-profile <oauth-profile>
              access-level 
                 default 
                   [no] global-access-level {none | read-only | mesh-manager | read-write | admin}
                    message-vpn 
                      [create|no] access-level-exception <vpn-name>
                         [no] access-level {none | read-only | read-write}
                      [no] default-access-level {none | read-only | read-write}
                [create|no] group <group-name>
                   [no] description <value>
                   [no] global-access-level {none | read-only | mesh-manager | read-write | admin}
                    message-vpn 
                      [create|no] access-level-exception <vpn-name>
                         [no] access-level {none | read-only | read-write}
                      [no] default-access-level {none | read-only | read-write}
             [no] access-level-groups-claim-name <value>
             [no] access-level-groups-claim-string-format {single | space-delimited}
              client 
                {create|no} allowed-host <host>
                [create|no] authorization-parameter <param-name>
                   [no] value <value>
                [no] redirect-uri <value>
                {create|no} required-claim <name>
                [no] required-type <value>
                [no] scope <value>
                [no] validate-type 
             [no] client-id <value>
             [no] client-secret <value>
             [no] display-name <value>
              endpoints 
                [no] authorization <value>
                [no] discovery <value>
                [no] discovery-refresh-interval <value>
                [no] introspection <value>
                [no] introspection-timeout <value>
                [no] jwks <value>
                [no] jwks-refresh-interval <value>
                [no] token <value>
                [no] token-timeout <value>
                [no] userinfo <value>
                [no] userinfo-timeout <value>
             [no] interactive 
             [no] issuer <value>
             [no] oauth-role {client | resource-server}
             [no] prompt-for-expired-session <value>
             [no] prompt-for-new-session <value>
             [no] proxy <proxy-name>
              resource-server 
                [no] parse-access-token 
                [no] required-audience <value>
                {create|no} required-claim <name>
                [no] required-issuer <value>
                [no] required-scope <value>
                [no] required-type <value>
                [no] validate-audience 
                [no] validate-issuer 
                [no] validate-scope 
                [no] validate-type 
             [no] semp 
             [no] shutdown 
             [no] username-claim-name <value>
          [no] oauth-profile-default <value>
          [no] radius-domain <radius-domain>
          [create|no] radius-profile <profile-name>
             [no] radius-server <ip-port> index <server-index> [key <shared-secret-key> ]
              retransmit <attempts>
             [no] shutdown 
              timeout <duration>
          [no] replace-duplicate-client-connections 
       [create|no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto]
          [no] max-ttl <ttl-value>
           remote 
              authentication 
                 auth-scheme {basic | client-certificate}
                 basic 
                   [no] client-username <name> [password <password> ]
                 client-certificate 
                   [no] certificate-file <filename> [file-contents <file-contents> ]
              deliver-to-one 
                [no] priority <dto-priority>
             [create|no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface 
                                    <phys-intf>]}
                [no] client-username <name> [password <password> ]
                [no] compressed-data 
                [no] connect-order <number>
                 message-spool 
                   [no] queue <name>
                   [no] window-size <number>
                [no] shutdown 
                [no] ssl 
                 unidirectional 
                   [no] client-profile <name>
              retry 
                [no] count <count>
                [no] delay <seconds>
             [no] subscription-topic <topic> [deliver-always]
          [no] shutdown 
           ssl 
             [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
       [create|no] client-profile <name> message-vpn <vpn-name>
          [no] allow-bridge-connections 
          [no] allow-shared-subscriptions 
           compression 
             [no] shutdown 
           eliding 
             [no] delay <milliseconds>
             [no] max-topics <num>
             [no] shutdown 
           event 
              client-provisioned-endpoint-spool-usage 
                [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
              connections-per-client-username 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              egress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              endpoints-per-client-username 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              ingress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              service 
                 smf 
                    connections-per-client-username 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 web-transport 
                    connections-per-client-username 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              subscriptions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transacted-sessions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transactions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
          [no] max-connections-per-client-username <value>
          [no] max-subscriptions <value>
           message-spool 
             [no] allow-guaranteed-endpoint-create 
             [no] allow-guaranteed-endpoint-create-durability {all | durable | non-durable}
             [no] allow-guaranteed-message-receive 
             [no] allow-guaranteed-message-send 
             [no] allow-transacted-sessions 
              api-queue-management 
                [no] copy-from-template-on-create <queue-template-name>
              api-topic-endpoint-management 
                [no] copy-from-template-on-create <topic-endpoint-template-name>
             [no] max-egress-flows <value>
             [no] max-endpoints-per-client-username <value>
             [no] max-ingress-flows <value>
             [no] max-messages-per-transaction <value>
             [no] max-transacted-sessions <value>
             [no] max-transactions <value>
             [no] reject-msg-to-sender-on-no-subscription-match 
           queue <type>
             [no] max-depth <depth>
             [no] min-msg-burst <depth>
           replication 
             [no] allow-clients-when-standby 
           service 
             [no] min-keepalive-timeout <seconds>
              smf 
                [no] max-connections-per-client-username <value>
                [no] min-keepalive-enabled 
              web-transport 
                [no] inactive-timeout <seconds>
                [no] max-connections-per-client-username <value>
                [no] max-web-payload <bytes>
           ssl 
             [no] allow-downgrade-to-plain-text 
           tcp 
             [no] initial-cwnd <num-mss>
              keepalive 
                [no] count <num>
                [no] idle <seconds>
                [no] interval <seconds>
             [no] max-wnd <num-kilo-bytes>
             [no] mss <byte-count>
       [create|no] client-username <username> message-vpn <vpn-name>
          [no] acl-profile <name>
          [create|no] attribute <name> <value>
          [no] client-profile <name>
          [no] guaranteed-endpoint-permission-override 
          [no] password <password>
          [no] shutdown 
          [no] subscription-manager 
        clock 
           set <time> <day> <month> <year>
           synchronization 
             [create|no] ntp-source <ip-addr>
                [no] nts 
                [no] shutdown 
             [no] protocol {ntp | ptp}
             [no] shutdown 
           timezone <zone>
        compression 
           mode {optimize-for-size | optimize-for-speed}
        config-sync 
           authentication 
              client-certificate 
                [no] max-certificate-chain-depth <max-depth>
                [no] validate-certificate-date 
           client-profile 
              tcp 
                [no] initial-cwnd <num-mss>
                 keepalive 
                   [no] count <num>
                   [no] idle <seconds>
                   [no] interval <seconds>
                [no] max-wnd <num-kilo-bytes>
                [no] mss <byte-count>
          [no] shutdown 
          [no] ssl 
           synchronize 
             [no] username 
        console 
           baud-rate <baud-rate>
          [no] login-banner {text <banner-text> | file <file-name> | default}
           timeout <idle-timeout>
       [create|no] distributed-cache <name> message-vpn <vpn-name>
          [create|no] cache-cluster <name>
             [create|no] cache-instance <name>
                [no] auto-start 
                [no] shutdown 
                [no] stop-on-lost-message 
             [no] deliver-to-one-override 
              event 
                 data-byte-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 data-message-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 max-memory 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 max-topics 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 request-queue-depth 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 request-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
                 response-rate 
                   [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              global-caching 
                [no] heartbeat <seconds>
                [create|no] home-cache-cluster <name>
                   [no] topic-prefix <topic-prefix>
                [no] shutdown 
                [no] topic-lifetime <seconds>
             [no] max-memory <megabytes>
             [no] max-messages-per-topic <num-messages>
             [no] max-topics <num-topics>
             [no] message-lifetime <seconds>
             [no] new-topic-advertisement 
             [no] request-queue-depth <num-messages>
             [no] shutdown 
             [no] topic <topic-str>
          [no] heartbeat <seconds>
          [no] scheduled-delete-message [days <days-of-week> ] times <times-of-day>
          [no] shutdown 
        dns 
          [no] name-server <ip-addr>
          [no] polled-domain-name <domain-name>
          [no] search-domain-list <domain-list>
        hardware 
           disk <disk-name> [no-shutdown] [shutdown]
           message-spool 
              defragment-spool-files 
                 schedule 
                   [no] days <days-of-week>
                   [no] shutdown 
                   [no] times <times-of-day>
                 threshold 
                   [no] fragmentation-percentage <percentage>
                   [no] min-interval <interval>
                   [no] shutdown 
                   [no] usage-percentage <percentage>
             [no] disk-array wwn <wwn>
              event 
                 cache-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 delivered-unacked 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 disk-usage 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 egress-flows 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 endpoints 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 ingress-flows 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 message-count 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 spool-files 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 transacted-session-resources 
                   [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
                 transacted-sessions 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 transactions 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] internal-disk 
             [no] max-cache-usage <percent-usage>
             [no] max-spool-usage <size>
             [no] shutdown 
              transaction 
                [no] replication-compatibility-mode {legacy | transacted}
             [no] virtual-router-when-active-active {primary | backup}
           power-redundancy <type>
       [no] hostname <name> [defer]
       [create|no] interface <phy-interface> [<mode>]
           lacp 
              rate {fast | slow}
          [no] member <phy-interface>
          [no] primary-member <phy-interface>
          [no] shutdown 
           traffic-shaping 
              egress 
                [no] rate-limit <mbps>
                [no] shutdown 
        ip 
           vrf <name>
             [create|no] interface <ip-interface> [primary | backup | static]
                [no] ip-address <cidr-addr>
                 kerberos 
                   [no] service-principal-name <name>
                [no] shutdown 
             [no] route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]
        jndi message-vpn <vpn-name>
          [create|no] connection-factory <name>
              property-list <name>
                [no] property <name> <value>
          [create|no] queue <name>
             [no] property <name> <value>
          [no] shutdown 
          [create|no] topic <name>
             [no] property <name> <value>
        logging 
          [no] command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds}
          [no] debug {<subsystem-id> | all} [level <level>] [mask <mask>]
           event 
             [no] publish-system 
             [no] system-tag <tag-string>
           facility 
              event 
                [no] message-format {text | json}
              system 
                [no] message-format {text | json}
          [no] max-json-message-size <max-size>
          [no] millisecond-timestamp 
          [no] retention {days <max-num-days> | max-size }
       [no] management-message-vpn <vpn-name>
        memory-event 
           nab-buffer-load-factor 
             [no] thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]
           subscriptions-load-factor 
             [no] thresholds set-percentage <set-percentage> clear-percentage <clear-percentage>
           subscriptions-memory 
             [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
        message-spool message-vpn <vpn-name>
           event 
              egress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              endpoints 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              ingress-flows 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              spool-usage 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transacted-sessions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              transactions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
          [no] max-egress-flows <value>
          [no] max-endpoints <value>
          [no] max-ingress-flows <value>
          [no] max-spool-usage <size>
          [no] max-transacted-sessions <value>
          [no] max-transactions <value>
          [create|no] queue <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
             [no] delivery-count 
             [no] delivery-delay <delay>
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] owner <owner>
              partition 
                [no] count <num-partitions>
                 rebalance 
                   [no] delay <seconds>
                   [no] max-handoff-time <seconds>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] redelivery 
              redelivery-delay 
                [no] initial-interval <value>
                [no] max-interval <value>
                [no] multiplier <value>
                [no] shutdown 
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
             [no] shutdown [ingress | egress | full]
             [no] subscription topic <topic>
          [create|no] queue-template <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
             [no] delivery-delay <delay>
             [no] durability-override {none | non-durable}
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] name-filter <name-filter>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] redelivery 
              redelivery-delay 
                [no] initial-interval <value>
                [no] max-interval <value>
                [no] multiplier <value>
                [no] shutdown 
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
          [create|no] replay-log <name>
             [no] max-spool-usage <size>
             [no] shutdown [ingress | egress | full]
              topic-filter 
                [no] shutdown 
                [create|no] subscription <topic>
          [no] sequenced-topic <topic>
          [create|no] topic-endpoint <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
             [no] delivery-count 
             [no] delivery-delay <delay>
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] owner <owner>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] redelivery 
              redelivery-delay 
                [no] initial-interval <value>
                [no] max-interval <value>
                [no] multiplier <value>
                [no] shutdown 
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
             [no] shutdown [ingress | egress | full]
          [create|no] topic-endpoint-template <name>
             [no] access-type {exclusive | non-exclusive}
             [no] consumer-ack-propagation 
             [no] dead-message-queue <dmq-name>
             [no] delivery-delay <delay>
              event 
                 bind-count 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 reject-low-priority-msg-limit 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
                 spool-usage 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] max-bind-count <value>
             [no] max-delivered-unacked-msgs-per-flow <max>
             [no] max-message-size <size>
             [no] max-redelivery <value>
             [no] max-spool-usage <size>
             [no] max-ttl <ttl>
             [no] name-filter <name-filter>
             [no] permission all {no-access | read-only | consume | modify-topic | delete}
             [no] redelivery 
              redelivery-delay 
                [no] initial-interval <value>
                [no] max-interval <value>
                [no] multiplier <value>
                [no] shutdown 
             [no] reject-low-priority-msg 
             [no] reject-low-priority-msg-limit <limit>
             [no] reject-msg-to-sender-on-discard [including-when-shutdown]
             [no] respect-message-priority 
             [no] respect-ttl 
       [create|no] message-vpn <vpn-name>
           authentication 
              basic 
                 auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none }
                [no] radius-domain <radius-domain>
                [no] shutdown 
              client-certificate 
                [no] allow-api-provided-username 
                 matching-rules 
                   [create|no] rule <name>
                      [create|no] attribute-filter <name>
                         [no] attribute <value>
                         [no] value <value>
                      [create|no] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | 
                                           uid-last | org-unit | org-unit-last | issuer | subject | 
                                           serial-number | dns-name | ip-address} 
                                           {{matches-attribute <attribute>} | 
                                           {matches-expression <expression>}}
                      [no] shutdown 
                   [no] shutdown 
                [no] max-certificate-chain-depth <max-depth>
                [no] revocation-check-mode <permission>
                [no] shutdown 
                [no] username-source <source>
                [no] validate-certificate-date 
              kerberos 
                [no] allow-api-provided-username 
                [no] shutdown 
              oauth 
                [no] default-profile <value>
                [create|no] profile <profile>
                   [no] authorization-groups-claim-name <value>
                   [no] authorization-groups-claim-string-format {single | space-delimited}
                    client 
                      [create|no] required-claim <name>
                      [no] required-type <value>
                      [no] validate-type 
                   [no] client-id <value>
                   [no] client-secret <value>
                   [no] disconnect-on-token-expiration 
                    endpoints 
                      [no] discovery <value>
                      [no] discovery-refresh-interval <value>
                      [no] introspection <value>
                      [no] introspection-timeout <value>
                      [no] jwks <value>
                      [no] jwks-refresh-interval <value>
                      [no] userinfo <value>
                      [no] userinfo-timeout <value>
                   [no] issuer <value>
                   [no] mqtt-username-validate 
                   [no] oauth-role {client | resource-server}
                   [no] proxy <proxy-name>
                    resource-server 
                      [no] parse-access-token 
                      [no] required-audience <value>
                      [create|no] required-claim <name>
                      [no] required-issuer <value>
                      [no] required-scope <value>
                      [no] required-type <value>
                      [no] validate-audience 
                      [no] validate-issuer 
                      [no] validate-scope 
                      [no] validate-type 
                   [no] shutdown 
                   [no] username-claim-name <value>
                [no] shutdown 
           authorization 
             [create|no] authorization-group <name>
                [no] acl-profile <name>
                [no] client-profile <name>
                 order {before | after} <authorization-group-name>
                [no] shutdown 
              authorization-type {ldap <ldap-profile> | internal }
              ldap 
                [no] group-membership-attribute-name <attribute-name>
                [no] trim-client-username-domain 
           bridging 
              ssl 
                 server-certificate-validation 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
                   [no] validate-server-name 
           dynamic-message-routing 
             [create|no] dmr-bridge <remote-node-name>
                 remote 
                   [no] message-vpn <vpn-name>
             [no] shutdown 
           event 
              connections 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
              egress-message-rate 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              ingress-message-rate 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
             [no] large-message-threshold <size>
             [no] log-tag <tag-string>
             [no] publish-client 
             [no] publish-message-vpn 
             [no] publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}]
             [no] publish-topic-format [smf] [mqtt]
              service 
                 amqp 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 mqtt 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 rest 
                    incoming 
                       connections 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                 smf 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                 web-transport 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              subscriptions 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
           export-policy 
             [no] export-subscriptions 
          [no] max-connections <value>
          [no] max-subscriptions <value>
           mqtt 
             [create|no] mqtt-session <client-id> [primary | backup | auto]
                [no] owner <owner>
                [create|no] queue 
                   [no] consumer-ack-propagation 
                   [no] dead-message-queue <dmq-name>
                    event 
                       bind-count 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                       reject-low-priority-msg-limit 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                       spool-usage 
                         [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                        <set-percentage>] [clear-percentage 
                                        <clear-percentage>]}
                   [no] max-bind-count <value>
                   [no] max-delivered-unacked-msgs-per-flow <max>
                   [no] max-message-size <size>
                   [no] max-redelivery <value>
                   [no] max-spool-usage <size>
                   [no] max-ttl <ttl>
                   [no] reject-low-priority-msg 
                   [no] reject-low-priority-msg-limit <limit>
                   [no] reject-msg-to-sender-on-discard [including-when-shutdown]
                   [no] respect-ttl 
                [no] shutdown 
                [create|no] subscription <topic>
                   [no] qos <qos-value>
                 subscription-list qos <qos-value> [<topic-list>]
              retain 
                [create|no] cache <cache-name>
                   [no] message-lifetime <seconds>
                   [no] shutdown 
                [no] max-memory <megabytes>
          [create|no] proxy <proxy-name>
              authentication 
                [no] auth-scheme {none | basic}
                 basic 
                   [no] password <value>
                   [no] username <value>
             [no] host <value>
             [no] port <value>
             [no] proxy-type {direct | http}
             [no] shutdown 
           replication 
              ack-propagation 
                 interval 
                   [no] messages <num-messages>
              bridge 
                 authentication 
                    auth-scheme {basic | client-certificate}
                    basic 
                      [no] client-username <name> [password <password> ]
                    client-certificate 
                      [no] certificate-file <filename> [file-contents <file-contents> ]
                [no] compressed-data 
                 message-spool 
                   [no] window-size <number>
                [no] retry-delay <seconds>
                [no] ssl 
                 unidirectional 
                   [no] client-profile <name>
              queue 
                [no] max-spool-usage <size>
                [no] reject-msg-to-sender-on-discard 
             [no] reject-msg-when-sync-ineligible 
             [create|no] replicated-topic <topic>
                [no] replication-mode {sync | async}
             [no] shutdown 
              state {active | standby}
             [no] transaction-replication-mode {sync | async}
           rest 
             [create|no] rest-delivery-point <name>
                [no] client-profile <name>
                [create|no] queue-binding <queue-name>
                    gateway 
                      [no] replace-target-authority 
                   [no] post-request-target <post-request-target>
                   [create|no] protected-request-header <header-name>
                      [no] header-value <value>
                   [create|no] request-header <header-name>
                      [no] header-value <value>
                    request-target-evaluation {none | substitution-expressions}
                [create|no] rest-consumer <name>
                    authentication 
                      [no] auth-scheme {none | http-basic | client-certificate | http-header | oauth-client | oauth-jwt | transparent | 
                                      aws}
                       aws 
                         [no] access-key-id <access-key-id>
                         [no] region <region>
                         [no] secret-access-key <secret-access-key>
                         [no] service <service>
                       client-certificate 
                         [no] certificate-file <filename> [file-contents <file-contents> ]
                       http-basic 
                         [no] username <name> [password <password> ]
                       http-header 
                         [no] name <name>
                         [no] value <http-header-value>
                       oauth-client 
                         [no] client-id <client-id>
                         [no] client-secret <client-secret>
                         [no] proxy <proxy-name>
                         [no] scope <scope>
                         [no] token-endpoint <token-endpoint>
                         [no] token-expiry-default <value>
                       oauth-jwt 
                         {create|no} claim <name>
                         [no] proxy <proxy-name>
                         [no] secret-key <value>
                         [no] token-endpoint <value>
                         [no] token-expiry-default <value>
                    local 
                      [no] interface <phys-intf>
                    remote 
                      [no] host <dest-ip-addr-or-host>
                      [no] http-method {post | put}
                      [no] max-post-wait-time <seconds>
                      [no] outgoing-connection-count <count>
                      [no] port <port>
                      [no] proxy <proxy-name>
                       retry 
                         [no] delay <seconds>
                      [no] ssl 
                   [no] shutdown 
                    ssl 
                      [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
                [no] service <value>
                [no] shutdown 
                [no] vendor <value>
              ssl 
                 server-certificate-validation 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
                   [no] validate-server-name 
           semp-over-msgbus 
              admin-cmds 
                 client-cmds 
                   [no] shutdown 
                 distributed-cache-cmds 
                   [no] shutdown 
                [no] shutdown 
              legacy-show-clear-cmds 
                [no] shutdown 
              show-cmds 
                [no] shutdown 
             [no] shutdown 
           service 
              amqp 
                [no] listen-port <port> [ssl]
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
              mqtt 
                 authentication 
                    client-certificate 
                      [no] request-client-certificate {always | never | when-enabled-in-message-vpn}
                [no] listen-port <port> [ssl] [web]
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
                 websocket 
                   [no] shutdown 
                 websocket-secure 
                   [no] shutdown 
              rest 
                 incoming 
                    authentication 
                       client-certificate 
                         [no] request-client-certificate {always | never | when-enabled-in-message-vpn}
                   [no] authorization-header-handling {drop | forward | legacy}
                   [no] listen-port <port> [ssl]
                   [no] max-connections <value>
                    plain-text 
                      [no] shutdown 
                    ssl 
                      [no] shutdown 
                [no] mode {gateway | messaging}
                 outgoing 
                   [no] max-connections <value>
              smf 
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
              web-transport 
                 authentication 
                    client-certificate 
                      [no] request-client-certificate {always | never | when-enabled-in-message-vpn}
                [no] max-connections <value>
                 plain-text 
                   [no] shutdown 
                 ssl 
                   [no] shutdown 
          [no] shutdown 
           ssl 
             [no] allow-downgrade-to-plain-text 
          [create|no] telemetry-profile <telemetry-profile-name>
              queue 
                 event 
                    bind-count 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                    spool-usage 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                [no] max-bind-count <value>
                [no] max-spool-usage <value>
              receiver 
                 acl 
                    connect 
                       default-action {allow | disallow}
                      [no] exception <cidr-addr>
                 event 
                    connections-per-client-username 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
                [no] max-connections-per-client-username <value>
                [no] shutdown 
                 tcp 
                   [no] initial-cwnd <num-mss>
                    keepalive 
                      [no] count <num>
                      [no] idle <seconds>
                      [no] interval <seconds>
                   [no] max-wnd <num-kilo-bytes>
                   [no] mss <byte-count>
              trace 
                [create|no] filter <trace-filter-name>
                   [no] shutdown 
                   [create|no] subscription <subscription> [smf | mqtt]
                 send-spans 
                   [no] shutdown 
                [no] shutdown 
        mqtt 
           retain 
             [no] max-memory <megabytes>
       [create|no] proxy <proxy-name>
           authentication 
             [no] auth-scheme {none | basic}
              basic 
                [no] password <value>
                [no] username <value>
          [no] host <value>
          [no] port <value>
          [no] proxy-type {direct | http}
          [no] shutdown 
        redundancy 
          [no] active-standby-role {primary | backup | none }
           authentication 
              pre-shared-key 
                [no] key <pre-shared-key>
          [no] auto-revert 
          [no] mate-router-name <name>
          [no] release-activity 
          [no] shutdown 
           vrrp 
             [no] backup-vrid <vrid>
             [no] failover-criteria {any-fail | all-fail}
             [no] interface <phy-interface>
             [no] primary-vrid <vrid>
        replication 
           config-sync 
              bridge 
                 authentication 
                    auth-scheme {basic | client-certificate}
                [no] compressed-data 
                 message-spool 
                   [no] window-size <number>
                [no] retry-delay <seconds>
                [no] shutdown 
                [no] ssl 
                 ssl-server-certificate-validation 
                   [no] max-certificate-chain-depth <max-depth>
                   [no] validate-certificate-date 
                   [no] validate-server-name 
          [no] interface <phys-intf>
           mate 
             [no] connect-port <port> [compressed] [ssl]
             [no] virtual-router-name <virtual-router-name> connect-via <addr>
           ssl 
             [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
       [no] router-name <name> [defer]
        routing 
           dynamic-message-routing 
             [create|no] cluster <cluster-name>
                 authentication 
                    basic 
                      [no] auth-type {internal | none}
                      [no] password <password>
                      [no] shutdown 
                    client-certificate 
                      [no] certificate-file <filename> [file-contents <file-contents> ]
                       matching-rules 
                         [create|no] rule <name>
                            [create|no] attribute-filter <name>
                               [no] attribute <value>
                               [no] value <value>
                            [create|no] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | 
                                                 uid-last | org-unit | org-unit-last | issuer | 
                                                 subject | serial-number | dns-name | ip-address} 
                                                 {{matches-attribute <attribute>} | 
                                                 {matches-expression <expression>}}
                            [no] shutdown 
                      [no] shutdown 
                [create|no] link <remote-node-name>
                   [create|no] attribute <name> <value>
                    authentication 
                      [no] auth-scheme {basic | client-certificate}
                       basic 
                         [no] password <password>
                    client-profile 
                       queue <type>
                         [no] max-depth <depth>
                         [no] min-msg-burst <depth>
                       tcp 
                         [no] initial-cwnd <num-mss>
                          keepalive 
                            [no] count <num>
                            [no] idle <seconds>
                            [no] interval <seconds>
                         [no] max-wnd <num-kilo-bytes>
                         [no] mss <byte-count>
                   [no] connect-via <addr-port>
                   [no] initiator {lexical | local | remote}
                    message-spool 
                      [no] window-size <number>
                    queue 
                      [no] dead-message-queue <dmq-name>
                       event 
                          spool-usage 
                            [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                           <set-percentage>] [clear-percentage 
                                           <clear-percentage>]}
                      [no] max-delivered-unacked-msgs-per-flow <max>
                      [no] max-redelivery <value>
                      [no] max-spool-usage <size>
                      [no] max-ttl <ttl>
                      [no] reject-msg-to-sender-on-discard [including-when-shutdown]
                      [no] respect-ttl 
                    retry 
                      [no] count <count>
                      [no] delay <seconds>
                   [no] shutdown 
                   [no] span {internal | external}
                    transport 
                      [no] compressed 
                      [no] ssl 
                [no] shutdown 
                 ssl 
                    server-certificate-validation 
                      [no] max-certificate-chain-depth <max-depth>
                      [no] validate-certificate-date 
                      [no] validate-server-name 
          [no] interface <phy-interface>
          [no] mode {dynamic-message-routing | multi-node-routing} [defer]
           multi-node-routing 
              cspf 
                [create|no] neighbor <physical-router-name>
                   [no] compressed-data 
                   [no] connect-via <ip-port>
                   [no] control-port <port>
                   [no] link-cost <cost>
                   [no] shutdown 
                    ssl 
                      [no] cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
                      [no] trusted-common-name {empty | name <common-name>}
                   [no] ssl-data 
                    tcp 
                      [no] initial-cwnd <num-mss>
                       keepalive 
                         [no] count <num>
                         [no] idle <seconds>
                         [no] interval <seconds>
                      [no] max-wnd <num-kilo-bytes>
                      [no] mss <byte-count>
                 queue 
                   [no] max-depth <depth>
                   [no] min-msg-burst <depth>
                 ssl 
                    certificate-validation 
                      [no] max-certificate-chain-depth <max-depth>
                      [no] validate-certificate-date 
                      [no] validate-server-name 
                    client-certificate 
                      [no] certificate-file <filename> [file-contents <file-contents> ]
             [no] shutdown 
        schedule 
          [no] backup [days <days-of-week>] times <times-of-day> [max-backups <max-backups>]
        service 
           amqp 
             [no] listen-port <port> [ssl]
             [no] shutdown 
           event 
              connections 
                [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                               <set-percentage>] [clear-percentage <clear-percentage>]}
           health-check 
             [no] listen-port <port> [ssl]
             [no] shutdown [plain-text] [ssl]
           mqtt 
             [no] shutdown 
           msg-backbone 
             [no] shutdown 
           rest 
              event 
                 outgoing 
                    connections 
                      [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                     <set-percentage>] [clear-percentage 
                                     <clear-percentage>]}
              incoming 
                [no] shutdown 
              outgoing 
                [no] shutdown 
           semp 
              cors 
                [no] allow-any-host 
             [no] legacy-timeout 
             [no] listen-port <port> [ssl]
             [no] session-idle-timeout <value>
             [no] session-max-lifetime <value>
             [no] shutdown [plain-text] [ssl]
           smf 
              event 
                 connections 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
             [no] listen-port <port> [compressed] [routing-control] [ssl]
             [no] shutdown 
           ssl 
              event 
                 connections 
                   [no] thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage 
                                  <set-percentage>] [clear-percentage 
                                  <clear-percentage>]}
          [create|no] virtual-hostname <name>
             [no] message-vpn <vpn-name>
             [no] shutdown 
           web-transport 
             [no] listen-port <port> [ssl]
             [no] shutdown 
             [no] web-url-suffix <suffix>
       [no] snmp-server 
          [no] community <name> group <group>
          [no] contact <name>
          [no] group <name> {v2c | v3 {auth | noauth | priv}}
          [no] host <ip-addr> traps [{v2c | v3 {{auth | noauth | priv} user <name>}}] [port <port>] 
                   [community <community-name>]
          [no] location <name>
          [no] shutdown 
          [no] trap 
              connections 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              disk-utilization [disk <disk-name>]
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              egress-msg-rate 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              fan-speed 
                [no] shutdown 
              ingress-msg-rate 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              power-status 
                [no] shutdown 
             [no] shutdown 
              subscriptions 
                [no] shutdown 
                [no] thresholds [set-value <set-value>] [clear-value <clear-value>]
              temperature 
                [no] shutdown 
              voltage 
                [no] shutdown 
          [no] user <name> group <group> {password <password> }
        ssl 
          [no] allow-tls-version-1.0 
          [no] allow-tls-version-1.1 
           cipher-suite 
             [no] management {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] msg-backbone {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
             [no] ssh {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }
          [no] crime-exploit-protection 
          [create|no] domain-certificate-authority <ca-name>
             [no] certificate {file <ca-certificate> | content <raw-data>}
          [no] server-certificate <filename> [file-contents <file-contents> ]
          [no] standard-domain-certificate-authorities 
          [no] tls-session-timeout <seconds>
       [create|no] syslog <name>
          [no] facility {command | event | system }
          [no] host <hostname-or-address> [transport {tcp | udp | tls}]
        system 
           topic-routing 
             [no] subscription-exceptions [defer]
       [create|no] username <name>
          [no] change-password <password>
           global-access-level <access-level>
           message-vpn 
             [create|no] access-level-exception <vpn-name>
                 access-level <access-level>
              default-access-level <access-level>
           rename <name>
        web-manager 
          [no] allow-unencrypted-wizards 
           redirect-http 
             [no] override-ssl-port <port>
             [no] shutdown 
     copy <source> <destination>
     delete <file>
     delete-load <version>
     disable 
     disconnect sessionid <session-id>
     power-down 
     reload [default-config | config <config-file>]
     rename <old> <new>
     setup 
     shell <reason>
  end 
  exit 
  help 
  home 
  logout 
  more <pattern>
 [no] paging [size <size>]
  ping <vrf-ip-addr-or-host> [ip-interface <ip-interface>]
  ping6 <ip-addr> [ip-interface <ip-interface>]
  pwd 
  session 
     timeout <idle-timeout>
  show 
     acl-profile <name> [message-vpn <vpn-name>] [{detail [[client-connect ] [publish-topic] 
                [subscribe-topic] [subscribe-share-name] ]} | {users } ]
     alarm 
     authentication [user-class cli-semp] [{current-user } | access-level [{default | ldap [group 
                   <group-name-pattern>]}] [detail ]]
     backup 
     bridge <bridge-name-pattern> [message-vpn <vpn-name-pattern>] [remote-message-vpn 
           <remote-vpn-name-pattern>] [remote-router-name <remote-router-name-pattern>] 
           [connect-via <addr-port>] [primary | backup | auto] [subscriptions [local | remote]
            | stats [queues] | connections [wide] | detail | message-spool-stats | ssl | 
           client-certificate]
     cache-cluster <name> [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | topics 
                  [filter <topic-pattern>] [type {local | global [home-cache-cluster 
                  <home-cache-cluster-name>]}] ]
     cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                   [message-vpn <vpn-name>] [detail | remote {status | home-cache-clusters 
                   [<home-cluster-name>] | topics [detail*2] [filter <topic-pattern> ] 
                   [type {local | global}] }]
     client <name> [client-username <username>] [message-vpn <vpn-name>] [authorization-group 
           <group-name>] [{[{stats [congestion | queues]} | {connections [wide]}] } | 
           {subscriptions [{subscription <subscription-name>}]} | {{message-spool | 
           message-spool-stats | {transaction-stats [session <session-id>]}} [{{ingress | 
           egress }} [flow <flow-id>]] } | {transacted-session [{session*2 
           <session-name>}]} | {sorted-stats [<stats-to-show>] [sort-by 
           <stats-to-sort-by>] [clear-high-water-marks]} | web-transport ] [detail] [primary] 
           [backup] [static] [slow-subscriber] [connected | disconnected]
     client-certificate-authority {ca-name <ca-name> [cert [raw-content] | crl | stats | detail] [count <num-elements>] | 
                                 stats*2}
     client-profile <name> [message-vpn <vpn-name>] [detail]
     client-username <name> [message-vpn <vpn-name>] [authorization-group <group-name>] [stats | detail
                     ]
     clock [{detail | {timezones [<pattern>]} | {synchronization ntp-source <host>}}]
     cluster <cluster-name-pattern> [detail | link <link-name-pattern> [detail*2 | client-profile | 
            queue | ssl | channel [message-vpn <vpn-name>] [detail*3] ] ]
     compression 
     config-sync [database [router | message-vpn <vpn-name>] [detail | remote] [count <num-elements>]]
     console [login-banner]
     cspf 
        database 
        neighbor <physical-router-name> [stats [queues | detail] | connections [wide] | detail*2]
        queue 
        route [destination <router-destination>] [source <router-source>]
        ssl 
        stats 
     current-config 
        all [redact]
        message-vpn <vpn-name> [redact] [remove]
     debug [process-name <process-name>] [process-instance <process-instance>] [timeout 
          <seconds>] <command> [<parameter-list>]
     deferred-config 
     disk [detail]
     distributed-cache {<name> [message-vpn <vpn-name>] [detail] | summary}
     dns 
     domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>]
     environment 
     hardware [details | post]
     home-cache-cluster <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] 
                       [message-vpn <vpn-name>]
     hostname 
     interface [<phy-interface>] [detail]
     ip 
        route 
        vrf [<name> [link-local-address | {route | interface <interface-pattern>} [detail]]]
     jndi 
        connection-factory <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
                          [detail]
        object <name> [message-vpn <vpn-name>]
        queue <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
             [detail]
        schema [connection-factory | topic | queue]
        summary [message-vpn <vpn-name>]
        topic <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] 
             [detail]
     kerberos [{keytab | keytab-file <file-name>} [detail]]
     ldap-profile <profile-name> [detail | [index <server-index>] stats | users]
     log 
        acl [client-connect | publish-topic | subscribe-topic] [client-username <username>] [message-vpn 
           <vpn-name>] [wide]
        command [lines <num-lines>] [find <search-string>]
        debug [lines <num-lines>] [find <search-string>]
        event [lines <num-lines>] [find <search-string>]
        login diag [wide]
        no-subscription-match [client-username <username>] [client-name <name>] [message-vpn <vpn-name>] [wide]
        rest rest-delivery-point errors [wide]
        system [lines <num-lines>] [find <search-string>]
     logging 
        command 
        config 
        debug [<subsystem-id>]
        event 
     memory 
     message-spool [message-vpn <vpn-name> [sort-by-messages-spooled]] [stats | detail | rates ]
     message-vpn <vpn-name> {[[detail | stats [detail*2] | service [stats*2]] | subscriptions [primary] 
                [backup] [static] ] | proxy <proxy-name> [detail*3] | replication [stats*3 | 
                detail*4 | client-certificate] | rest [{rest-delivery-point <rdp-name> 
                [stats*4 | queue-binding <queue-binding-name> [request-header 
                <header-name> ] [protected-request-header <header-name>*2 ]] [count*3 
                <num-elements>*3] [detail*5] | rest-consumer <rest-consumer-name> 
                [rest-delivery-point*2 <rdp-name>*2 ] [stats*5 | outgoing-connections [tcp 
                [wide]] | authentication [{oauth-jwt-claim <oauth-jwt-claim-name> }] | 
                client-certificate*2 | ssl | detail*6] [count*4 <num-elements>*4] }] | 
                authorization [authorization-group <name> [detail*7]] [count*5 
                <num-elements>*5] | mqtt [{mqtt-session <client-id-pattern> [owner 
                <owner-pattern>] [auto] [primary*2] [backup*2] [detail*8 | subscriptions*2 
                [qos <qos-value>] | stats*6 | client | queue]} | {retain {cache 
                <cache-name> [detail*9]}}] | bridging | dynamic-message-routing [dmr-bridge 
                <remote-node-name-pattern> ] | oauth {{profile <profile> [client*2 
                required-claim <required-claim-name-pattern> | resource-server 
                required-claim*2 <required-claim-name-pattern>*2 ]} } [detail*10 [stats*7]] | 
                telemetry-profile <telemetry-profile-name> [{receiver acl connect exception 
                <cidr-addr>} | {trace filter <filter-name> [subscription 
                <subscription-name> [smf | mqtt*2] ]}] }
     mqtt 
     oauth-profile <profile-name-pattern> [access-level [{default | group <group-name-pattern> } ] [detail]
                   | client {allowed-host <allowed-host-name-pattern> | 
                  authorization-parameter <authorization-parameter-name-pattern> | 
                  required-claim <required-claim-name-pattern> } | resource-server 
                  {required-claim*2 <required-claim-name-pattern>*2 } | detail*2 | stats]
     paging 
     process [pid <pid>]
     product-key 
     proxy <proxy-name> [detail]
     queue <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest]
           [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | 
          priority <priority>] | subscriptions | rates | sort-by-messages-spooled | 
          sort-by-unacked-messages-spooled | dead-message-queue <dmq-filter> [dmq-list] | 
          replay | partitions] [durable | non-durable] [detail] [replay-state {initializing | active
           | pending-complete | failed | all}] [count <num-elements>]
     queue-template <name> [message-vpn <vpn-name>] [detail]
     radius-profile <profile-name> [detail | stats]
     redundancy [detail]
     replay-log <name> [message-vpn <vpn-name>] [messages [oldest | newest] [msg-id <msg-id> | 
               replication-group-msg-id <replication-group-msg-id> | priority 
               <priority>] [detail] | topic-filters ] [count <num-elements>]
     replicated-topic <topic> [message-vpn <vpn-name>] [replication-mode {sync | async}] [count 
                     <num-elements>]
     replication [stats]
     router-name 
     routing 
     semp-session [<username-pattern>] [session-id <id-pattern>] [count <num-elements>]
     sequenced-topic <topic> [message-vpn <vpn-name>] [count <num-elements>]
     service [web-transport | {virtual-hostname <hostname-name> } | semp]
     session 
     smrp 
        database [router-name <router-name>] [detail]
        route topic <topic-string> [message-vpn <vpn-name>] [destination-name 
             <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] 
             [backup] [static] [persistent | non-persistent]
        stats [router-name [<router-name>]]
        subscription-block [router-name <router-name>] [block-id <block-id>] [message-vpn <vpn-name>] 
                          [persistent | non-persistent] [detail]
        subscriptions [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] 
                     [topic-endpoint] [remote-router] [primary] [backup] [static] [{[dto-priority 
                     <priority>] [topic <topic-str>] [persistent | non-persistent] } | 
                     {summary }]
     snmp [trap [<name>]]
     ssl 
        allow-tls-version 
        certificate-files [filename <filename>] [detail]
        cipher-suite-list {default | management [default*2] | msg-backbone [default*3] | ssh [default*4]}
        crime-exploit-protection 
        server-certificate [detail]
        standard-domain-certificate-authorities 
        supported-cipher-suites [{management | msg-backbone | ssh}]
        supported-tls-versions 
        tls-session-timeout 
     standard-domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>]
     stats 
        client [detail]
        neighbor [detail]
        ssl 
     syslog [<name>]
     system [detail | post]
     telemetry 
     topic-endpoint <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest]
                    [msg-id <msg-id> | replication-group-msg-id 
                   <replication-group-msg-id> | priority <priority>] | topics | rates | 
                   sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue 
                   <dmq-filter> [dmq-list] | replay] [durable | non-durable] [replay-state 
                   {initializing | active | pending-complete | failed | all}] [detail] [flow 
                   <flow-id>] [count <num-elements>]
     topic-endpoint-template <name> [message-vpn <vpn-name>] [detail]
     transaction [xid <xid>] [message-vpn <vpn-name>] [state <transaction-state>] [replicated] 
                [detail | sort-by-last-state-change | sort-by-messages-spooled] [count 
                <num-elements>]
     username <username-pattern> [detail]
     version 
     web-manager 
  source script <script-name> [stop-on-error] [no-prompt]
 [no] strict-column-wrapping 
  tree [all | global]


alarm-display

COMMAND:
[no] alarm-display
DESCRIPTION:
Use this command to enable the display of system alarms in the current CLI session on a session-by-session basis. The no version disables the displaying of router system alarms in the current CLI session.

The default value is no alarm-display.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


cd

COMMAND:
cd [<directory>]
DESCRIPTION:
Use this command to change the current working directory on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<directory> [0..255 chars] - directory to change to. If no directory is specified the root ('/') directory is assumed


dir

COMMAND:
dir [<pattern>]
DESCRIPTION:
Use this command to list the contents of a directory on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<pattern> [0..255 chars] - file(s)/directory(s) to display. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files.


enable

COMMAND:
enable
DESCRIPTION:
Use this command to enter the Privileged EXEC level of the CLI to perform router configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


enable admin

COMMAND:
admin
DESCRIPTION:
Use this command to reach the Admin EXEC level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
This command does not take any parameters.


enable admin bridge

COMMAND:
bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto]
DESCRIPTION:
Enter bridge admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is auto.
backup - Only bridges of the backup virtual router. Default is auto.
<bridge-name-pattern> [1..300 chars] - Bridge name; may contain wildcard characters * or ?
primary - Only bridges of the primary virtual router. Default is auto.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear an event for the Bridge so it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<event-name> [0..12 chars] - The name of the event.


enable admin bridge <bridge-name-pattern> message-vpn <vpn-name> disconnect

COMMAND:
disconnect
DESCRIPTION:
Disconnect one or more bridges

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable admin client

COMMAND:
client <name> message-vpn <vpn-name> [primary] [backup] [static]
DESCRIPTION:
Enter client admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
backup - Only clients of the backup virtual router
<name> [1..160 chars] - Client name; may contain wildcard characters * or ?
primary - Only clients of the primary virtual router
static - Only clients of the static virtual router
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable admin client <name> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<event-name> [0..18 chars] - The name of the one shot event


enable admin client <name> message-vpn <vpn-name> disconnect

COMMAND:
disconnect
DESCRIPTION:
Disconnect one or more clients

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable admin client-certificate-authority

COMMAND:
client-certificate-authority <ca-name>
DESCRIPTION:
Enter client-certificate-authority admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<ca-name> [1..64 chars] - The name of the certificate authority.


enable admin client-certificate-authority <ca-name> refresh-crl

COMMAND:
refresh-crl
DESCRIPTION:
Refresh the CRL file for the Client Certificate Authority.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable admin config-sync

COMMAND:
config-sync [assert-leader... | resync-follower... | resync-leader...]
DESCRIPTION:
Enter config-sync admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
assert-leader - Assert leadership of the specified config-sync table, forcing any other leader's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a leader for the selected table.
resync-follower - Resync the selected table, forcing this follower's content to be overwritten with that from a leader. Config-sync must be a follower for the selected table.
resync-leader - Resync the selected table, forcing this leader's content to be overwritten with that from another leader. Config-sync must be a leader for the selected table.


enable admin config-sync assert-leader

COMMAND:
assert-leader {router | message-vpn <vpn-name>}
DESCRIPTION:
Assert leadership of the specified config-sync table, forcing any other leader's content to be overwritten with our own. This command must be used whenever config-sync is originally enabled on an HA-pair, or when they fall out-of-sync. Config-sync must be a leader for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
Notes/Exceptions: global/rw is required to run this command with the router parameter.
PARAMETERS:
router - Assert leadership for the router table
<vpn-name> [1..32 chars] - Assert leadership for the named message-vpn table; may contain wildcard characters * or ?


enable admin config-sync resync-follower

COMMAND:
resync-follower message-vpn <vpn-name>
DESCRIPTION:
Resync the selected table, forcing this follower's content to be overwritten with that from a leader. Config-sync must be a follower for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ?


enable admin config-sync resync-leader

COMMAND:
resync-leader {router | message-vpn <vpn-name>}
DESCRIPTION:
Resync the selected table, forcing this leader's content to be overwritten with that from another leader. Config-sync must be a leader for the selected table.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
Notes/Exceptions: global/rw is required to run this command with the router parameter.
PARAMETERS:
router - Resync content for the router table
<vpn-name> [1..32 chars] - Resync content for the named message-vpn table; may contain wildcard characters * or ?


enable admin cspf

COMMAND:
cspf [neighbor...]
DESCRIPTION:
Enter cspf admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
neighbor - Enter neighbor admin mode


enable admin cspf neighbor

COMMAND:
neighbor <physical-router-name>
DESCRIPTION:
Enter neighbor admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?


enable admin cspf neighbor <physical-router-name> clear-event

COMMAND:
clear-event <event-name>
DESCRIPTION:
Clear the specified one shot event so that it can be generated anew.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<event-name> [0..22 chars] - The name of the one shot event.


enable admin delete-remote-router

COMMAND:
delete-remote-router <router-name>
DESCRIPTION:
Delete remote router from the SMRP and/or Message Spool database and remove all subscriptions (persistent and non-persistent) received from it

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


enable admin disk

COMMAND:
disk
DESCRIPTION:
Enter disk admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin disk rebuild

COMMAND:
rebuild
DESCRIPTION:
Trigger a disk rebuild after disk replacement

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin disk rebuild-speed

COMMAND:
rebuild-speed {high | low}
DESCRIPTION:
Configure speed at which disk is rebuilt after disk replacement

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
high - Rebuild at high speed.
low - Rebuild at low speed (default).


enable admin distributed-cache

COMMAND:
distributed-cache <name> message-vpn <vpn-name>
DESCRIPTION:
Enter distributed-cache admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<name> [1..200 chars] - The distributed-cache name. Must be a valid topic without hierarchy, whitespace, or ?.
<vpn-name> [1..32 chars] - The message VPN name.


enable admin distributed-cache <name> message-vpn <vpn-name> backup-cached-messages

COMMAND:
backup-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
DESCRIPTION:
Backup cached messages of the selected cache-instance to disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
cancel - Cancel the backup/restore operation currently in progress
<filename> [1..255 chars] - Filename for backup/restore of cached messages
<instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?.


enable admin distributed-cache <name> message-vpn <vpn-name> clear-event

COMMAND:
clear-event <event-name> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Clear an event of selected cache-instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<event-name> [lost-message] - Name of the event, or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?


enable admin distributed-cache <name> message-vpn <vpn-name> delete-messages

COMMAND:
delete-messages <topic> [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Delete message contents covered by given topic in selected cache-instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?
<topic> [1..250 chars] - Delete messages covered by this topic


enable admin distributed-cache <name> message-vpn <vpn-name> restore-cached-messages

COMMAND:
restore-cached-messages cache-instance <instance-name> [{file <filename>} | cancel]
DESCRIPTION:
Restore cached messages for the selected cache-instance from disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
cancel - Cancel the backup/restore operation currently in progress
<filename> [1..255 chars] - Filename for backup/restore of cached messages
<instance-name> [1..200 chars] - The cache-instance name. Must be a valid topic without hierarchy, whitespace, or ?.


enable admin distributed-cache <name> message-vpn <vpn-name> start

COMMAND:
start [cache-cluster <cluster-name>] [cache-instance <instance-name>]
DESCRIPTION:
Start selected cache instances

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<instance-name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?


enable admin gather-diagnostics

COMMAND:
gather-diagnostics [days-of-history <days-of-history>]
DESCRIPTION:
Gather a number of diagnostic files and command output into a single diagnostics file

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<days-of-history> [1..65535] - Number of days of history that should be gathered for diagnostics. Default is 1.


enable admin interface

COMMAND:
interface <phy-interface>
DESCRIPTION:
Enter interface admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable admin interface <phy-interface> switch-active

COMMAND:
switch-active
DESCRIPTION:
switch active link

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin message-spool

COMMAND:
message-spool message-vpn <vpn-name>
DESCRIPTION:
Enter message spool admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the message-spool belongs to


enable admin message-spool message-vpn <vpn-name> commit-transaction

COMMAND:
commit-transaction xid <xid>
DESCRIPTION:
Commit the transaction identified by the XID. The transaction is heuristically committed and thus is not deleted upon completing the commit. To delete, use the delete-transaction command.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> copy-message

COMMAND:
copy-message {source {{queue <queue-name>} | {topic-endpoint <te-name>} | {replay-log <replay-log-name>}}} {destination {{queue*2 <queue-name>*2} | {topic-endpoint*2 <te-name>*2}}} {message <replication-group-msg-id>}
DESCRIPTION:
Copy spooled message from one endpoint to another.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<queue-name> [1..200 chars] - Queue name
<queue-name>*2 - Queue name
<replay-log-name> [1..185 chars] - Replay Log Name
<replication-group-msg-id> [41..41 chars] - Replication Group Message ID of message to be copied
<te-name> [1..250 chars] - Topic Endpoint name
<te-name>*2 - Topic Endpoint name


enable admin message-spool message-vpn <vpn-name> delete-messages

COMMAND:
delete-messages {{queue <queue-name>} | {topic-endpoint <te-name>}} [message <msg-id> [to <to-msg-id>]]
DESCRIPTION:
Delete spooled messages

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<msg-id> [1..18446744073709551615] - Message id to be deleted
<queue-name> [1..200 chars] - Queue name; may contain wildcard characters * or ?
<te-name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ?
<to-msg-id> [1..18446744073709551615] - End of range of message ids to be deleted


enable admin message-spool message-vpn <vpn-name> delete-transacted-session

COMMAND:
delete-transacted-session <name>
DESCRIPTION:
Delete the transacted-session identified by the name. The client that is connected to the session is disconnected, and all transactions associated with the session are rolled back and deleted.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..63 chars] - Transacted session name; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> delete-transaction

COMMAND:
delete-transaction xid <xid>
DESCRIPTION:
Delete the transaction identified by the XID. The transaction must be in the Heuristically Completed state.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> queue

COMMAND:
queue <name>
DESCRIPTION:
Enter message spool queue admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - Queue name


enable admin message-spool message-vpn <vpn-name> queue <name> cancel-replay

COMMAND:
cancel-replay [force-complete]
DESCRIPTION:
Cancel all replays to this queue

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
force-complete - force cancellation without waiting for client unbind ack


enable admin message-spool message-vpn <vpn-name> queue <name> start-replay

COMMAND:
start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg <replication-group-msg-id>}]
DESCRIPTION:
Start a replay to this queue

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<from-date> [0..32 chars] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second
<replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;"
<replication-group-msg-id> [41..41 chars] - The Message after which to begin replay, identified by its Replication Group Message ID The format is "rmid1:xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxx", where x is a hexadecimal digit.


enable admin message-spool message-vpn <vpn-name> replay-log

COMMAND:
replay-log <name>
DESCRIPTION:
Enter message spool replay log admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..185 chars] - Name of Replay Log. Invalid characters are "'<>*?&;"


enable admin message-spool message-vpn <vpn-name> replay-log <name> trim-logged-messages

COMMAND:
trim-logged-messages older-than-date <older-than-date>
DESCRIPTION:
Trim messages from this replay log

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<older-than-date> [0..32 chars] - All messages before this date will be removed. Specify using the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second


enable admin message-spool message-vpn <vpn-name> rollback-transaction

COMMAND:
rollback-transaction xid <xid>
DESCRIPTION:
Rollback the transaction identified by the XID. The transaction is heuristically rolled back and thus is not deleted upon completing the rollback. To delete, use the delete-transaction command.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<xid> [1..266 chars] - XID; may contain wildcard characters * or ?


enable admin message-spool message-vpn <vpn-name> sequenced-topic

COMMAND:
sequenced-topic <topic> next-sequence-number <seq-num>
DESCRIPTION:
Set the next sequence number for the sequenced topic

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seq-num> [1..9223372036854775807] - Next sequence number for the sequenced topic
<topic> [1..250 chars] - Topic for applying sequence numbers


enable admin message-spool message-vpn <vpn-name> topic-endpoint

COMMAND:
topic-endpoint <name>
DESCRIPTION:
Enter message spool topic endpoint admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..250 chars] - Topic Endpoint name


enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> cancel-replay

COMMAND:
cancel-replay [force-complete]
DESCRIPTION:
Cancel all replays to this topic endpoint

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
force-complete - force cancellation without waiting for client unbind ack


enable admin message-spool message-vpn <vpn-name> topic-endpoint <name> start-replay

COMMAND:
start-replay [replay-log <replay-log>] [{from-date <from-date> | after-msg <replication-group-msg-id>}]
DESCRIPTION:
Start a replay to this topic endpoint

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<from-date> [0..32 chars] - Date and time to begin replaying messages from. This is specified in the RFC3339 format "YYYY-MM-DDThh:mm:ssTZD" (e.g. 1997-07-16T19:20:30+01:00). The time specified will be rounded down to the nearest second
<replay-log> [1..185 chars] - Replay Log Name; may not contain "'<>*?&;"
<replication-group-msg-id> [41..41 chars] - The Message after which to begin replay, identified by its Replication Group Message ID The format is "rmid1:xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxx", where x is a hexadecimal digit.


enable admin product-key

COMMAND:
[no] product-key <key-value>
DESCRIPTION:
Configure a product key to unlock feature content

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<key-value> [40..255 chars] - Product key value


enable admin redundancy

COMMAND:
redundancy [revert-activity]
DESCRIPTION:
Enter redundancy mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
revert-activity - Force the backup router to give up activity if the primary router is ready to provide service.


enable admin redundancy revert-activity

COMMAND:
revert-activity
DESCRIPTION:
Force the backup router to give up activity if the primary router is ready to provide service.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable admin semp-session

COMMAND:
semp-session session-username <username-pattern> [session-id <session-id-value>]
DESCRIPTION:
Enter SEMP session admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<session-id-value> [1..56 chars] - The SEMP session ID.`
<username-pattern> [1..189 chars] - The username pattern to use as a filter.


enable admin semp-session session-username <username-pattern> delete

COMMAND:
delete
DESCRIPTION:
Delete one or more SEMP sessions

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system

COMMAND:
system [message-spool]
DESCRIPTION:
Enter system admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
message-spool - Enter message-spool admin mode


enable admin system message-spool

COMMAND:
message-spool [assert-disk-ownership | backup-adb-to-disk | defragment-spool-files... | override-flash-failure | reset...]
DESCRIPTION:
Enter message-spool admin mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
assert-disk-ownership - Assert ownership over the message-spool external disk.
backup-adb-to-disk - Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore.
defragment-spool-files - Start or stop a spool file defragmentation run.
override-flash-failure - Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages.
reset - Reset the message spooling facility on the broker (without affecting the rest of the broker configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state.


enable admin system message-spool assert-disk-ownership

COMMAND:
assert-disk-ownership
DESCRIPTION:
Assert ownership over the message-spool external disk.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system message-spool backup-adb-to-disk

COMMAND:
backup-adb-to-disk
DESCRIPTION:
Backup the contents of the ADB to disk. This command is for upgrading or replacing the ADB hardware only. A reboot is required to restore the backup onto newly installed ADB hardware. Enable the message-spool to remove the saved backup and cancel the restore.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system message-spool defragment-spool-files

COMMAND:
defragment-spool-files {start | stop}
DESCRIPTION:
Start or stop a spool file defragmentation run.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
start - initiate spool file defragmentation operation
stop - halt the spool file defragmentation operation


enable admin system message-spool override-flash-failure

COMMAND:
override-flash-failure
DESCRIPTION:
Override failure of ADB to restore from flash. This command is only used when the event log 'ADB failed to restore image from flash' is seen and the Flash Card State is 'Restore Failed'. It allows temporary operation of the message-spool with a failed ADB/flash until a replacement is installed. This operational state introduces the risk of losing guaranteed messages.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable admin system message-spool reset

COMMAND:
reset
DESCRIPTION:
Reset the message spooling facility on the broker (without affecting the rest of the broker configuration) by deleting all spooled messages for all clients/queues/topics, deleting all topics and all selectors bound to all endpoints, and resetting the ADB to its default configuration state.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable backup

COMMAND:
backup
DESCRIPTION:
Use this command to immediately create a manual local backup of your configuration database file on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable boot

COMMAND:
boot {<version> [default-config] | backout}
DESCRIPTION:
Use this command to upgrade or downgrade the router software to a new or old SolOS software load and activate it, or to revert to and run the previous SolOS software version that was running before the last upgrade.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
backout - Revert to previous load.
default-config - Boots the router to a default configuration.
<version> [0..63 chars] - Load version to boot to


enable clear

COMMAND:
clear [bridge... | cache-instance... | client... | client-certificate-authority... | client-username... | compression... | cspf | ldap-profile... | log | message-spool | message-vpn... | oauth-profile... | queue... | radius-profile... | replication... | smrp... | snmp | stats | topic-endpoint...]
DESCRIPTION:
Use this command to clear various statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
bridge - Clear the statistics for one or more bridges.
cache-instance - Clear statistics for one or more cache-instances.
client - Clear statistics for one or more clients.
client-certificate-authority - Clear global level statistics for client certificate authorities.
Also clears individual client certificate authority stats.
client-username - Clear statistics for one or more client-usernames.
compression - Clear statistics for compression.
cspf - Clear specified CSPF information.
ldap-profile - Clear ldap-profile statistics for one or all profiles.
log - Clear logs.
message-spool - Clear message-spool statistics.
message-vpn - Clear statistics for one or more message VPNs.
oauth-profile - Clear oauth-profile statistics for one or all profiles.
queue - Clear statistics for one or more queues.
radius-profile - Clear radius-profile statistics for one or all profiles.
replication - Clear the global statistics for Replication.
smrp - Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared.
snmp - Clear SNMP statistics.
stats - Clear global level statistics.
topic-endpoint - Clear statistics for one or more topic-endpoints.


enable clear bridge

COMMAND:
bridge <bridge-name-pattern> message-vpn <vpn-name> [primary | backup | auto] stats
DESCRIPTION:
Clear the statistics for one or more bridges.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auto - Only bridges configured for the automatic virtual router. Default is auto.
backup - Only bridges of the backup virtual router. Default is auto.
<bridge-name-pattern> [0..300 chars] - Bridge name; may contain wildcard characters * or ?
primary - Only bridges of the primary virtual router. Default is auto.
stats - Specify this keyword to clear statistics.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear cache-instance

COMMAND:
cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more cache-instances.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ?
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?
stats - Clears cache-instance statistics
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear client

COMMAND:
client <name> [message-vpn <vpn-name>] [primary] [backup] [static] stats
DESCRIPTION:
Clear statistics for one or more clients.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
backup - If specified, clients associated with the backup virtual router will be cleared.
<name> [1..160 chars] - Client name; may contain wildcard characters * or ?
primary - If specified, clients associated with the primary virtual router will be cleared.
static - If specified, clients associated with the static virtual router will be cleared.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear client-certificate-authority

COMMAND:
client-certificate-authority stats
DESCRIPTION:
Clear global level statistics for client certificate authorities.
Also clears individual client certificate authority stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable clear client-username

COMMAND:
client-username <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more client-usernames.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..189 chars] - Client name; may contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear compression

COMMAND:
compression stats
DESCRIPTION:
Clear statistics for compression.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable clear cspf

COMMAND:
cspf [neighbor... | stats]
DESCRIPTION:
Clear specified CSPF information.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
neighbor - Clear statistics related to neighbors
stats - Clear statistics related to the CSPF protocol


enable clear cspf neighbor

COMMAND:
neighbor <physical-router-name> stats
DESCRIPTION:
Clear statistics related to neighbors

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<physical-router-name> [1..66 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?
stats - Clear neighbor stats


enable clear cspf stats

COMMAND:
stats
DESCRIPTION:
Clear statistics related to the CSPF protocol

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable clear ldap-profile

COMMAND:
ldap-profile <profile-name> stats
DESCRIPTION:
Clear ldap-profile statistics for one or all profiles.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name. May contain wildcard characters * and ?.


enable clear log

COMMAND:
log [acl... | login... | no-subscription-match | rest...]
DESCRIPTION:
Clear logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
acl - Clear ACL logs.
login - Clear login logs
no-subscription-match - Clear no-subscription-match logs.
rest - Clear REST logs.


enable clear log acl

COMMAND:
acl [client-connect | publish-topic | subscribe-topic]
DESCRIPTION:
Clear ACL logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
client-connect - Clear only logs relating to client-connect ACLs
publish-topic - Clear only logs relating to publish-topic ACLs
subscribe-topic - Clear only logs relating to subscribe-topic ACLs


enable clear log login

COMMAND:
login diag
DESCRIPTION:
Clear login logs

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
diag - Clear logs relating to login diagnostics


enable clear log no-subscription-match

COMMAND:
no-subscription-match
DESCRIPTION:
Clear no-subscription-match logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable clear log rest

COMMAND:
rest rest-delivery-point errors
DESCRIPTION:
Clear REST logs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
errors - Clear logs relating to REST errors
rest-delivery-point - Clear logs relating to REST Delivery Points


enable clear message-spool

COMMAND:
message-spool [stats]
DESCRIPTION:
Clear message-spool statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
stats - Clear the statistics for the Message Spool.


enable clear message-spool stats

COMMAND:
stats
DESCRIPTION:
Clear the statistics for the Message Spool.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable clear message-vpn

COMMAND:
message-vpn <vpn-name> {stats | message-spool-stats | replication-stats | service-stats | {rest {{rest-delivery-point <rdp-name> } | {rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ]}} stats*2} | {mqtt {mqtt-session <client-id-pattern> } [primary | backup | auto] stats*3} | oauth {{profile <profile>} } stats*4}
DESCRIPTION:
Clear statistics for one or more message VPNs.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auto - If specified, stats associated with the auto mqtt-session will be cleared.
backup - If specified, stats associated with the backup mqtt-session will be cleared.
<client-id-pattern> [0..128 chars] - The pattern that filters the mqtt-session selected. May contain wildcard characters * and ?.
message-spool-stats - Clear message-spool statistics.
mqtt - MQTT related clear commands
no-wildcard*2 - Do not use wildcarding
no-wildcard*3 - Do not use wildcarding
no-wildcard*4 - Do not use wildcarding
oauth - Clear OAuth related information.
primary - If specified, stats associated with the primary mqtt-session will be cleared.
<profile> [1..32 chars] - The name of the profile, which may include wildcards * or ?
<rdp-name> [0..100 chars] - The pattern that filters the RDP selected. May contain wildcard characters * and ?.
<rdp-name>*2 - The pattern that filters the RDP selected. May contain wildcard characters * and ?.
replication-stats - Clear replication statistics.
rest - REST related clear commands
<rest-consumer-name> [0..32 chars] - The pattern that filters the REST Consumer selected. May contain wildcard characters * and ?.
service-stats - Clear SMF service statistics for message VPN.
stats - Clears the statistics for the specified message VPN
stats*2 - Specify this keyword to clear REST Delivery Point statistics.
stats*3 - Specify this keyword to clear MQTT statistics.
stats*4 - Clear OAuth stats.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear oauth-profile

COMMAND:
oauth-profile <profile-name> stats
DESCRIPTION:
Clear oauth-profile statistics for one or all profiles.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<profile-name> [1..32 chars] - OAuth profile name. May contain wildcard characters * and ?.


enable clear queue

COMMAND:
queue <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more queues.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - Queue name; may contain wildcard characters * or ?
stats - Clears the statistics for the specified queue.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable clear radius-profile

COMMAND:
radius-profile <profile-name> stats
DESCRIPTION:
Clear radius-profile statistics for one or all profiles.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name. May contain wildcard characters * and ?.


enable clear replication

COMMAND:
replication stats
DESCRIPTION:
Clear the global statistics for Replication.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
stats - Clear stats.


enable clear smrp

COMMAND:
smrp stats [router-name <router-name>]
DESCRIPTION:
Clear SMRP statistics. Global statistics across all router names are cleared if no router-name is specified, otherwise router-name specific statistics are cleared.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


enable clear snmp

COMMAND:
snmp [stats]
DESCRIPTION:
Clear SNMP statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
stats - Clear SNMP statistics


enable clear snmp stats

COMMAND:
stats
DESCRIPTION:
Clear SNMP statistics

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear stats

COMMAND:
stats [client | neighbor | ssl]
DESCRIPTION:
Clear global level statistics.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
client - Clear global level statistics for clients. Also clears individual client stats.
neighbor - Clear global level statistics for neighbors.
Also clears individual neighbor stats.
ssl - Clear global level statistics related to SSL.


enable clear stats client

COMMAND:
client
DESCRIPTION:
Clear global level statistics for clients. Also clears individual client stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable clear stats neighbor

COMMAND:
neighbor
DESCRIPTION:
Clear global level statistics for neighbors.
Also clears individual neighbor stats.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable clear stats ssl

COMMAND:
ssl
DESCRIPTION:
Clear global level statistics related to SSL.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable clear topic-endpoint

COMMAND:
topic-endpoint <name> [message-vpn <vpn-name>] stats
DESCRIPTION:
Clear statistics for one or more topic-endpoints.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ?
stats - Clears the statistics for the specified topic-endpoint.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


enable configure

COMMAND:
configure
DESCRIPTION:
Use this command to reach the Global CONFIG level by entering configure from the privileged EXEC level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


enable configure acl-profile

COMMAND:
[no] acl-profile <name> message-vpn <vpn-name>

create acl-profile <name> message-vpn <vpn-name> [allow-client-connect] [allow-publish-topic] [allow-subscribe-topic] [disallow-subscribe-share-name]

DESCRIPTION:
Create, modify, or delete a ACL Profile.

An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The name of the ACL Profile.
<vpn-name> [1..32 chars] - The name of the Message VPN.
allow-client-connect - Set the default action for a client connect attempt to "allow".
allow-publish-topic - Set the default action for a publish topic attempt to "allow".
allow-subscribe-topic - Set the default action for a subscribe topic attempt to "allow".
disallow-subscribe-share-name - Set the default action for a subscribe share name attempt to "disallow".


enable configure acl-profile <name> message-vpn <vpn-name> client-connect

COMMAND:
client-connect [default-action... | exception...]
DESCRIPTION:
Enter the "client-connect" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile connects to the Message VPN.
[no] exception - Create or delete a Client Connect Exception.

A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.


enable configure acl-profile <name> message-vpn <vpn-name> client-connect default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile connects to the Message VPN.

The default is default-action "disallow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow client connection unless an exception is found for it.
disallow - Disallow client connection unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> client-connect exception

COMMAND:
[no] exception <cidr-addr>
DESCRIPTION:
Create or delete a Client Connect Exception.

A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cidr-addr> [0..43 chars] - The IP address/netmask of the client connect exception in canonical CIDR form.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic

COMMAND:
publish-topic [default-action... | exceptions...]
DESCRIPTION:
Enter the "publish-topic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN.
[no] exceptions - Create or delete a Publish Topic Exception.

A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN.

The default is default-action "disallow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow topic unless an exception is found for it.
disallow - Disallow topic unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> publish-topic exceptions

COMMAND:
[no] exceptions [smf | mqtt] list <exception-list>
DESCRIPTION:
Create or delete a Publish Topic Exception.

A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<exception-list> [1..250 chars] - List of exceptions
mqtt - Exception list uses MQTT topic syntax.
smf - Exception list uses SMF topic syntax.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-share-name

COMMAND:
subscribe-share-name [default-action... | exceptions...]
DESCRIPTION:
Enter the "subscribe-share-name" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN.
[no] exceptions - Create or delete a Subscribe Share Name Exception.

A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-share-name default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN.

The default is default-action "allow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow topic unless an exception is found for it.
disallow - Disallow topic unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-share-name exceptions

COMMAND:
[no] exceptions [smf | mqtt] list <exception-list>
DESCRIPTION:
Create or delete a Subscribe Share Name Exception.

A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<exception-list> [1..250 chars] - List of exceptions
mqtt - Exception list uses MQTT topic syntax.
smf - Exception list uses SMF topic syntax.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic

COMMAND:
subscribe-topic [default-action... | exceptions...]
DESCRIPTION:
Enter the "subscribe-topic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN.
[no] exceptions - Create or delete a Subscribe Topic Exception.

A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN.

The default is default-action "disallow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow topic unless an exception is found for it.
disallow - Disallow topic unless an exception is found for it.


enable configure acl-profile <name> message-vpn <vpn-name> subscribe-topic exceptions

COMMAND:
[no] exceptions [smf | mqtt] list <exception-list>
DESCRIPTION:
Create or delete a Subscribe Topic Exception.

A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<exception-list> [1..250 chars] - List of exceptions
mqtt - Exception list uses MQTT topic syntax.
smf - Exception list uses SMF topic syntax.


enable configure authentication

COMMAND:
authentication [access-level | allow-direct-shell-login... | auth-type... | brute-force-protection | client-certificate-authority... | client-certificate-revocation-checking... | kerberos | ldap-profile... | oauth-profile... | oauth-profile-default... | radius-domain... | radius-profile... | replace-duplicate-client-connections]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
access-level - Enter sub-mode to configure parameters related to CLI access levels.
[no] allow-direct-shell-login - Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access.
auth-type - The authentication mechanism to use for CLI users. Changing this value will cause all SEMP sessions to be deleted.
brute-force-protection - Enter sub-mode to configure parameters related to brute force attack protection.
[create|no] client-certificate-authority - Create, modify, or delete a Client Certificate Authority.

Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.
client-certificate-revocation-checking - The client certificate revocation checking mode used when a client authenticates with a client certificate.
kerberos - Configure Kerberos Authentication.
[create|no] ldap-profile - Create, edit and delete LDAP profiles.
[create|no] oauth-profile - Create, modify, or delete a OAuth Profile.

OAuth profiles specify how to securely authenticate to an OAuth provider.
[no] oauth-profile-default - The default OAuth profile for OAuth authenticated SEMP requests.
[no] radius-domain - Assign radius-domain string.
[create|no] radius-profile - Create, edit and delete RADIUS profiles.
[no] replace-duplicate-client-connections - Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections.


enable configure authentication access-level

COMMAND:
access-level [default | ldap]
DESCRIPTION:
Enter sub-mode to configure parameters related to CLI access levels.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
default - Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.
ldap - Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP.


enable configure authentication access-level default

COMMAND:
default [global-access-level... | message-vpn]
DESCRIPTION:
Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
global-access-level - Set the global-scope access-level of a CLI username.
message-vpn - Enter sub-mode to configure the access level at Message VPN level for CLI users.


enable configure authentication access-level default global-access-level

COMMAND:
global-access-level <access-level>
DESCRIPTION:
Set the global-scope access-level of a CLI username.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<access-level> [none | read-only | mesh-manager | read-write | admin] - CLI global access level


enable configure authentication access-level default message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.


enable configure authentication access-level default message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured.


enable configure authentication access-level default message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level <access-level>
DESCRIPTION:
vpn-scope access-level to assign to CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level


enable configure authentication access-level default message-vpn default-access-level

COMMAND:
default-access-level <access-level>
DESCRIPTION:
The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN


enable configure authentication access-level ldap

COMMAND:
ldap [group... | group-membership-attribute-name...]
DESCRIPTION:
Enter sub-mode to configure how the access level is derived for CLI users when authenticating with LDAP.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] group - The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.
[no] group-membership-attribute-name - The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level.


enable configure authentication access-level ldap group

COMMAND:
[create | no] group <group-name>
DESCRIPTION:
The name of a group as it exists on the LDAP server being used to authenticate CLI Users. Special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<group-name> [1..256 chars] - LDAP group name.


enable configure authentication access-level ldap group <group-name> global-access-level

COMMAND:
global-access-level <access-level>
DESCRIPTION:
Set the global-scope access-level of CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<access-level> [none | read-only | mesh-manager | read-write | admin] - CLI global access level


enable configure authentication access-level ldap group <group-name> message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.


enable configure authentication access-level ldap group <group-name> message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured.


enable configure authentication access-level ldap group <group-name> message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level <access-level>
DESCRIPTION:
vpn-scope access-level to assign to CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level


enable configure authentication access-level ldap group <group-name> message-vpn default-access-level

COMMAND:
default-access-level <access-level>
DESCRIPTION:
The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN


enable configure authentication access-level ldap group-membership-attribute-name

COMMAND:
group-membership-attribute-name <attribute-name>

no group-membership-attribute-name

DESCRIPTION:
The name of the attribute that should be retrieved from the LDAP server as part of the LDAP search when authenticating a CLI User. It indicates that the CLI User belongs to a particular group (i.e. the value associated with this attribute). The value(s) returned in this attribute should match one of the configured groups. The "no" version of this command unconfigures this attribute which will result in all users getting the default access level.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attribute-name> [1..64 chars] - LDAP attribute name.


enable configure authentication allow-direct-shell-login

COMMAND:
[no] allow-direct-shell-login [<shell-login-name>]
DESCRIPTION:
Use this command to allow direct access to the SolOS shell from the login prompt. The no version of this command disallows the direct shell access.

By default, the support user is allowed direct access to the SolOS shell.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<shell-login-name> [1..32 chars] - Any valid SolOS shell user.


enable configure authentication auth-type

COMMAND:
auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}
DESCRIPTION:
The authentication mechanism to use for CLI users. Changing this value will cause all SEMP sessions to be deleted.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
internal - Internal database.
ldap - LDAP authentication.
<ldap-profile> [1..32 chars] - LDAP profile name.
radius - RADIUS authentication.
<radius-profile> [1..32 chars] - RADIUS profile name.


enable configure authentication brute-force-protection

COMMAND:
brute-force-protection [shutdown]
DESCRIPTION:
Enter sub-mode to configure parameters related to brute force attack protection.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] shutdown - Enable or disable protection against brute force password guessing attacks on local management accounts.


enable configure authentication brute-force-protection shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable protection against brute force password guessing attacks on local management accounts.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication client-certificate-authority

COMMAND:
[create | no] client-certificate-authority <ca-name>
DESCRIPTION:
Create, modify, or delete a Client Certificate Authority.

Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-name> [1..64 chars] - The name of the Certificate Authority.


enable configure authentication client-certificate-authority <ca-name> certificate

COMMAND:
certificate {file <ca-certificate> | content <raw-data>}

no certificate

DESCRIPTION:
The trusted root certificate for a client certificate authority. The file must be located in the /certs directory and must be PEM formatted.

The no version of the command returns its value to the default (no certificate configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-certificate> [1..127 chars] - The CA certificate file.
<raw-data> [0..32768 chars] - The CA certificate content.


enable configure authentication client-certificate-authority <ca-name> revocation-check

COMMAND:
revocation-check [crl | ocsp | shutdown]
DESCRIPTION:
Enter the "revocation-check" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
crl - Enter the "crl" mode.
ocsp - Enter the "ocsp" mode.
[no] shutdown - Enable or disable Certificate Authority revocation checking.


enable configure authentication client-certificate-authority <ca-name> revocation-check crl

COMMAND:
crl [refresh-schedule... | url...]
DESCRIPTION:
Enter the "crl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] refresh-schedule - The schedule for refreshing the CRL by downloading a new copy. The "no" version of the command resets the schedule to the default.
[no] url - The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets.


enable configure authentication client-certificate-authority <ca-name> revocation-check crl refresh-schedule

COMMAND:
refresh-schedule [days <days-of-week> ] times <times-of-day>

no refresh-schedule

DESCRIPTION:
The schedule for refreshing the CRL by downloading a new copy. The "no" version of the command resets the schedule to the default.

The default is refresh-schedule "daily 3:00".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none".
<times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none"


enable configure authentication client-certificate-authority <ca-name> revocation-check crl url

COMMAND:
url <url>

no url

DESCRIPTION:
The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<url> [0..2048 chars] - The value to set.


enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp

COMMAND:
ocsp [allow-non-responder-certificate | override-url... | responder-common-name... | timeout...]
DESCRIPTION:
Enter the "ocsp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] allow-non-responder-certificate - Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses.
[no] override-url - The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included.
[no] responder-common-name - Create or delete a OCSP Responder Trusted Common Name.

When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.
[no] timeout - The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt.


enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp allow-non-responder-certificate

COMMAND:
[no] allow-non-responder-certificate
DESCRIPTION:
Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses.

The default value is no allow-non-responder-certificate.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp override-url

COMMAND:
override-url <ocsp-override-url>

no override-url

DESCRIPTION:
The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ocsp-override-url> [0..2048 chars] - The value to set.


enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp responder-common-name

COMMAND:
responder-common-name {empty | name <common-name>}

no responder-common-name name <common-name>

DESCRIPTION:
Create or delete a OCSP Responder Trusted Common Name.

When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate.
empty - Removes all common names from the list.


enable configure authentication client-certificate-authority <ca-name> revocation-check ocsp timeout

COMMAND:
timeout <seconds>

no timeout

DESCRIPTION:
The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<seconds> [1..86400] - The value to set.


enable configure authentication client-certificate-authority <ca-name> revocation-check shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Certificate Authority revocation checking.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication client-certificate-revocation-checking

COMMAND:
client-certificate-revocation-checking <mode>
DESCRIPTION:
The client certificate revocation checking mode used when a client authenticates with a client certificate.

The default is client-certificate-revocation-checking "none".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<mode> [none | ocsp | crl | ocsp-crl] - The value to set.

none - Do not perform any certificate revocation checking.

ocsp - Use the Open Certificate Status Protcol (OCSP) for certificate revocation checking.

crl - Use Certificate Revocation Lists (CRL) for certificate revocation checking.

ocsp-crl - Use OCSP first, but if OCSP fails to return an unambiguous result, then check via CRL.


enable configure authentication kerberos

COMMAND:
kerberos [keytab]
DESCRIPTION:
Configure Kerberos Authentication.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
keytab - Configure Kerberos keytab entries.


enable configure authentication kerberos keytab

COMMAND:
keytab [add-key... | delete-keytab-entry...]
DESCRIPTION:
Configure Kerberos keytab entries.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
add-key - Add a Kerberos key to the router keytab store.
delete-keytab-entry - Delete a Kerberos key from the router keytab store.


enable configure authentication kerberos keytab add-key

COMMAND:
add-key <keytab-filename> [index <index>]
DESCRIPTION:
Add a Kerberos key to the router keytab store.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<index> [1..65535] - Index of the key in the keytab file.
<keytab-filename> [Filename of keytab in /keytab directory.] - Kerberos keytab file used to get the key from.


enable configure authentication kerberos keytab delete-keytab-entry

COMMAND:
delete-keytab-entry <index>
DESCRIPTION:
Delete a Kerberos key from the router keytab store.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<index> [1..65535] - Index of the key in the keytab store.


enable configure authentication ldap-profile

COMMAND:
[create | no] ldap-profile <profile-name>
DESCRIPTION:
Create, edit and delete LDAP profiles.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<profile-name> [1..32 chars] - LDAP profile name.


enable configure authentication ldap-profile <profile-name> admin

COMMAND:
admin dn <admin-dn> [password <admin-password> ]
DESCRIPTION:
Configure the router's credentials when connecting to an LDAP server in this profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<admin-dn> [0..1024 chars] - The distinguished name to bind as.
<admin-password> [0..128 chars] - The password to provide during the bind.


enable configure authentication ldap-profile <profile-name> allow-unauthenticated-authentication

COMMAND:
[no] allow-unauthenticated-authentication
DESCRIPTION:
This command allows clients connecting to the router without passwords to have those empty passwords forwarded to the LDAP server(s) for authentication. By disabling this attribute the login attempt is immediately rejected by the router without consulting the LDAP server.
Important: Unauthenticated authentication permits password-less logins for all users of this profile if such authentications are also permitted by the LDAP server. As such enabling this attibute can result in a significant security hole.

The default value is no allow-unauthenticated-authentication.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search

COMMAND:
group-membership-secondary-search [base-dn... | deref... | filter... | filter-attribute-from-primary-search... | follow-continuation-references | scope... | shutdown | timeout...]
DESCRIPTION:
Configure the group membership secondary search parameters.

The intent for this search is to indirectly determine the groups the user belongs to. The "group-membership-attribute-name" is not used when this feature is enabled.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base-dn - Sets the base node for searches.
deref - Configure the dereferencing behavior of searches.
filter - Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.
filter-attribute-from-primary-search - The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search.
[no] follow-continuation-references - Enable or disable the following of continuation references.
scope - Configure the scope of directory searches.
[no] shutdown - Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.
timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search base-dn

COMMAND:
base-dn <distinguished-name>
DESCRIPTION:
Sets the base node for searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search deref

COMMAND:
deref {never | search | base | always}
DESCRIPTION:
Configure the dereferencing behavior of searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
always - Always dereference aliases. Default setting.
base - Only dereference alias when locating the base node.
never - Don't dereference aliases.
search - Only dereference aliases when searching.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter

COMMAND:
filter <filter>
DESCRIPTION:
Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search filter-attribute-from-primary-search

COMMAND:
filter-attribute-from-primary-search <attribute-name>
DESCRIPTION:
The name of the attribute that should be retrieved from the LDAP server as part of the primary search. The value of the attribute can be accessed through variable '$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH'; usually used as a filter on the secondary search.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attribute-name> [0..64 chars] - LDAP attribute name.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search follow-continuation-references

COMMAND:
[no] follow-continuation-references
DESCRIPTION:
Enable or disable the following of continuation references.

The default value is follow-continuation-references.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search scope

COMMAND:
scope {base | one-level | subtree}
DESCRIPTION:
Configure the scope of directory searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base - Search only the base node.
one-level - Search only 1 level deep.
subtree - Search the entire subtree. Default setting.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the group membership secondary search. When this feature is enabled the groups the user belongs to are determined indirectly, in a two stage search process. During this search, the "group-membership-attribute-name" is ignored.

An LDAP (primary) search is performed using the settings under the LDAP profile "search" tree, based on the attribute "filter-attribute-from-primary-search" from LDAP profile "group-membership-secondary-search". The attribute value returned is stored in the variable "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". A secondary search based on the settings from "group-membership-secondary-search" is then performed, with a filter usually based on "$ATTRIBUTE_VALUE_FROM_PRIMARY_SEARCH". The secondary search yields the distinguished names for the groups the user belongs to, as the values for the attribute named "dn".

Note: The group membership secondary search applies to CLI users only. This feature regardless of its configuration is not applicable to client users. The authentication/authorization for client users is solely done against the configuration from primary search.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> group-membership-secondary-search timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..40] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails. Values above 20 should only be used upon recommendation of Solace Support.


enable configure authentication ldap-profile <profile-name> ldap-server

COMMAND:
ldap-server <ldap-host> index <server-index>

no ldap-server {<ldap-host> | index <server-index>}

DESCRIPTION:
Configures or removes LDAP servers in a given LDAP profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ldap-host> [0..256 chars] - LDAP host. Examples:
ldap://ldap.solace.com
ldap://192.168.123.4:389
ldaps://ldap.solace.com:636
<server-index> [1..3] - A positive integer indicating server preference. A value of "1" indicates first choice, "2" indicates second choice, etc. Up to a maximum of "3".


enable configure authentication ldap-profile <profile-name> search

COMMAND:
search [base-dn... | deref... | filter... | follow-continuation-references | scope... | timeout...]
DESCRIPTION:
Configure search parameters.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base-dn - Sets the base node for searches.
deref - Configure the dereferencing behavior of searches.
filter - Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.
[no] follow-continuation-references - Enable or disable the following of continuation references.
scope - Configure the scope of directory searches.
timeout - Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.


enable configure authentication ldap-profile <profile-name> search base-dn

COMMAND:
base-dn <distinguished-name>
DESCRIPTION:
Sets the base node for searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<distinguished-name> [0..1024 chars] - Distinguished name that identifies the base node where searches should begin. Example:
"ou=software,dc=solace,dc=com"


enable configure authentication ldap-profile <profile-name> search deref

COMMAND:
deref {never | search | base | always}
DESCRIPTION:
Configure the dereferencing behavior of searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
always - Always dereference aliases. Default setting.
base - Only dereference alias when locating the base node.
never - Don't dereference aliases.
search - Only dereference aliases when searching.


enable configure authentication ldap-profile <profile-name> search filter

COMMAND:
filter <filter>
DESCRIPTION:
Sets the templated filter used to locate individual users in the directory service. If trim-client-username-domain is enabled and the filter is set to "(cn=$CLIENT_USERNAME)", the client-username get its domain trimmed (if it has one). The trimming occurs at the first occurence of the "@" symbol.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<filter> [0..1024 chars] - The filter to be used to locate user entries in a directory service. The following substitution variables can be added to the filter:
$CLIENT_USERNAME
$VPN_NAME
Substitution variables are recognized by the router and are substituted with the client's relevant information.
Examples of filters using substitution variables:
"(&(cn=$CLIENT_USERNAME)(ou=$VPN_NAME)"
"(cn=$CLIENT_USERNAME)"


enable configure authentication ldap-profile <profile-name> search follow-continuation-references

COMMAND:
[no] follow-continuation-references
DESCRIPTION:
Enable or disable the following of continuation references.

The default value is follow-continuation-references.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> search scope

COMMAND:
scope {base | one-level | subtree}
DESCRIPTION:
Configure the scope of directory searches.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
base - Search only the base node.
one-level - Search only 1 level deep.
subtree - Search the entire subtree. Default setting.


enable configure authentication ldap-profile <profile-name> search timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Configure the search timeout. This is the amount of time the LDAP server has to complete a search request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..40] - The number of seconds a LDAP server has to complete a search. If the search times out, then the client's authentication attempt fails. Values above 20 should only be used upon recommendation of Solace Support.


enable configure authentication ldap-profile <profile-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the LDAP profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication ldap-profile <profile-name> starttls

COMMAND:
[no] starttls
DESCRIPTION:
Enables or disables STARTTLS for this profile. The STARTTLS setting is ignored if an LDAP-server host URL is specified with the LDAPS protocol ('ldaps://')

The default value is no starttls.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile

COMMAND:
[create | no] oauth-profile <oauth-profile>
DESCRIPTION:
Create, modify, or delete a OAuth Profile.

OAuth profiles specify how to securely authenticate to an OAuth provider.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
global/admin is required for "create oauth-profile" and "no oauth-profile".
PARAMETERS:
<oauth-profile> [1..32 chars] - The name of the OAuth profile.


enable configure authentication oauth-profile <oauth-profile> access-level

COMMAND:
access-level [default | group...]
DESCRIPTION:
Configure access levels for this OAuth profile.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
default - Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.
[create|no] group - Create, modify, or delete a Group Access Level.

The name of a group as it exists on the OAuth server being used to authenticate SEMP users.


enable configure authentication oauth-profile <oauth-profile> access-level default

COMMAND:
default [global-access-level... | message-vpn]
DESCRIPTION:
Enter sub-mode to configure the default access level for CLI users when external authentication server does not specify it.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] global-access-level - The default global access level for this OAuth profile.
message-vpn - Enter sub-mode to configure the access level at Message VPN level for CLI users.


enable configure authentication oauth-profile <oauth-profile> access-level default global-access-level

COMMAND:
global-access-level {none | read-only | mesh-manager | read-write | admin}

no global-access-level

DESCRIPTION:
The default global access level for this OAuth profile.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
admin - User has read-write access to all global data.
mesh-manager - User has read-write access to global data required to administer this broker as a member of a mesh of brokers.
none - User has no access to global data.
read-only - User has read-only access to global data.
read-write - User has read-write access to most global data.


enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] access-level-exception - Create, modify, or delete a Message VPN Access-Level Exception.

Default message VPN access-level exceptions.
[no] default-access-level - The default message VPN access level for the OAuth profile.


enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
Create, modify, or delete a Message VPN Access-Level Exception.

Default message VPN access-level exceptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the message VPN.


enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level {none | read-only | read-write}

no access-level

DESCRIPTION:
The message VPN access level.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
none - User has no access to a Message VPN.
read-only - User has read-only access to a Message VPN.
read-write - User has read-write access to most Message VPN settings.


enable configure authentication oauth-profile <oauth-profile> access-level default message-vpn default-access-level

COMMAND:
default-access-level {none | read-only | read-write}

no default-access-level

DESCRIPTION:
The default message VPN access level for the OAuth profile.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
none - User has no access to a Message VPN.
read-only - User has read-only access to a Message VPN.
read-write - User has read-write access to most Message VPN settings.


enable configure authentication oauth-profile <oauth-profile> access-level group

COMMAND:
[create | no] group <group-name>
DESCRIPTION:
Create, modify, or delete a Group Access Level.

The name of a group as it exists on the OAuth server being used to authenticate SEMP users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
Notes/Exceptions: An access scope/level of "global/admin" is required to create access level groups with a global access level greater than "none". An access scope/level of "global/admin" is required to delete access level groups with a global access level greater than "none".
PARAMETERS:
<group-name> [1..64 chars] - The name of the group.


enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> description

COMMAND:
description <value>

no description

DESCRIPTION:
A description for the group.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..64 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> global-access-level

COMMAND:
global-access-level {none | read-only | mesh-manager | read-write | admin}

no global-access-level

DESCRIPTION:
The global access level for this group.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
admin - User has read-write access to all global data.
mesh-manager - User has read-write access to global data required to administer this broker as a member of a mesh of brokers.
none - User has no access to global data.
read-only - User has read-only access to global data.
read-write - User has read-write access to most global data.


enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] access-level-exception - Create, modify, or delete a Message VPN Access-Level Exception.

Message VPN access-level exceptions for members of this group.
[no] default-access-level - The default message VPN access level for this group.


enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
Create, modify, or delete a Message VPN Access-Level Exception.

Message VPN access-level exceptions for members of this group.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the message VPN.


enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level {none | read-only | read-write}

no access-level

DESCRIPTION:
The message VPN access level.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
none - User has no access to a Message VPN.
read-only - User has read-only access to a Message VPN.
read-write - User has read-write access to most Message VPN settings.


enable configure authentication oauth-profile <oauth-profile> access-level group <group-name> message-vpn default-access-level

COMMAND:
default-access-level {none | read-only | read-write}

no default-access-level

DESCRIPTION:
The default message VPN access level for this group.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
none - User has no access to a Message VPN.
read-only - User has read-only access to a Message VPN.
read-write - User has read-write access to most Message VPN settings.


enable configure authentication oauth-profile <oauth-profile> access-level-groups-claim-name

COMMAND:
access-level-groups-claim-name <value>

no access-level-groups-claim-name

DESCRIPTION:
The name of the groups claim.

The no version of the command returns its value to the default ("groups").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..100 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> access-level-groups-claim-string-format

COMMAND:
access-level-groups-claim-string-format {single | space-delimited}

no access-level-groups-claim-string-format

DESCRIPTION:
The format of the access level groups claim value when it is a string.

The no version of the command returns its value to the default ("single").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
single - When the claim is a string, it is interpreted as as single group.
space-delimited - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim.


enable configure authentication oauth-profile <oauth-profile> client

COMMAND:
client [allowed-host | authorization-parameter... | redirect-uri... | required-claim | required-type... | scope... | validate-type]
DESCRIPTION:
Configure OAuth client settings.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
{create|no} allowed-host - Create or delete a Allowed Host Value.

A valid hostname for this broker in OAuth redirects.
[create|no] authorization-parameter - Create, modify, or delete a Authorization Parameter.

Additional parameters to be passed to the OAuth authorization endpoint.
[no] redirect-uri - The OAuth redirect URI.
{create|no} required-claim - Create or delete a Required Claim.

Additional claims to be verified in the ID token.
[no] required-type - The required value for the TYP field in the ID token header.
[no] scope - The OAuth scope.
[no] validate-type - Enable or disable verification of the TYP field in the ID token header.


enable configure authentication oauth-profile <oauth-profile> client allowed-host

COMMAND:
{create|no} allowed-host <host>
DESCRIPTION:
Create or delete a Allowed Host Value.

A valid hostname for this broker in OAuth redirects.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<host> - An allowed value for the Host header.


enable configure authentication oauth-profile <oauth-profile> client authorization-parameter

COMMAND:
[create | no] authorization-parameter <param-name>
DESCRIPTION:
Create, modify, or delete a Authorization Parameter.

Additional parameters to be passed to the OAuth authorization endpoint.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<param-name> [1..32 chars] - The name of the authorization parameter.


enable configure authentication oauth-profile <oauth-profile> client authorization-parameter <param-name> value

COMMAND:
value <value>

no value

DESCRIPTION:
The authorization parameter value.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> client redirect-uri

COMMAND:
redirect-uri <value>

no redirect-uri

DESCRIPTION:
The OAuth redirect URI.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..300 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> client required-claim

COMMAND:
create required-claim <name> <value>

no required-claim <name>

DESCRIPTION:
Create or delete a Required Claim.

Additional claims to be verified in the ID token.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<name> - The name of the ID token claim to verify.
<value> - The required claim value, which must be a string containing a valid JSON value.


enable configure authentication oauth-profile <oauth-profile> client required-type

COMMAND:
required-type <value>

no required-type

DESCRIPTION:
The required value for the TYP field in the ID token header.

The no version of the command returns its value to the default ("JWT").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [1..200 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> client scope

COMMAND:
scope <value>

no scope

DESCRIPTION:
The OAuth scope.

The no version of the command returns its value to the default ("openid email").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> client validate-type

COMMAND:
[no] validate-type
DESCRIPTION:
Enable or disable verification of the TYP field in the ID token header.

The default value is validate-type.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> client-id

COMMAND:
client-id <value>

no client-id

DESCRIPTION:
The OAuth client id.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> client-secret

COMMAND:
client-secret <value>

no client-secret

DESCRIPTION:
The OAuth client secret.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..512 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> display-name

COMMAND:
display-name <value>

no display-name

DESCRIPTION:
The user friendly name for the OAuth profile.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..64 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints

COMMAND:
endpoints [authorization... | discovery... | discovery-refresh-interval... | introspection... | introspection-timeout... | jwks... | jwks-refresh-interval... | token... | token-timeout... | userinfo... | userinfo-timeout...]
DESCRIPTION:
Configure OAuth endpoints.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] authorization - The OAuth authorization endpoint.
[no] discovery - The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.
[no] discovery-refresh-interval - The number of seconds between discovery endpoint requests.
[no] introspection - The OAuth introspection endpoint.
[no] introspection-timeout - The maximum time in seconds a token introspection request is allowed to take.
[no] jwks - The OAuth JWKS endpoint.
[no] jwks-refresh-interval - The number of seconds between JWKS endpoint requests.
[no] token - The OAuth token endpoint.
[no] token-timeout - The maximum time in seconds a token request is allowed to take.
[no] userinfo - The OpenID Connect Userinfo endpoint.
[no] userinfo-timeout - The maximum time in seconds a userinfo request is allowed to take.


enable configure authentication oauth-profile <oauth-profile> endpoints authorization

COMMAND:
authorization <value>

no authorization

DESCRIPTION:
The OAuth authorization endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints discovery

COMMAND:
discovery <value>

no discovery

DESCRIPTION:
The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints discovery-refresh-interval

COMMAND:
discovery-refresh-interval <value>

no discovery-refresh-interval

DESCRIPTION:
The number of seconds between discovery endpoint requests.

The no version of the command returns its value to the default (86400).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [60..31536000] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints introspection

COMMAND:
introspection <value>

no introspection

DESCRIPTION:
The OAuth introspection endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints introspection-timeout

COMMAND:
introspection-timeout <value>

no introspection-timeout

DESCRIPTION:
The maximum time in seconds a token introspection request is allowed to take.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [1..60] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints jwks

COMMAND:
jwks <value>

no jwks

DESCRIPTION:
The OAuth JWKS endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints jwks-refresh-interval

COMMAND:
jwks-refresh-interval <value>

no jwks-refresh-interval

DESCRIPTION:
The number of seconds between JWKS endpoint requests.

The no version of the command returns its value to the default (86400).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [60..31536000] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints token

COMMAND:
token <value>

no token

DESCRIPTION:
The OAuth token endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints token-timeout

COMMAND:
token-timeout <value>

no token-timeout

DESCRIPTION:
The maximum time in seconds a token request is allowed to take.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [1..60] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints userinfo

COMMAND:
userinfo <value>

no userinfo

DESCRIPTION:
The OpenID Connect Userinfo endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> endpoints userinfo-timeout

COMMAND:
userinfo-timeout <value>

no userinfo-timeout

DESCRIPTION:
The maximum time in seconds a userinfo request is allowed to take.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [1..60] - The value to set.


enable configure authentication oauth-profile <oauth-profile> interactive

COMMAND:
[no] interactive
DESCRIPTION:
Enable or disable interactive logins via this OAuth provider.

The default value is interactive.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> issuer

COMMAND:
issuer <value>

no issuer

DESCRIPTION:
The Issuer Identifier for the OAuth provider.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> oauth-role

COMMAND:
oauth-role {client | resource-server}

no oauth-role

DESCRIPTION:
Configure whether the broker is acting as an OAuth client or an OAuth resource server.

The no version of the command returns its value to the default ("client").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
client - The broker is in the OAuth client role.
resource-server - The broker is in the OAuth resource server role.


enable configure authentication oauth-profile <oauth-profile> prompt-for-expired-session

COMMAND:
prompt-for-expired-session <value>

no prompt-for-expired-session

DESCRIPTION:
The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..32 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> prompt-for-new-session

COMMAND:
prompt-for-new-session <value>

no prompt-for-new-session

DESCRIPTION:
The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out.

The no version of the command returns its value to the default ("select_account").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..32 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> proxy

COMMAND:
proxy <proxy-name>

no proxy

DESCRIPTION:
The name of the proxy to use for discovery, user info, jwks, and introspection requests. Leave empty for no proxy.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<proxy-name> [0..32 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> resource-server

COMMAND:
resource-server [parse-access-token | required-audience... | required-claim | required-issuer... | required-scope... | required-type... | validate-audience | validate-issuer | validate-scope | validate-type]
DESCRIPTION:
Configure OAuth resource server settings.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] parse-access-token - Enable or disable parsing of the access token as a JWT.
[no] required-audience - The required audience value.
{create|no} required-claim - Create or delete a Required Claim.

Additional claims to be verified in the access token.
[no] required-issuer - The required issuer value.
[no] required-scope - A space-separated list of scopes that must be present in the scope claim.
[no] required-type - The required TYP value.
[no] validate-audience - Enable or disable verification of the audience claim in the access token or introspection response.
[no] validate-issuer - Enable or disable verification of the issuer claim in the access token or introspection response.
[no] validate-scope - Enable or disable verification of the scope claim in the access token or introspection response.
[no] validate-type - Enable or disable verification of the TYP field in the access token header.


enable configure authentication oauth-profile <oauth-profile> resource-server parse-access-token

COMMAND:
[no] parse-access-token
DESCRIPTION:
Enable or disable parsing of the access token as a JWT.

The default value is parse-access-token.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> resource-server required-audience

COMMAND:
required-audience <value>

no required-audience

DESCRIPTION:
The required audience value.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> resource-server required-claim

COMMAND:
create required-claim <name> <value>

no required-claim <name>

DESCRIPTION:
Create or delete a Required Claim.

Additional claims to be verified in the access token.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<name> - The name of the access token claim to verify.
<value> - The required claim value, which must be a string containing a valid JSON value.


enable configure authentication oauth-profile <oauth-profile> resource-server required-issuer

COMMAND:
required-issuer <value>

no required-issuer

DESCRIPTION:
The required issuer value.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> resource-server required-scope

COMMAND:
required-scope <value>

no required-scope

DESCRIPTION:
A space-separated list of scopes that must be present in the scope claim.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> resource-server required-type

COMMAND:
required-type <value>

no required-type

DESCRIPTION:
The required TYP value.

The no version of the command returns its value to the default ("at+jwt").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [1..200 chars] - The value to set.


enable configure authentication oauth-profile <oauth-profile> resource-server validate-audience

COMMAND:
[no] validate-audience
DESCRIPTION:
Enable or disable verification of the audience claim in the access token or introspection response.

The default value is validate-audience.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> resource-server validate-issuer

COMMAND:
[no] validate-issuer
DESCRIPTION:
Enable or disable verification of the issuer claim in the access token or introspection response.

The default value is validate-issuer.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> resource-server validate-scope

COMMAND:
[no] validate-scope
DESCRIPTION:
Enable or disable verification of the scope claim in the access token or introspection response.

The default value is validate-scope.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> resource-server validate-type

COMMAND:
[no] validate-type
DESCRIPTION:
Enable or disable verification of the TYP field in the access token header.

The default value is validate-type.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> semp

COMMAND:
[no] semp
DESCRIPTION:
Enable or disable authentication of SEMP requests with OAuth tokens.

The default value is semp.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the OAuth profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication oauth-profile <oauth-profile> username-claim-name

COMMAND:
username-claim-name <value>

no username-claim-name

DESCRIPTION:
The name of the username claim.

The no version of the command returns its value to the default ("sub").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [1..100 chars] - The value to set.


enable configure authentication oauth-profile-default

COMMAND:
oauth-profile-default <value>

no oauth-profile-default

DESCRIPTION:
The default OAuth profile for OAuth authenticated SEMP requests.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..32 chars] - The value to set.


enable configure authentication radius-domain

COMMAND:
radius-domain <radius-domain>

no radius-domain

DESCRIPTION:
Assign radius-domain string.

The no version of the command returns its value to the default (no radius-domain configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<radius-domain> [0..64 chars] - RADIUS domain string


enable configure authentication radius-profile

COMMAND:
[create | no] radius-profile <profile-name>
DESCRIPTION:
Create, edit and delete RADIUS profiles.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<profile-name> [1..32 chars] - RADIUS profile name.


enable configure authentication radius-profile <profile-name> radius-server

COMMAND:
radius-server <ip-port> index <server-index> [key <shared-secret-key> ]

no radius-server {<ip-port> | index <server-index>}

DESCRIPTION:
Configures or removes RADIUS servers in a given RADIUS profile.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ip-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - FQDN or IP address (and optional port).
Examples:
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345
<server-index> [1..3] - Priority index for the server. Default: next available index
<shared-secret-key> [0..64 chars] - The shared secret between the router and the RADIUS server


enable configure authentication radius-profile <profile-name> retransmit

COMMAND:
retransmit <attempts>
DESCRIPTION:
Sets the number of times to retry a request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<attempts> [1..10] - The number of attempts to retry a request.


enable configure authentication radius-profile <profile-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the RADIUS profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure authentication radius-profile <profile-name> timeout

COMMAND:
timeout <duration>
DESCRIPTION:
Sets the time to wait before retrying a request.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<duration> [1..10] - The time in seconds to wait.


enable configure authentication replace-duplicate-client-connections

COMMAND:
[no] replace-duplicate-client-connections
DESCRIPTION:
Specifies whether new connections with the same client name as an existing connection replaces the existing connection or is rejected. "no" version of the command prevents replacement of duplicate client connections.

The default value is replace-duplicate-client-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure bridge

COMMAND:
[create | no] bridge <bridge-name> message-vpn <vpn-name> [primary | backup | auto]
DESCRIPTION:
Create, modify, or delete a Bridge.

Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auto - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
backup - The Bridge is used for the backup virtual router.
<bridge-name> [1..150 chars] - The name of the Bridge.
primary - The Bridge is used for the primary virtual router.
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> max-ttl

COMMAND:
max-ttl <ttl-value>

no max-ttl

DESCRIPTION:
The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value.

The no version of the command returns its value to the default (8).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl-value> [1..255] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote

COMMAND:
remote [authentication | deliver-to-one | message-vpn... | retry | subscription-topic...]
DESCRIPTION:
Enter the "remote" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
authentication - Enter the "authentication" mode.
deliver-to-one - Enter the "deliver-to-one" mode.
[create|no] message-vpn - Create, modify, or delete a Remote Message VPN.

The Remote Message VPN is the Message VPN that the Bridge connects to.
retry - Enter the "retry" mode.
[no] subscription-topic - Create or delete a Remote Subscription.

A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication

COMMAND:
authentication [auth-scheme... | basic | client-certificate]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auth-scheme - The authentication scheme for the remote Message VPN.
basic - Enter the "basic" mode.
client-certificate - Enter the "client-certificate" mode.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication auth-scheme

COMMAND:
auth-scheme {basic | client-certificate}
DESCRIPTION:
The authentication scheme for the remote Message VPN.

The default is auth-scheme "basic".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
basic - Basic Authentication Scheme (via username and password).
client-certificate - Client Certificate Authentication Scheme (via certificate file or content).


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic

COMMAND:
basic [client-username...]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] client-username - The Client Username and password the Bridge uses to login to the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication basic client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The Client Username and password the Bridge uses to login to the remote Message VPN.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] certificate-file - The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> [file-contents <file-contents> ]

no certificate-file

DESCRIPTION:
The client certificate used by this bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<file-contents> [0..32768 chars] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one

COMMAND:
deliver-to-one [priority...]
DESCRIPTION:
Enter the "deliver-to-one" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] priority - The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote deliver-to-one priority

COMMAND:
priority <dto-priority>

no priority

DESCRIPTION:
The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN.

The no version of the command returns its value to the default ("P1").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dto-priority> [P1 | P2 | P3 | P4 | DA] - The value to set.

P1 - The 1st or highest priority.

P2 - The 2nd highest priority.

P3 - The 3rd highest priority.

P4 - The 4th highest priority.

DA - Ignore priority and deliver always.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn

COMMAND:
[create | no] message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } [interface <phys-intf>]}
DESCRIPTION:
Create, modify, or delete a Remote Message VPN.

The Remote Message VPN is the Message VPN that the Bridge connects to.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<addr> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - FQDN or IP address (and optional port) where the remote router should be reached. This may be a static or virtual address of the remote-router. DNS name lookup is supported. For bridges that are looping back to a message-vpn on this router, the IP address '127.0.0.1' must be used. Ex.
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345
<phys-intf> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"
<virtual-router-name> [1..66 chars] - name of the virtual remote-router where the message-vpn is located. All virtual remote-router names start with 'v:', for e.g. v:lab-128-97.
<vpn-name> [1..32 chars] - remote message-vpn name


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The Client Username and password the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } compressed-data

COMMAND:
[no] compressed-data
DESCRIPTION:
Enable or disable data compression for the remote Message VPN connection.

The default value is no compressed-data.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } connect-order

COMMAND:
connect-order <number>

no connect-order

DESCRIPTION:
The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority).

The no version of the command returns its value to the default (4).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<number> [1..4] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool

COMMAND:
message-spool [queue... | window-size...]
DESCRIPTION:
Enter the "message-spool" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] queue - The queue binding of the Bridge in the remote Message VPN.
[no] window-size - The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool queue

COMMAND:
queue <name>

no queue

DESCRIPTION:
The queue binding of the Bridge in the remote Message VPN.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..200 chars] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } message-spool window-size

COMMAND:
window-size <number>

no window-size

DESCRIPTION:
The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received.

The no version of the command returns its value to the default (255).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<number> [0..65535] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the remote Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable or disable encryption (TLS) for the remote Message VPN connection.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional

COMMAND:
unidirectional [client-profile...]
DESCRIPTION:
Enter the "unidirectional" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] client-profile - The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote message-vpn <vpn-name> {router <virtual-router-name> | {connect-via <addr> } } unidirectional client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB.

The no version of the command returns its value to the default ("#client-profile").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry

COMMAND:
retry [count... | delay...]
DESCRIPTION:
Enter the "retry" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] count - The number of retry attempts to establish a connection before moving on to the next remote Message VPN.
[no] delay - The number of seconds the broker waits for the bridge connection to be established before attempting a new connection.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry count

COMMAND:
count <count>

no count

DESCRIPTION:
The number of retry attempts to establish a connection before moving on to the next remote Message VPN.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<count> [0..255] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote retry delay

COMMAND:
delay <seconds>

no delay

DESCRIPTION:
The number of seconds the broker waits for the bridge connection to be established before attempting a new connection.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..255] - The value to set.


enable configure bridge <bridge-name> message-vpn <vpn-name> remote subscription-topic

COMMAND:
subscription-topic <topic> [deliver-always]

no subscription-topic <topic>

DESCRIPTION:
Create or delete a Remote Subscription.

A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
deliver-always - Enable or disable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both.
<topic> [1..250 chars] - The topic of the Bridge remote subscription.


enable configure bridge <bridge-name> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Bridge.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl

COMMAND:
ssl [cipher-suite...]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] cipher-suite - The list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure.


enable configure bridge <bridge-name> message-vpn <vpn-name> ssl cipher-suite

COMMAND:
cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no cipher-suite name <suite-name>

DESCRIPTION:
The list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure.

The default is cipher-suite "default".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list.
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure client-profile

COMMAND:
[create | no] client-profile <name> message-vpn <vpn-name>
DESCRIPTION:
Create, modify, or delete a Client Profile.

Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [1..32 chars] - The name of the Client Profile.
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure client-profile <name> message-vpn <vpn-name> allow-bridge-connections

COMMAND:
[no] allow-bridge-connections
DESCRIPTION:
Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections.

The default value is no allow-bridge-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> allow-shared-subscriptions

COMMAND:
[no] allow-shared-subscriptions
DESCRIPTION:
Enable or disable allowing shared subscriptions. Changing this setting does not affect existing subscriptions.

The default value is no allow-shared-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> compression

COMMAND:
compression [shutdown]
DESCRIPTION:
Enter the "compression" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] shutdown - Enable or disable allowing clients using the Client Profile to use compression.


enable configure client-profile <name> message-vpn <vpn-name> compression shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to use compression.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> eliding

COMMAND:
eliding [delay... | max-topics... | shutdown]
DESCRIPTION:
Enter the "eliding" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] delay - The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients.
[no] max-topics - The maximum number of topics tracked for message eliding per client connection using the Client Profile.
[no] shutdown - Enable or disable message eliding for clients using the Client Profile.


enable configure client-profile <name> message-vpn <vpn-name> eliding delay

COMMAND:
delay <milliseconds>

no delay

DESCRIPTION:
The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<milliseconds> [0..60000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> eliding max-topics

COMMAND:
max-topics <num>

no max-topics

DESCRIPTION:
The maximum number of topics tracked for message eliding per client connection using the Client Profile.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num> [1..32000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> eliding shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable message eliding for clients using the Client Profile.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> event

COMMAND:
event [client-provisioned-endpoint-spool-usage | connections-per-client-username | egress-flows | endpoints-per-client-username | ingress-flows | service | subscriptions | transacted-sessions | transactions]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
client-provisioned-endpoint-spool-usage - Enter the "client-provisioned-endpoint-spool-usage" mode.
connections-per-client-username - Enter the "connections-per-client-username" mode.
egress-flows - Enter the "egress-flows" mode.
endpoints-per-client-username - Enter the "endpoints-per-client-username" mode.
ingress-flows - Enter the "ingress-flows" mode.
service - Enter the "service" mode.
subscriptions - Enter the "subscriptions" mode.
transacted-sessions - Enter the "transacted-sessions" mode.
transactions - Enter the "transactions" mode.


enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage

COMMAND:
client-provisioned-endpoint-spool-usage [thresholds...]
DESCRIPTION:
Enter the "client-provisioned-endpoint-spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of Queues and Topic Endpoints provisioned by clients, relative to max-spool-usage for these Queues and Topic Endpoints. Changing these values during operation does not affect existing sessions. For provisioned durable Queues and Topic Endpoints, this value applies when initially provisioned, but can then be changed afterwards by configuring the Queue or Topic Endpoint.


enable configure client-profile <name> message-vpn <vpn-name> event client-provisioned-endpoint-spool-usage thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of Queues and Topic Endpoints provisioned by clients, relative to max-spool-usage for these Queues and Topic Endpoints. Changing these values during operation does not affect existing sessions. For provisioned durable Queues and Topic Endpoints, this value applies when initially provisioned, but can then be changed afterwards by configuring the Queue or Topic Endpoint.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Enter the "connections-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the Client Username connection count event of the Client Profile, relative to max-connections-per-client-username.


enable configure client-profile <name> message-vpn <vpn-name> event connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username connection count event of the Client Profile, relative to max-connections-per-client-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Enter the "egress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the transmit flow count event of the Client Profile, relative to max-egress-flows.


enable configure client-profile <name> message-vpn <vpn-name> event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transmit flow count event of the Client Profile, relative to max-egress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username

COMMAND:
endpoints-per-client-username [thresholds...]
DESCRIPTION:
Enter the "endpoints-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the Client Username endpoint count event of the Client Profile, relative to max-endpoints.


enable configure client-profile <name> message-vpn <vpn-name> event endpoints-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username endpoint count event of the Client Profile, relative to max-endpoints.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Enter the "ingress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the receive flow count event of the Client Profile, relative to max-ingress-flows.


enable configure client-profile <name> message-vpn <vpn-name> event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the receive flow count event of the Client Profile, relative to max-ingress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event service

COMMAND:
service [smf | web-transport]
DESCRIPTION:
Enter the "service" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
smf - Enter the "smf" mode.
web-transport - Enter the "web-transport" mode.


enable configure client-profile <name> message-vpn <vpn-name> event service smf

COMMAND:
smf [connections-per-client-username]
DESCRIPTION:
Enter the "smf" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode.


enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Enter the "connections-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the Client Username SMF connection count event of the Client Profile, relative to max-connections-per-client-username.


enable configure client-profile <name> message-vpn <vpn-name> event service smf connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username SMF connection count event of the Client Profile, relative to max-connections-per-client-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport

COMMAND:
web-transport [connections-per-client-username]
DESCRIPTION:
Enter the "web-transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Enter the "connections-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the Client Username Web Transport connection count event of the Client Profile, relative to max-connections-per-client-username.


enable configure client-profile <name> message-vpn <vpn-name> event service web-transport connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username Web Transport connection count event of the Client Profile, relative to max-connections-per-client-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event subscriptions

COMMAND:
subscriptions [thresholds...]
DESCRIPTION:
Enter the "subscriptions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the subscription count event of the Client Profile, relative to max-subscriptions.


enable configure client-profile <name> message-vpn <vpn-name> event subscriptions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the subscription count event of the Client Profile, relative to max-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Enter the "transacted-sessions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the transacted session count event of the Client Profile, relative to max-transacted-sessions.


enable configure client-profile <name> message-vpn <vpn-name> event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transacted session count event of the Client Profile, relative to max-transacted-sessions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Enter the "transactions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the transaction count event of the Client Profile, relative to max-transactions.


enable configure client-profile <name> message-vpn <vpn-name> event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transaction count event of the Client Profile, relative to max-transactions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure client-profile <name> message-vpn <vpn-name> max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> max-subscriptions

COMMAND:
max-subscriptions <value>

no max-subscriptions

DESCRIPTION:
The maximum number of subscriptions per client using the Client Profile. This limit is not enforced when a client adds a subscription to an endpoint, except for MQTT QoS 1 subscriptions. In addition, this limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..4294967295] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool

COMMAND:
message-spool [allow-guaranteed-endpoint-create | allow-guaranteed-endpoint-create-durability... | allow-guaranteed-message-receive | allow-guaranteed-message-send | allow-transacted-sessions | api-queue-management | api-topic-endpoint-management | max-egress-flows... | max-endpoints-per-client-username... | max-ingress-flows... | max-messages-per-transaction... | max-transacted-sessions... | max-transactions... | reject-msg-to-sender-on-no-subscription-match]
DESCRIPTION:
Enter the "message-spool" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] allow-guaranteed-endpoint-create - Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections.
[no] allow-guaranteed-endpoint-create-durability - The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections.
[no] allow-guaranteed-message-receive - Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections.
[no] allow-guaranteed-message-send - Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections.
[no] allow-transacted-sessions - Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections.
api-queue-management - Enter the "api-queue-management" mode.
api-topic-endpoint-management - Enter the "api-topic-endpoint-management" mode.
[no] max-egress-flows - The maximum number of transmit flows that can be created by one client using the Client Profile.
[no] max-endpoints-per-client-username - The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile.
[no] max-ingress-flows - The maximum number of receive flows that can be created by one client using the Client Profile.
[no] max-messages-per-transaction - The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance.
[no] max-transacted-sessions - The maximum number of transacted sessions that can be created by one client using the Client Profile.
[no] max-transactions - The maximum number of transactions that can be created by one client using the Client Profile.
[no] reject-msg-to-sender-on-no-subscription-match - Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-endpoint-create

COMMAND:
[no] allow-guaranteed-endpoint-create
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections.

The default value is no allow-guaranteed-endpoint-create.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-endpoint-create-durability

COMMAND:
allow-guaranteed-endpoint-create-durability {all | durable | non-durable}

no allow-guaranteed-endpoint-create-durability

DESCRIPTION:
The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections.

The no version of the command returns its value to the default ("all").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
all - Client can create any type of endpoint.
durable - Client can create only durable endpoints.
non-durable - Client can create only non-durable endpoints.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-receive

COMMAND:
[no] allow-guaranteed-message-receive
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections.

The default value is no allow-guaranteed-message-receive.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-guaranteed-message-send

COMMAND:
[no] allow-guaranteed-message-send
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections.

The default value is no allow-guaranteed-message-send.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool allow-transacted-sessions

COMMAND:
[no] allow-transacted-sessions
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections.

The default value is no allow-transacted-sessions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management

COMMAND:
api-queue-management [copy-from-template-on-create...]
DESCRIPTION:
Enter the "api-queue-management" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] copy-from-template-on-create - The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-queue-management copy-from-template-on-create

COMMAND:
copy-from-template-on-create <queue-template-name>

no copy-from-template-on-create

DESCRIPTION:
The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<queue-template-name> [0..255 chars] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management

COMMAND:
api-topic-endpoint-management [copy-from-template-on-create...]
DESCRIPTION:
Enter the "api-topic-endpoint-management" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] copy-from-template-on-create - The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template.


enable configure client-profile <name> message-vpn <vpn-name> message-spool api-topic-endpoint-management copy-from-template-on-create

COMMAND:
copy-from-template-on-create <topic-endpoint-template-name>

no copy-from-template-on-create

DESCRIPTION:
The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<topic-endpoint-template-name> [0..255 chars] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-egress-flows

COMMAND:
max-egress-flows <value>

no max-egress-flows

DESCRIPTION:
The maximum number of transmit flows that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-endpoints-per-client-username

COMMAND:
max-endpoints-per-client-username <value>

no max-endpoints-per-client-username

DESCRIPTION:
The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-ingress-flows

COMMAND:
max-ingress-flows <value>

no max-ingress-flows

DESCRIPTION:
The maximum number of receive flows that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..1000000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-messages-per-transaction

COMMAND:
max-messages-per-transaction <value>

no max-messages-per-transaction

DESCRIPTION:
The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [1..20000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transacted-sessions

COMMAND:
max-transacted-sessions <value>

no max-transacted-sessions

DESCRIPTION:
The maximum number of transacted sessions that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..100000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool max-transactions

COMMAND:
max-transactions <value>

no max-transactions

DESCRIPTION:
The maximum number of transactions that can be created by one client using the Client Profile.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..100000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> message-spool reject-msg-to-sender-on-no-subscription-match

COMMAND:
[no] reject-msg-to-sender-on-no-subscription-match
DESCRIPTION:
Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found.

The default value is no reject-msg-to-sender-on-no-subscription-match.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> queue

COMMAND:
queue <type>
DESCRIPTION:
Enter the "queue" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<type> [G-1 | D-1 | D-2 | D-3 | C-1] - The type of queue to configure (G-Guaranteed, D-Direct, C-Control).


enable configure client-profile <name> message-vpn <vpn-name> queue <type> max-depth

COMMAND:
max-depth <depth>

no max-depth

DESCRIPTION:
The maximum depth of the specified priority queue, in work units. Each work unit is 2048 bytes of message data.

The no version of the command returns its value to the default (20000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<depth> [2..262144] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> queue <type> min-msg-burst

COMMAND:
min-msg-burst <depth>

no min-msg-burst

DESCRIPTION:
The number of messages that are always allowed entry into the specified priority queue, regardless of the max-depth value.

The no version of the command returns its value to the default. The default depends on the priority queue type.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<depth> [0..262144] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> replication

COMMAND:
replication [allow-clients-when-standby]
DESCRIPTION:
Enter the "replication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] allow-clients-when-standby - Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby.


enable configure client-profile <name> message-vpn <vpn-name> replication allow-clients-when-standby

COMMAND:
[no] allow-clients-when-standby
DESCRIPTION:
Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby.

The default value is no allow-clients-when-standby.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> service

COMMAND:
service [min-keepalive-timeout... | smf | web-transport]
DESCRIPTION:
Enter the "service" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] min-keepalive-timeout - The minimum client keepalive timeout which will be enforced for client connections.
smf - Enter the "smf" mode.
web-transport - Enter the "web-transport" mode.


enable configure client-profile <name> message-vpn <vpn-name> service min-keepalive-timeout

COMMAND:
min-keepalive-timeout <seconds>

no min-keepalive-timeout

DESCRIPTION:
The minimum client keepalive timeout which will be enforced for client connections.

The no version of the command returns its value to the default (30).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [3..3600] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> service smf

COMMAND:
smf [max-connections-per-client-username... | min-keepalive-enabled]
DESCRIPTION:
Enter the "smf" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] max-connections-per-client-username - The maximum number of SMF client connections per Client Username using the Client Profile.
[no] min-keepalive-enabled - Enable or disable the enforcement of a minimum keepalive timeout for SMF clients.


enable configure client-profile <name> message-vpn <vpn-name> service smf max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of SMF client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> service smf min-keepalive-enabled

COMMAND:
[no] min-keepalive-enabled
DESCRIPTION:
Enable or disable the enforcement of a minimum keepalive timeout for SMF clients.

The default value is no min-keepalive-enabled.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport

COMMAND:
web-transport [inactive-timeout... | max-connections-per-client-username... | max-web-payload...]
DESCRIPTION:
Enter the "web-transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] inactive-timeout - The timeout for inactive Web Transport client sessions using the Client Profile, in seconds.
[no] max-connections-per-client-username - The maximum number of Web Transport client connections per Client Username using the Client Profile.
[no] max-web-payload - The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport inactive-timeout

COMMAND:
inactive-timeout <seconds>

no inactive-timeout

DESCRIPTION:
The timeout for inactive Web Transport client sessions using the Client Profile, in seconds.

The no version of the command returns its value to the default (30).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [1..4294967295] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of Web Transport client connections per Client Username using the Client Profile.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> service web-transport max-web-payload

COMMAND:
max-web-payload <bytes>

no max-web-payload

DESCRIPTION:
The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included.

The no version of the command returns its value to the default (1000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<bytes> [300..10000000] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> ssl

COMMAND:
ssl [allow-downgrade-to-plain-text]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] allow-downgrade-to-plain-text - Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text.


enable configure client-profile <name> message-vpn <vpn-name> ssl allow-downgrade-to-plain-text

COMMAND:
[no] allow-downgrade-to-plain-text
DESCRIPTION:
Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text.

The default value is allow-downgrade-to-plain-text.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure client-profile <name> message-vpn <vpn-name> tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter the "tcp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.
keepalive - Enter the "keepalive" mode.
[no] max-wnd - The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.
[no] mss - The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections.


enable configure client-profile <name> message-vpn <vpn-name> tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num-mss> [2..7826] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter the "keepalive" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num> [2..5] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [3..120] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [1..30] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num-kilo-bytes> [16..65536] - The value to set.


enable configure client-profile <name> message-vpn <vpn-name> tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<byte-count> [256..1460] - The value to set.


enable configure client-username

COMMAND:
[create | no] client-username <username> message-vpn <vpn-name>
DESCRIPTION:
Create, modify, or delete a Client Username.

A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<username> [1..189 chars] - The name of the Client Username.
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure client-username <username> message-vpn <vpn-name> acl-profile

COMMAND:
acl-profile <name>

no acl-profile

DESCRIPTION:
The ACL Profile of the Client Username.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure client-username <username> message-vpn <vpn-name> attribute

COMMAND:
[create | no] attribute <name> <value>
DESCRIPTION:
Create, modify, or delete a Client Username Attribute.

A ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - The name of the Attribute.
<value> [1..256 chars] - The value of the Attribute.


enable configure client-username <username> message-vpn <vpn-name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the Client Username.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure client-username <username> message-vpn <vpn-name> guaranteed-endpoint-permission-override

COMMAND:
[no] guaranteed-endpoint-permission-override
DESCRIPTION:
Enable or disable guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner.

The default value is no guaranteed-endpoint-permission-override.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-username <username> message-vpn <vpn-name> password

COMMAND:
password <password>

no password

DESCRIPTION:
The password for the Client Username.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<password> [0..128 chars] - The value to set.


enable configure client-username <username> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Client Username. When disabled, all clients currently connected as the Client Username are disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure client-username <username> message-vpn <vpn-name> subscription-manager

COMMAND:
[no] subscription-manager
DESCRIPTION:
Enable or disable the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames.

The default value is no subscription-manager.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure clock

COMMAND:
clock [set... | synchronization | timezone...]
DESCRIPTION:
Use this command to configure the system clock on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
set - Sets the system clock
synchronization - Use this command to configure the system synchronization on the router.
timezone - Sets the system time zone


enable configure clock set

COMMAND:
set <time> <day> <month> <year>
DESCRIPTION:
Sets the system clock

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<day> [1..31] - The current day by date
<month> [January | February | March | April | May | June | July | August | September | October | November | December] - The current month by name (e.g. January)
<time> [0..8 chars] - The current time in 24-hour format (hh:mm:ss)
<year> [1970..2037] - The current year, no abbreviation


enable configure clock synchronization

COMMAND:
synchronization [ntp-source... | protocol... | shutdown]
DESCRIPTION:
Use this command to configure the system synchronization on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] ntp-source - Use this command to add an NTP source for time synchronization on the broker. These sources are only relevant when using the NTP protocol and will be ignored otherwise.
[no] protocol - Set the synchronization protocol
[no] shutdown - Enable or disable clock synchronization


enable configure clock synchronization ntp-source

COMMAND:
[create | no] ntp-source <ip-addr>
DESCRIPTION:
Use this command to add an NTP source for time synchronization on the broker. These sources are only relevant when using the NTP protocol and will be ignored otherwise.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<ip-addr> [1..253 chars: ] - FQDN or IP address


enable configure clock synchronization ntp-source <ip-addr> nts

COMMAND:
[no] nts
DESCRIPTION:
Enable authentication for this source using the Network Time Security mechanism

The default value is no nts.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure clock synchronization ntp-source <ip-addr> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this NTP source for clock synchronization

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure clock synchronization protocol

COMMAND:
protocol {ntp | ptp}

no protocol

DESCRIPTION:
Set the synchronization protocol

The no version of the command returns its value to the default ("ntp").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
ntp - Use NTP for system clock synchronization.
ptp - Use PTP protocal for system clock synchronization.


enable configure clock synchronization shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable clock synchronization

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure clock timezone

COMMAND:
timezone <zone>
DESCRIPTION:
Sets the system time zone

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<zone> [0..32 chars] - The time zone name (e.g. EST, Europe/London, Etc/GMT-5). If unsure, use UTC or see 'show clock timezones' for list of supported time zones.


enable configure compression

COMMAND:
compression [mode...]
DESCRIPTION:
Use this command to set on a global basis the compression mode for data sent from routers. The router compression mode can be configured globally for data sent from the router to one of two types: optimized for size (the default) or optimized for speed. In general, optimized for size yields a higher compression ratio with lower throughput, while optimized for-speed yields a higher throughput with lower compression ratio.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
mode - This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio.


enable configure compression mode

COMMAND:
mode {optimize-for-size | optimize-for-speed}
DESCRIPTION:
This command is used to choose compression mode. optimize-for-size tends to yield higher compression ratio with lower throughput; optimize-for-speed tends to yield higher throughput with lower compression ratio.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
optimize-for-size - optimize-for-size tends to yield higher compression ratio with lower throughput.
optimize-for-speed - optimize-for-speed tends to yield higher throughput with lower compression ratio.


enable configure config-sync

COMMAND:
config-sync [authentication | client-profile | shutdown... | ssl | synchronize]
DESCRIPTION:
Enter Config-Sync configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
authentication - Enter authentication configuration mode
client-profile - Enter client-profile configuration mode
[no] shutdown - This command disables the Config-Sync feature.
[no] ssl - Enable use of encryption by config-sync. If enabled, config-sync connections initiated by this router will be encrypted, and all incoming config-sync connections must be encrypted. If disabled, config-sync connections initiated by this router will be plain-text and the incoming connection from the HA-mate must be plain-text, but the incoming connection from the DR-site may be plain-text or encrypted.

If enabled, and redundancy is enabled, a redundancy pre-shared-key must be configured in order for config-sync to be operational.

If enabled, this setting overrides the replication config-sync setting for encryption.
synchronize - Enter synchronization configuration mode.


enable configure config-sync authentication

COMMAND:
authentication [client-certificate]
DESCRIPTION:
Enter authentication configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
client-certificate - Enter client-certificate configuration mode


enable configure config-sync authentication client-certificate

COMMAND:
client-certificate [max-certificate-chain-depth... | validate-certificate-date]
DESCRIPTION:
Enter client-certificate configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] max-certificate-chain-depth - Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.


enable configure config-sync authentication client-certificate max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8


enable configure config-sync authentication client-certificate validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure config-sync client-profile

COMMAND:
client-profile [tcp]
DESCRIPTION:
Enter client-profile configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
tcp - Enter tcp configuration mode


enable configure config-sync client-profile tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter tcp configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] initial-cwnd - Configure the TCP initial congestion window size.
keepalive - Enter configuration of tcp keepalives.
[no] max-wnd - Configure the TCP maximum window size.
[no] mss - Configure the TCP maximum segment size.


enable configure config-sync client-profile tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
Configure the TCP initial congestion window size.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num-mss> [2..7826] - The size of the initial congestion window measured in number of MSS.


enable configure config-sync client-profile tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter configuration of tcp keepalives.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.


enable configure config-sync client-profile tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num> [2..5] - The maximum number of keepalive probes TCP should send before dropping the connection.


enable configure config-sync client-profile tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [3..120] - The time (in seconds) the connection needs to be idle before TCP starts sending keepalive probes.


enable configure config-sync client-profile tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [1..30] - The time (in seconds) between individual keepalive probes.


enable configure config-sync client-profile tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
Configure the TCP maximum window size.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<num-kilo-bytes> [16..65536] - The size of the maximum TCP window size in KB.


enable configure config-sync client-profile tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
Configure the TCP maximum segment size.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<byte-count> [256..1460] - The size in bytes of MSS.


enable configure config-sync shutdown

COMMAND:
shutdown

no shutdown

DESCRIPTION:
This command disables the Config-Sync feature.

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure config-sync ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable use of encryption by config-sync. If enabled, config-sync connections initiated by this router will be encrypted, and all incoming config-sync connections must be encrypted. If disabled, config-sync connections initiated by this router will be plain-text and the incoming connection from the HA-mate must be plain-text, but the incoming connection from the DR-site may be plain-text or encrypted.

If enabled, and redundancy is enabled, a redundancy pre-shared-key must be configured in order for config-sync to be operational.

If enabled, this setting overrides the replication config-sync setting for encryption.

The default value is no ssl.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure config-sync synchronize

COMMAND:
synchronize [username]
DESCRIPTION:
Enter synchronization configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] username - Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync.


enable configure config-sync synchronize username

COMMAND:
[no] username
DESCRIPTION:
Enable or disable the synchronizing of usernames. The transition from not synchronizing to synchronizing will cause the HA mate fall out of sync.

The default value is username.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure console

COMMAND:
console [baud-rate... | login-banner... | timeout...]
DESCRIPTION:
Use this command to configure console parameters on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
baud-rate - Configure the baud rate for the serial console port.
[no] login-banner - Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.

Example input for printing Hello World across 2 lines:
"Hello\nWorld"

Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.

Banners can be a maximum of 2048 characters in length.

The default banner is a product specific description.

The 'no' version of this command returns to the default login banner.
timeout - Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions.


enable configure console baud-rate

COMMAND:
baud-rate <baud-rate>
DESCRIPTION:
Configure the baud rate for the serial console port.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<baud-rate> [110 | 300 | 1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200] - Baud rate in bps.


enable configure console login-banner

COMMAND:
login-banner {text <banner-text> | file <file-name> | default}

no login-banner

DESCRIPTION:
Sets the login banner text for both ssh logins and serial console logins. This command accepts the usual CLI escape characters when entering the banner text directly on the command line. Use '\n' to insert new lines on the CLI. The file version of this command accepts a file name relative to the jail directory.

Example input for printing Hello World across 2 lines:
"Hello\nWorld"

Entering 'login-banner file myBannerFile' loads 'jail/myBannerFile'.

Banners can be a maximum of 2048 characters in length.

The default banner is a product specific description.

The 'no' version of this command returns to the default login banner.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<banner-text> [0..2048 chars] - Text to display on user logins
default - Use the product description as the banner text
file - Load the banner text from a file
<file-name> [0..255 chars] - Name of the file to load from the jail directory
text - Enter the banner text directly on the command line


enable configure console timeout

COMMAND:
timeout <idle-timeout>
DESCRIPTION:
Configure the console's inactivity timeout. This timeout is used as the default session timeout for all new CLI sessions.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<idle-timeout> [0..43200] - timeout value in minutes (0 to disable)


enable configure distributed-cache

COMMAND:
[no] distributed-cache <name> message-vpn <vpn-name>

create distributed-cache <name> message-vpn <vpn-name> [primary | backup | auto]

DESCRIPTION:
Create, modify, or delete a Distributed Cache.

A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Distributed Cache.
<vpn-name> [1..32 chars] - The name of the Message VPN.
auto - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
backup - The Distributed Cache is used for the backup virtual router.
primary - The Distributed Cache is used for the primary virtual router.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster

COMMAND:
[create | no] cache-cluster <name>
DESCRIPTION:
Create, modify, or delete a Cache Cluster.

A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Cache Cluster.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance

COMMAND:
[create | no] cache-instance <name>
DESCRIPTION:
Create, modify, or delete a Cache Instance.

A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Cache Instance.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> auto-start

COMMAND:
[no] auto-start
DESCRIPTION:
Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker.

The default value is no auto-start.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Cache Instance.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> cache-instance <name> stop-on-lost-message

COMMAND:
[no] stop-on-lost-message
DESCRIPTION:
Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages.

The default value is stop-on-lost-message.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> deliver-to-one-override

COMMAND:
[no] deliver-to-one-override
DESCRIPTION:
Enable or disable deliver-to-one override for the Cache Cluster.

The default value is deliver-to-one-override.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event

COMMAND:
event [data-byte-rate | data-message-rate | max-memory | max-topics | request-queue-depth | request-rate | response-rate]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
data-byte-rate - Enter the "data-byte-rate" mode.
data-message-rate - Enter the "data-message-rate" mode.
max-memory - Enter the "max-memory" mode.
max-topics - Enter the "max-topics" mode.
request-queue-depth - Enter the "request-queue-depth" mode.
request-rate - Enter the "request-rate" mode.
response-rate - Enter the "response-rate" mode.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate

COMMAND:
data-byte-rate [thresholds...]
DESCRIPTION:
Enter the "data-byte-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cached data incoming byte rate event, in bytes per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-byte-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cached data incoming byte rate event, in bytes per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate

COMMAND:
data-message-rate [thresholds...]
DESCRIPTION:
Enter the "data-message-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cached data incoming message rate event, in messages per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event data-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cached data incoming message rate event, in messages per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory

COMMAND:
max-memory [thresholds...]
DESCRIPTION:
Enter the "max-memory" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the memory usage per instance event, relative to `maxMemory`.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the memory usage per instance event, relative to `maxMemory`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics

COMMAND:
max-topics [thresholds...]
DESCRIPTION:
Enter the "max-topics" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the topics per instance event, relative to `maxTopicCount`.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event max-topics thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the topics per instance event, relative to `maxTopicCount`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth

COMMAND:
request-queue-depth [thresholds...]
DESCRIPTION:
Enter the "request-queue-depth" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the request queue depth event, relative to `maxRequestQueueDepth`.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-queue-depth thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the request queue depth event, relative to `maxRequestQueueDepth`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<set-value> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate

COMMAND:
request-rate [thresholds...]
DESCRIPTION:
Enter the "request-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cache request message rate event, in messages per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event request-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cache request message rate event, in messages per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate

COMMAND:
response-rate [thresholds...]
DESCRIPTION:
Enter the "response-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the cache response message rate event, in messages per second.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> event response-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the cache response message rate event, in messages per second.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching

COMMAND:
global-caching [heartbeat... | home-cache-cluster... | shutdown | topic-lifetime...]
DESCRIPTION:
Enter the "global-caching" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] heartbeat - The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters.
[create|no] home-cache-cluster - Create, modify, or delete a Home Cache Cluster.

A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.
[no] shutdown - Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters.
[no] topic-lifetime - The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching heartbeat

COMMAND:
heartbeat <seconds>

no heartbeat

DESCRIPTION:
The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [1..255] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster

COMMAND:
[create | no] home-cache-cluster <name>
DESCRIPTION:
Create, modify, or delete a Home Cache Cluster.

A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the remote Home Cache Cluster.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching home-cache-cluster <name> topic-prefix

COMMAND:
[no] topic-prefix <topic-prefix>
DESCRIPTION:
Create or delete a Topic Prefix.

A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic-prefix> [1..250 chars] - A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> global-caching topic-lifetime

COMMAND:
topic-lifetime <seconds>

no topic-lifetime

DESCRIPTION:
The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging.

The no version of the command returns its value to the default (3600).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..4294967295] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-memory

COMMAND:
max-memory <megabytes>

no max-memory

DESCRIPTION:
The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster.

The no version of the command returns its value to the default (2048).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<megabytes> [128..2147483647] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-messages-per-topic

COMMAND:
max-messages-per-topic <num-messages>

no max-messages-per-topic

DESCRIPTION:
The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-messages> [1..2147483647] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> max-topics

COMMAND:
max-topics <num-topics>

no max-topics

DESCRIPTION:
The maximum number of topics for each Cache Instance in the Cache Cluster.

The no version of the command returns its value to the default (2000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-topics> [1..4294967294] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> message-lifetime

COMMAND:
message-lifetime <seconds>

no message-lifetime

DESCRIPTION:
The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..4294967294] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> new-topic-advertisement

COMMAND:
[no] new-topic-advertisement
DESCRIPTION:
Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster.

The default value is no new-topic-advertisement.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> request-queue-depth

COMMAND:
request-queue-depth <num-messages>

no request-queue-depth

DESCRIPTION:
The maximum queue depth for cache requests received by the Cache Cluster.

The no version of the command returns its value to the default (100000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-messages> [1..200000] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Cache Cluster.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure distributed-cache <name> message-vpn <vpn-name> cache-cluster <name> topic

COMMAND:
[no] topic <topic-str>
DESCRIPTION:
Create or delete a Topic.

The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic-str> [1..250 chars] - The value of the Topic in the form a/b/c.


enable configure distributed-cache <name> message-vpn <vpn-name> heartbeat

COMMAND:
heartbeat <seconds>

no heartbeat

DESCRIPTION:
The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [3..60] - The value to set.


enable configure distributed-cache <name> message-vpn <vpn-name> scheduled-delete-message

COMMAND:
scheduled-delete-message [days <days-of-week> ] times <times-of-day>

no scheduled-delete-message

DESCRIPTION:
The schedule for deleting messages from the cache.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none".
<times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none"


enable configure distributed-cache <name> message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Distributed Cache.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure dns

COMMAND:
dns [name-server... | polled-domain-name... | search-domain-list...]
DESCRIPTION:
Use this command to enter Domain Name System (DNS) configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] name-server - Use this command to provision a DNS server. A maximum of 3 name servers is allowed. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. If no server is provided, all servers are de-provisioned.
[no] polled-domain-name - Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value.
[no] search-domain-list - The domain(s) to search for host-name lookups. If unset this defaults to the local domain name.


enable configure dns name-server

COMMAND:
name-server <ip-addr>

no name-server [<ip-addr> ]

DESCRIPTION:
Use this command to provision a DNS server. A maximum of 3 name servers is allowed. The "no" version de-provisions an existing DNS server and deletes all associated configuration values. If no server is provided, all servers are de-provisioned.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<ip-addr> [0..39 chars] - IP address


enable configure dns polled-domain-name

COMMAND:
polled-domain-name <domain-name>

no polled-domain-name

DESCRIPTION:
Configure the domain name that will be looked up periodically in order to determine the reachability of the name servers. By default, the configured domain name is "www.solace.com". The "no" version reverts the domain name to its default value.

The no version of the command returns its value to the default ("www.solace.com").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<domain-name> [1..256 chars] - The domain name looked-up in order to determine the status of the name servers


enable configure dns search-domain-list

COMMAND:
search-domain-list <domain-list>

no search-domain-list

DESCRIPTION:
The domain(s) to search for host-name lookups. If unset this defaults to the local domain name.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<domain-list> [1..255 chars] - The domains to search. A space separated list may be provided, with up to 6 domains with total length of 256 chars.


enable configure hardware

COMMAND:
hardware [disk... | message-spool | power-redundancy...]
DESCRIPTION:
Use this command to configure routing modules and disks on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
disk - Enable/disable hard disk
message-spool - Configure message spool hardware options
power-redundancy - Configure power-redundancy.


enable configure hardware disk

COMMAND:
disk <disk-name> [no-shutdown] [shutdown]
DESCRIPTION:
Enable/disable hard disk

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<disk-name> [1..4] - The name of the top disk is 1; and increments to the bottom slot.
no-shutdown - Enable the disk
shutdown - Disable the disk


enable configure hardware message-spool

COMMAND:
message-spool [defragment-spool-files | disk-array... | event | internal-disk | max-cache-usage... | max-spool-usage... | shutdown... | transaction | virtual-router-when-active-active...]
DESCRIPTION:
Configure message spool hardware options

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
defragment-spool-files - Enter message spool defragment-spool-files configuration mode.
[no] disk-array - Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.

This command only affects the system behavior if configured to spool to an external disk.

The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.
event - Enter message spool event configuration mode.
[no] internal-disk - Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.

This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.

This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.

internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".
[no] max-cache-usage - Configure guaranteed message cache usage limit.
[no] max-spool-usage - Configure message spool usage limit.
[no] shutdown - Enable/disable message-spooling for the router
transaction - Enter message spool transaction configuration mode.
[no] virtual-router-when-active-active - The High Availability role for this broker if using the legacy Active/Active configuration for high availability (not recommended). Note: for Active/Standby high availability configuration, this setting is ignored.


enable configure hardware message-spool defragment-spool-files

COMMAND:
defragment-spool-files [schedule | threshold]
DESCRIPTION:
Enter message spool defragment-spool-files configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
schedule - Enter message spool defragment-spool-files schedule configuration mode.
threshold - Enter message spool defragment-spool-files threshold configuration mode.


enable configure hardware message-spool defragment-spool-files schedule

COMMAND:
schedule [days... | shutdown | times...]
DESCRIPTION:
Enter message spool defragment-spool-files schedule configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] days - The days of the week to schedule defragmentation runs.
[no] shutdown - Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files.
[no] times - The times of the day to schedule defragmentation runs.


enable configure hardware message-spool defragment-spool-files schedule days

COMMAND:
days <days-of-week>

no days

DESCRIPTION:
The days of the week to schedule defragmentation runs.

The no version of the command returns its value to the default ("daily").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none".


enable configure hardware message-spool defragment-spool-files schedule shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure hardware message-spool defragment-spool-files schedule times

COMMAND:
times <times-of-day>

no times

DESCRIPTION:
The times of the day to schedule defragmentation runs.

The no version of the command returns its value to the default ("0:00").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none"


enable configure hardware message-spool defragment-spool-files threshold

COMMAND:
threshold [fragmentation-percentage... | min-interval... | shutdown | usage-percentage...]
DESCRIPTION:
Enter message spool defragment-spool-files threshold configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] fragmentation-percentage - Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%.
[no] min-interval - Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds.
[no] shutdown - Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files.
[no] usage-percentage - Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%.


enable configure hardware message-spool defragment-spool-files threshold fragmentation-percentage

COMMAND:
fragmentation-percentage <percentage>

no fragmentation-percentage

DESCRIPTION:
Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%.

The no version of the command returns its value to the default (50).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<percentage> [30..100] - The threshold as percent.


enable configure hardware message-spool defragment-spool-files threshold min-interval

COMMAND:
min-interval <interval>

no min-interval

DESCRIPTION:
Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds.

The no version of the command returns its value to the default (15).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<interval> [0..4294967295] - The minimum interval (in minutes).


enable configure hardware message-spool defragment-spool-files threshold shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure hardware message-spool defragment-spool-files threshold usage-percentage

COMMAND:
usage-percentage <percentage>

no usage-percentage

DESCRIPTION:
Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%.

The no version of the command returns its value to the default (50).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<percentage> [30..100] - The threshold as percent.


enable configure hardware message-spool disk-array

COMMAND:
disk-array wwn <wwn>

no disk-array

DESCRIPTION:
Configures the WWN number to use when accessing a LUN on an external disk array. The "no internal-disk" command must have been issued (ie system configured for accessing the external disk array) for the WWN valued to be relevant.

This command only affects the system behavior if configured to spool to an external disk.

The WWN number cannot be configured if the spooling is not shutdown and uses the disk array.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<wwn> [0..64 chars] - If the WWN is in NAA format it is either an 8 or 16 byte number represented as a string of hex characters separated by colons starting with 1,2,5 or 6.
For example:
50:00:2a:c0:00:f1:33:74
60:06:01:60:bf:51:12:00:9a:fb:40:97:83:3f:dc:11
If it is not in NAA format it can be any string without colons.


enable configure hardware message-spool event

COMMAND:
event [cache-usage | delivered-unacked | disk-usage | egress-flows | endpoints | ingress-flows | message-count | spool-files | spool-usage | transacted-session-resources | transacted-sessions | transactions]
DESCRIPTION:
Enter message spool event configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
cache-usage - Configure the event thresholds for the cache usage
delivered-unacked - Configure the event thresholds for the total number of delivered but unacked messages at system level.
disk-usage - Configure the event thresholds for the active disk partition usage at system level.
egress-flows - Configure the event thresholds for the egress flows at system level.
endpoints - Configure the event thresholds for the number of queues and topic endpoints at system level
ingress-flows - Configure the event thresholds for the ingress flows at system level.
message-count - Configure the event thresholds for the total number of spooled messages at system level.
spool-files - Configure the event thresholds for the spool files at system level.
spool-usage - Configure the event thresholds for the system level spool usage.
transacted-session-resources - Configure the event thresholds for the total number of transacted session resources at system level.
transacted-sessions - Configure the event thresholds for guaranteed data transacted sessions allowed at the system level.
transactions - Configure the event thresholds for guaranteed data transactions allowed at the system level.


enable configure hardware message-spool event cache-usage

COMMAND:
cache-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the cache usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly


enable configure hardware message-spool event cache-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the cache usage event, either as a percentage of max-cache-usage or as a usage directly

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-cache-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-cache-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event delivered-unacked

COMMAND:
delivered-unacked [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of delivered but unacked messages at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event delivered-unacked thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of delivered but unacked messages at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of delivered-unacked messages value


enable configure hardware message-spool event disk-usage

COMMAND:
disk-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the active disk partition usage at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event disk-usage thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the active disk partition usage at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the active disk partition usage value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the active disk partition usage value


enable configure hardware message-spool event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the egress flows at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count.


enable configure hardware message-spool event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of egress flows at system level event, either as a percentage of maximum number of egress flows at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of egress flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of egress flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event endpoints

COMMAND:
endpoints [thresholds...]
DESCRIPTION:
Configure the event thresholds for the number of queues and topic endpoints at system level

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count.


enable configure hardware message-spool event endpoints thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of endpoints at system level event, either as a percentage of maximum number of endpoints at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of queues and topic endpoints value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Configure the event thresholds for the ingress flows at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count.


enable configure hardware message-spool event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of ingress flows at system level event, either as a percentage of maximum number of ingress flows at system level, or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of ingress flows value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of ingress flows value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event message-count

COMMAND:
message-count [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of spooled messages at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event message-count thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of spool messages at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool messages value


enable configure hardware message-spool event spool-files

COMMAND:
spool-files [thresholds...]
DESCRIPTION:
Configure the event thresholds for the spool files at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event spool-files thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the number of spool files at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of spool files value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of spool files value


enable configure hardware message-spool event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the system level spool usage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB)


enable configure hardware message-spool event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level spool usage event, either as a percentage of max-spool-usage at system level, or as a count (in MB)

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-spool-usage value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-spool-usage value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event transacted-session-resources

COMMAND:
transacted-session-resources [thresholds...]
DESCRIPTION:
Configure the event thresholds for the total number of transacted session resources at system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit.


enable configure hardware message-spool event transacted-session-resources thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the transacted session resources at system level event as a percentage of the maximum system limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the maximum number of transacted-session-resources messages value


enable configure hardware message-spool event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transacted sessions allowed at the system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count.


enable configure hardware message-spool event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level guaranteed data transacted sessions event, either as a percentage of the system level max-transacted-sessions value or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transacted-sessions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transacted-sessions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Configure the event thresholds for guaranteed data transactions allowed at the system level.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count.


enable configure hardware message-spool event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the system level guaranteed data transactions event, either as a percentage of the system level max-transactions value or as a count.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the max-transactions value
<clear-value> [0..4294967295] - The clear value to be configured for this event as an absolute count
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the max-transactions value
<set-value> [0..4294967295] - The set value to be configured for this event as an absolute count


enable configure hardware message-spool internal-disk

COMMAND:
[no] internal-disk
DESCRIPTION:
Enable/disable use of the router's internal disk drive for message spooling. When disabled, an external disk array is used for message spooling.

This command is only allowed when spooling is shutdown. The operator must first "shutdown" message spooling before changing between internal and external disks.

This command is no allowed when there are messages spooled. The operator must first delete all spooled messages for all subscribers.

internal-disk cannot be enabled if redundancy is enabled on the router. The internal disk can only be used when redundacy is "shutdown".

The default value is no internal-disk.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure hardware message-spool max-cache-usage

COMMAND:
max-cache-usage <percent-usage>

no max-cache-usage

DESCRIPTION:
Configure guaranteed message cache usage limit.

The no version of the command returns its value to the default (10).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<percent-usage> [0..50] - Maximum percentage of the NAB's egress queueing resources that the guaranteed message cache is allowed to use


enable configure hardware message-spool max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
Configure message spool usage limit.

The no version of the command returns its value to the default (60000).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<size> [0..6000000] - Maximum spool usage in MB


enable configure hardware message-spool shutdown

COMMAND:
shutdown

no shutdown

DESCRIPTION:
Enable/disable message-spooling for the router

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure hardware message-spool transaction

COMMAND:
transaction [replication-compatibility-mode...]
DESCRIPTION:
Enter message spool transaction configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] replication-compatibility-mode - Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.


enable configure hardware message-spool transaction replication-compatibility-mode

COMMAND:
replication-compatibility-mode {legacy | transacted}

no replication-compatibility-mode

DESCRIPTION:
Configure/reset the replication compatibility mode for the router. When set to the legacy mode, all transactions originated by clients are replicated to the standby site without using transactions. When set to the transacted mode, all transactions originated by clients are replicated to the standby site using transactions. The no version of the command resets the value to its default value.
Changing this value during operation will not affect existing transactions. It is only validated upon starting a transaction.
Default: legacy.

The no version of the command returns its value to the default ("legacy").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
legacy - All transactions originated by clients are replicated to the standby site without using transactions.
transacted - All transactions originated by clients are replicated to the standby site using transactions.


enable configure hardware message-spool virtual-router-when-active-active

COMMAND:
virtual-router-when-active-active {primary | backup}

no virtual-router-when-active-active

DESCRIPTION:
The High Availability role for this broker if using the legacy Active/Active configuration for high availability (not recommended). Note: for Active/Standby high availability configuration, this setting is ignored.

The no version of the command returns its value to the default ("primary").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
backup - The backup virtual router.
primary - The primary virtual router.


enable configure hardware power-redundancy

COMMAND:
power-redundancy <type>
DESCRIPTION:
Configure power-redundancy.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<type> [1+1 | 1+2 | 2+2] - Expected power supply redundancy


enable configure hostname

COMMAND:
hostname <name> [defer]

no hostname [defer]

DESCRIPTION:
Config the host name.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart.
<name> [1..64 chars] - The hostname to assign to the router. Cannot start with "v:", which stands for virtual router. The "no" version of the command resets the host name to the default value (solace).


enable configure interface

COMMAND:
[create] interface <phy-interface> [<mode>]

no interface <phy-interface>

DESCRIPTION:
Use this command to enter interface configuration mode to configure ethernet or Link Aggregation Group (LAG) parameters for physical interfaces on routers, on an interface by interface basis.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<mode> [lacp | active-backup] - (lacp | active-backup)
Examples: "lacp", "active-backup"
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"
( no ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"
( create ) <phy-interface> [1..15 chars] - (chassis/lag1 | <cartridge>/<slot>/lag<N>)
Examples: "chassis/lag1", "1/6/lag1"


enable configure interface <phy-interface> lacp

COMMAND:
lacp [rate...]
DESCRIPTION:
Enter LACP configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
rate - Configure the rate at which the appliance requests LACP PDU from peers.


enable configure interface <phy-interface> lacp rate

COMMAND:
rate {fast | slow}
DESCRIPTION:
Configure the rate at which the appliance requests LACP PDU from peers.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
fast - Fast LACP PDU rate (1 second intervals).
slow - Slow LACP PDU rate (30 seconds intervals).


enable configure interface <phy-interface> member

COMMAND:
[no] member <phy-interface>
DESCRIPTION:
Add/remove LAG interface members

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure interface <phy-interface> primary-member

COMMAND:
primary-member <phy-interface>

no primary-member

DESCRIPTION:
Primary member for active-backup mode.

The no version of the command returns its value to the default (no primary-member configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure interface <phy-interface> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this interface

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure interface <phy-interface> traffic-shaping

COMMAND:
traffic-shaping [egress]
DESCRIPTION:
Enter traffic shaping configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
egress - Enter egress traffic shaping configuration.


enable configure interface <phy-interface> traffic-shaping egress

COMMAND:
egress [rate-limit... | shutdown]
DESCRIPTION:
Enter egress traffic shaping configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] rate-limit - The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value.
[no] shutdown - Enable or disable this interface


enable configure interface <phy-interface> traffic-shaping egress rate-limit

COMMAND:
rate-limit <mbps>

no rate-limit

DESCRIPTION:
The maximum sustained egress bit rate. Enables egress traffic shaping on this physical interface. Operational rates will not match exactly the configured rate. The operation rate limit is a product of CPU timing limitations, and will reflect the best available match without exceeding the configured value.

The no version of the command returns its value to the default (1000000000).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<mbps> [2..4294967295] - maximum sustained egress rate in mega bits per second


enable configure interface <phy-interface> traffic-shaping egress shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this interface

The default value is no shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ip

COMMAND:
ip [vrf...]
DESCRIPTION:
Use this command to configure IP VPN parameters on routers.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
vrf - Configure Virtual Routing and Forwarding instances


enable configure ip vrf

COMMAND:
vrf <name>
DESCRIPTION:
Configure Virtual Routing and Forwarding instances

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [0..12 chars] - VRF name


enable configure ip vrf <name> interface

COMMAND:
[create | no] interface <ip-interface> [primary | backup | static]
DESCRIPTION:
Add an IP interface to this VRF routing domain and configure it

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
backup - interface for backup virtual router
<ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"
primary - interface for primary virtual router
static - static interface irrespective of virtual router


enable configure ip vrf <name> interface <ip-interface> ip-address

COMMAND:
ip-address <cidr-addr>

no ip-address [<cidr-addr>]

DESCRIPTION:
Configure ip addresses

The no version of the command returns its value to the default (no ip-address configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<cidr-addr> [0..43 chars] - IP address/prefix length combination in CIDR form


enable configure ip vrf <name> interface <ip-interface> kerberos

COMMAND:
kerberos [service-principal-name...]
DESCRIPTION:
Configure kerberos attributes on the interface

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] service-principal-name - Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address


enable configure ip vrf <name> interface <ip-interface> kerberos service-principal-name

COMMAND:
service-principal-name <name>

no service-principal-name

DESCRIPTION:
Configure the Kerberos Service Principal Name (SPN) to be used for Kerberos connections established to this IP address

The no version of the command returns its value to the default (no service-principal-name configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [0..642 chars] - Kerberos Service Principal Name (SPN) of the form host/<fully-qualified-domain-name>@<Kerberos Realm>


enable configure ip vrf <name> interface <ip-interface> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Shutdown this IP interface

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ip vrf <name> route

COMMAND:
route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]

no route {default | default6 | <cidr-addr>} [<interface>]

DESCRIPTION:
Add/Delete IP routes

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<cidr-addr> [0..43 chars] - IP address/prefix length combination in CIDR form
default - default IPv4 route
default6 - default IPv6 route
<interface> [1..15 chars] - IP interface (for management VRF) or
physical interface (for msg-backbone VRF).
IP interface has format as
(eth<port>:<ip> | chassis/lag1:1
Examples: "eth1:1", "chassis/lag1:1"
Physical interface has format as
<cartridge>/<slot>/<port> |
<cartridge>/<slot>/lag<N>
Examples: "1/5/2", "1/6/lag1"
<ip-addr> [0..39 chars] - IP address


enable configure jndi

COMMAND:
jndi message-vpn <vpn-name>
DESCRIPTION:
Use this command to configure standard Java Naming and Directory Interface (JNDI) objects Connection Factory, Topic, and Queue on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN the JNDI is configured against.


enable configure jndi message-vpn <vpn-name> connection-factory

COMMAND:
[create | no] connection-factory <name>
DESCRIPTION:
Configure JNDI connection-factory object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The name of the JMS Connection Factory


enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list

COMMAND:
property-list <name>
DESCRIPTION:
Configure a property list of the object

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property-list name


enable configure jndi message-vpn <vpn-name> connection-factory <name> property-list <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the property-list

The default depends on the property name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure jndi message-vpn <vpn-name> queue

COMMAND:
[create | no] queue <name>
DESCRIPTION:
Configure JNDI queue object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Queue


enable configure jndi message-vpn <vpn-name> queue <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the object

The default depends on the property name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure jndi message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable/disable JNDI access for clients

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure jndi message-vpn <vpn-name> topic

COMMAND:
[create | no] topic <name>
DESCRIPTION:
Configure JNDI topic object

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..256 chars excluding *, ?, and spaces] - The JNDI name of the JMS Topic


enable configure jndi message-vpn <vpn-name> topic <name> property

COMMAND:
property <name> <value>

no property <name>

DESCRIPTION:
Configure a property of the object

The default depends on the property name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..64 chars] - Property name
<value> [0..256 chars] - Property value


enable configure logging

COMMAND:
logging [command... | debug... | event | facility | max-json-message-size... | millisecond-timestamp | retention...]
DESCRIPTION:
Enter logging configuration mode, to configure command and debug logging parameters

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] command - Configure command logging
[no] debug - Configure debug logging
event - Enter system event configuration.
facility - Enter logging facility configuration.
[no] max-json-message-size - Configure the maximum size for JSON format log messages.
[no] millisecond-timestamp - Enables millisecond in logging record timestamp. The no version resets back to default.
[no] retention - Configure the maximum size or maximum days that logs should retain


enable configure logging command

COMMAND:
command {cli | semp-mgmt | semp-msgbus | all} mode {shutdown | config-cmds | all-cmds}

no command {cli | semp-mgmt | semp-msgbus | all}

DESCRIPTION:
Configure command logging

The default is command "all mode config-cmds".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
all - Configure cli and semp command logging
all-cmds - Log all commands to the command log
cli - Configure cli command logging
config-cmds - Log only configuration commands
mode - Set the logging mode to one of the following:
semp-mgmt - Configure semp/mgmt command logging
semp-msgbus - Configure semp/msgbus command logging
shutdown - Do not log any commands


enable configure logging debug

COMMAND:
debug {<subsystem-id> | all} [level <level>] [mask <mask>]

no debug {<subsystem-id> | all}

DESCRIPTION:
Configure debug logging

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
all - Configure all Sub System IDs at once
<level> [UNKNOWN | DEBUG | INFO | WARN | ERROR | FATAL | OFF] - Change the logging level for given Sub System ID
<mask> [0..10 chars] - Change the mask for given Sub System ID
<subsystem-id> [0..50 chars] - Sub System ID


enable configure logging event

COMMAND:
event [publish-system | system-tag...]
DESCRIPTION:
Enter system event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] publish-system - Enable system level event message publishing. The no version of the command disables system level event message publishing.
[no] system-tag - Configure a tag string to prefix system publish events.


enable configure logging event publish-system

COMMAND:
[no] publish-system
DESCRIPTION:
Enable system level event message publishing. The no version of the command disables system level event message publishing.

The default value is no publish-system.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure logging event system-tag

COMMAND:
system-tag <tag-string>

no system-tag

DESCRIPTION:
Configure a tag string to prefix system publish events.

The no version of the command returns its value to the default (no system-tag configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<tag-string> [0..32 chars] - String with no whitespace, '?', '*', or quote chars.


enable configure logging facility

COMMAND:
facility [event | system]
DESCRIPTION:
Enter logging facility configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
event - Enter event facility configuration.
system - Enter system facility configuration.


enable configure logging facility event

COMMAND:
event [message-format...]
DESCRIPTION:
Enter event facility configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] message-format - Configure the event facility message format.


enable configure logging facility event message-format

COMMAND:
message-format {text | json}

no message-format

DESCRIPTION:
Configure the event facility message format.

The no version of the command returns its value to the default ("text").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure logging facility system

COMMAND:
system [message-format...]
DESCRIPTION:
Enter system facility configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] message-format - Configure the system facility message format.


enable configure logging facility system message-format

COMMAND:
message-format {text | json}

no message-format

DESCRIPTION:
Configure the system facility message format.

The no version of the command returns its value to the default ("text").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure logging max-json-message-size

COMMAND:
max-json-message-size <max-size>

no max-json-message-size

DESCRIPTION:
Configure the maximum size for JSON format log messages.

The no version of the command returns its value to the default (8192).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<max-size> [1024..8192] - The maximum size in bytes of JSON log messages. If a remote syslog destination is configured, the syslog header will be included.


enable configure logging millisecond-timestamp

COMMAND:
[no] millisecond-timestamp
DESCRIPTION:
Enables millisecond in logging record timestamp. The no version resets back to default.

The default value is no millisecond-timestamp.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure logging retention

COMMAND:
retention {days <max-num-days> | max-size }

no retention

DESCRIPTION:
Configure the maximum size or maximum days that logs should retain

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
days - Change the log retention policy to day based
<max-num-days> [2..90] - The maximum number of days that specified logfiles will be retained when space is available.
max-size - Set specified logfiles to be retained up to their maximum file sizes allowed by SolOS


enable configure management-message-vpn

COMMAND:
management-message-vpn <vpn-name>

no management-message-vpn

DESCRIPTION:
Designate this Message VPN as the management Message VPN for system level SEMP get requests and system level event publishing.

The no version of the command returns its value to the default (no management-message-vpn configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [0..32 chars] - The name of the message vpn to become the management message vpn


enable configure memory-event

COMMAND:
memory-event [nab-buffer-load-factor | subscriptions-load-factor | subscriptions-memory]
DESCRIPTION:
Use this command to configure the threshold values for memory usage events on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
nab-buffer-load-factor - Configure the event for NAB buffer load factor.
subscriptions-load-factor - Configure the event for subscriptions load factor.
subscriptions-memory - Configure the event for subscriptions memory utilization as percentage.


enable configure memory-event nab-buffer-load-factor

COMMAND:
nab-buffer-load-factor [thresholds...]
DESCRIPTION:
Configure the event for NAB buffer load factor.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the NAB buffer load factor event


enable configure memory-event nab-buffer-load-factor thresholds

COMMAND:
thresholds [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the NAB buffer load factor event

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the nab-buffer-load-factor value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the nab-buffer-load-factor value


enable configure memory-event subscriptions-load-factor

COMMAND:
subscriptions-load-factor [thresholds...]
DESCRIPTION:
Configure the event for subscriptions load factor.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the subscriptions load factor event


enable configure memory-event subscriptions-load-factor thresholds

COMMAND:
thresholds set-percentage <set-percentage> clear-percentage <clear-percentage>

no thresholds

DESCRIPTION:
Configure/reset thresholds for the subscriptions load factor event

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear value to be configured for this event as a percentage of the subscriptions-load-factor value
<set-percentage> [0..100] - The set value to be configured for this event as a percentage of the subscriptions-load-factor value


enable configure memory-event subscriptions-memory

COMMAND:
subscriptions-memory [thresholds...]
DESCRIPTION:
Configure the event for subscriptions memory utilization as percentage.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the subscriptions memory utilization event


enable configure memory-event subscriptions-memory thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the subscriptions memory utilization event

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..100] - The clear value to be configured for this event as a percentage of the subscriptions-memory value
<set-value> [0..100] - The set value to be configured for this event as a percentage of the subscriptions-memory value


enable configure message-spool

COMMAND:
message-spool message-vpn <vpn-name>
DESCRIPTION:
Use this command to configure message spool parameters for Guaranteed Messaging on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure message-spool message-vpn <vpn-name> event

COMMAND:
event [egress-flows | endpoints | ingress-flows | spool-usage | transacted-sessions | transactions]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress-flows - Enter the "egress-flows" mode.
endpoints - Enter the "endpoints" mode.
ingress-flows - Enter the "ingress-flows" mode.
spool-usage - Enter the "spool-usage" mode.
transacted-sessions - Enter the "transacted-sessions" mode.
transactions - Enter the "transactions" mode.


enable configure message-spool message-vpn <vpn-name> event egress-flows

COMMAND:
egress-flows [thresholds...]
DESCRIPTION:
Enter the "egress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the egress flow count event of the Message VPN, relative to max-egress-flows.


enable configure message-spool message-vpn <vpn-name> event egress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the egress flow count event of the Message VPN, relative to max-egress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event endpoints

COMMAND:
endpoints [thresholds...]
DESCRIPTION:
Enter the "endpoints" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Queues and Topic Endpoints count event of the Message VPN, relative to max-endpoints.


enable configure message-spool message-vpn <vpn-name> event endpoints thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Queues and Topic Endpoints count event of the Message VPN, relative to max-endpoints.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event ingress-flows

COMMAND:
ingress-flows [thresholds...]
DESCRIPTION:
Enter the "ingress-flows" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the ingress flow count event of the Message VPN, relative to max-ingress-flows.


enable configure message-spool message-vpn <vpn-name> event ingress-flows thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the ingress flow count event of the Message VPN, relative to max-ingress-flows.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Message VPN, relative to max-spool-usage.


enable configure message-spool message-vpn <vpn-name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Message VPN, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event transacted-sessions

COMMAND:
transacted-sessions [thresholds...]
DESCRIPTION:
Enter the "transacted-sessions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the transacted session count event of the Message VPN, relative to max-transacted-sessions.


enable configure message-spool message-vpn <vpn-name> event transacted-sessions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transacted session count event of the Message VPN, relative to max-transacted-sessions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> event transactions

COMMAND:
transactions [thresholds...]
DESCRIPTION:
Enter the "transactions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the transaction count event of the Message VPN, relative to max-transactions.


enable configure message-spool message-vpn <vpn-name> event transactions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the transaction count event of the Message VPN, relative to max-transactions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> max-egress-flows

COMMAND:
max-egress-flows <value>

no max-egress-flows

DESCRIPTION:
The maximum number of transmit flows that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-endpoints

COMMAND:
max-endpoints <value>

no max-endpoints

DESCRIPTION:
The maximum number of Queues and Topic Endpoints that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-ingress-flows

COMMAND:
max-ingress-flows <value>

no max-ingress-flows

DESCRIPTION:
The maximum number of receive flows that can be created in the Message VPN.

The no version of the command returns its value to the default (16000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage by the Message VPN, in megabytes.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-transacted-sessions

COMMAND:
max-transacted-sessions <value>

no max-transacted-sessions

DESCRIPTION:
The maximum number of transacted sessions that can be created in the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..100000] - The value to set.


enable configure message-spool message-vpn <vpn-name> max-transactions

COMMAND:
max-transactions <value>

no max-transactions

DESCRIPTION:
The maximum number of transactions that can be created in the Message VPN.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..100000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue

COMMAND:
queue <name>

create queue <name>

no queue <name>

DESCRIPTION:
Create, modify, or delete a Queue.

A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..200 chars] - The name of the Queue.
<seconds>*2
<size>*2
<value>*10
<value>*11
<value>*12
<value>*13
<value>*14
<value>*15
<value>*16
<value>*17
<value>*18
<value>*2
<value>*3
<value>*4
<value>*5
<value>*6
<value>*7
<value>*8
<value>*9


enable configure message-spool message-vpn <vpn-name> queue <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to consumer flows bound to the Queue.

The no version of the command returns its value to the default ("exclusive").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.


enable configure message-spool message-vpn <vpn-name> queue <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Queue.

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> delivery-count

COMMAND:
[no] delivery-count
DESCRIPTION:
Enable or disable the ability for client applications to query the message delivery count of messages received from the Queue. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case.

The default value is no delivery-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> delivery-delay

COMMAND:
delivery-delay <delay>

no delivery-delay

DESCRIPTION:
The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<delay> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to max-bind-count.


enable configure message-spool message-vpn <vpn-name> queue <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Queue consumer flows event, relative to max-bind-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Enter the "reject-low-priority-msg-limit" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.


enable configure message-spool message-vpn <vpn-name> queue <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.


enable configure message-spool message-vpn <vpn-name> queue <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Queue.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Queue.

The no version of the command returns its value to the default (10000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the Queue, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (5000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username that owns the Queue and has permission equivalent to "delete".

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<owner> [0..189 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> partition

COMMAND:
partition [count... | rebalance]
DESCRIPTION:
Enter the "partition" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] count - The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions.
rebalance - Enter the "rebalance" mode.


enable configure message-spool message-vpn <vpn-name> queue <name> partition count

COMMAND:
count <num-partitions>

no count

DESCRIPTION:
The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-partitions> [0..1000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> partition rebalance

COMMAND:
rebalance [delay... | max-handoff-time...]
DESCRIPTION:
Enter the "rebalance" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] delay - The delay (in seconds) before a partition rebalance is started once needed.
[no] max-handoff-time - The maximum time (in seconds) to wait before handing off a partition while rebalancing.


enable configure message-spool message-vpn <vpn-name> queue <name> partition rebalance delay

COMMAND:
delay <seconds>

no delay

DESCRIPTION:
The delay (in seconds) before a partition rebalance is started once needed.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> partition rebalance max-handoff-time

COMMAND:
max-handoff-time <seconds>

no max-handoff-time

DESCRIPTION:
The maximum time (in seconds) to wait before handing off a partition while rebalancing.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all consumers of the Queue, excluding the owner.

The no version of the command returns its value to the default ("no-access").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
all - Apply to all other users excluding the owner.
consume - Consume (read and remove) messages.
delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
modify-topic - Consume messages or modify the topic/selector.
no-access - Disallows all access.
read-only - Read-only access to the messages.


enable configure message-spool message-vpn <vpn-name> queue <name> redelivery

COMMAND:
[no] redelivery
DESCRIPTION:
Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the queue more than once.

The default value is redelivery.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay

COMMAND:
redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]
DESCRIPTION:
Enter the "redelivery-delay" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
[no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
[no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
[no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.


enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay initial-interval

COMMAND:
initial-interval <value>

no initial-interval

DESCRIPTION:
The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..3600000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay max-interval

COMMAND:
max-interval <value>

no max-interval

DESCRIPTION:
The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.

The no version of the command returns its value to the default (64000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..10800000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay multiplier

COMMAND:
multiplier <value>

no multiplier

DESCRIPTION:
The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.

The no version of the command returns its value to the default ("2.00").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..4 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> redelivery-delay shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable whether to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> queue <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). Regardless of this setting, message priority is not respected when browsing the queue, when the queue is used by a bridge, or if the queue is partitioned.

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the transmission of messages from the Queue and the reception of messages to the Queue.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress - Enable the reception of messages to the Queue.
full - Enable transmission of messages from the Queue and the reception of messages to the Queue.
ingress - Enable the transmission of messages from the Queue.
( no ) egress - Disable the reception of messages to the Queue.
( no ) full - Disable transmission of messages from the Queue and the reception of messages to the Queue.
( no ) ingress - Disable the transmission of messages from the Queue.


enable configure message-spool message-vpn <vpn-name> queue <name> subscription

COMMAND:
[no] subscription topic <topic>
DESCRIPTION:
Create or delete a Queue Subscription.

One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - The topic of the Subscription.


enable configure message-spool message-vpn <vpn-name> queue-template

COMMAND:
[create | no] queue-template <name>
DESCRIPTION:
Create, modify, or delete a Queue Template.

A Queue Template provides a mechanism for specifying the initial state for client created queues.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..255 chars] - The name of the Queue Template.


enable configure message-spool message-vpn <vpn-name> queue-template <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to consumer flows.

The no version of the command returns its value to the default ("exclusive").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.


enable configure message-spool message-vpn <vpn-name> queue-template <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue-template <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ).

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> delivery-delay

COMMAND:
delivery-delay <delay>

no delivery-delay

DESCRIPTION:
The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. This attribute does not apply to MQTT queues created from this template, but it may apply in future releases. Therefore, to maintain forward compatibility, do not set this value on templates that might be used for MQTT queues.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<delay> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> durability-override

COMMAND:
durability-override {none | non-durable}

no durability-override

DESCRIPTION:
Controls the durability of queues created from this template. If non-durable, the created queue will be non-durable, regardless of the specified durability. If none, the created queue will have the requested durability.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
non-durable - The durability of the created queue will be non-durable, regardless of what was requested.
none - The durability of the endpoint will be as requested on create.


enable configure message-spool message-vpn <vpn-name> queue-template <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-spool message-vpn <vpn-name> queue-template <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to max-bind-count.


enable configure message-spool message-vpn <vpn-name> queue-template <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Queue consumer flows event, relative to max-bind-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..10000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..10000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue-template <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Enter the "reject-low-priority-msg-limit" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.


enable configure message-spool message-vpn <vpn-name> queue-template <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to reject-low-priority-msg-limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue-template <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB)


enable configure message-spool message-vpn <vpn-name> queue-template <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Configure/reset thresholds for the queue spool usage event, either as a percentage of queue max-spool-usage or as a count (in MB)

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..6000000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..6000000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> queue-template <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow.

The no version of the command returns its value to the default (10000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (5000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in a Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> name-filter

COMMAND:
name-filter <name-filter>

no name-filter

DESCRIPTION:
A pattern used to determine which Queues use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/).

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name-filter> [0..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all consumers, excluding the owner.

The no version of the command returns its value to the default ("no-access").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
all - Apply to all other users excluding the owner.
consume - Consume (read and remove) messages.
delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
modify-topic - Consume messages or modify the topic/selector.
no-access - Disallows all access.
read-only - Read-only access to the messages.


enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery

COMMAND:
[no] redelivery
DESCRIPTION:
Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the queue more than once.

The default value is redelivery.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay

COMMAND:
redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]
DESCRIPTION:
Enter the "redelivery-delay" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
[no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
[no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
[no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.


enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay initial-interval

COMMAND:
initial-interval <value>

no initial-interval

DESCRIPTION:
The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..3600000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay max-interval

COMMAND:
max-interval <value>

no max-interval

DESCRIPTION:
The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.

The no version of the command returns its value to the default (64000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..10800000] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay multiplier

COMMAND:
multiplier <value>

no multiplier

DESCRIPTION:
The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.

The no version of the command returns its value to the default ("2.00").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..4 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> redelivery-delay shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue-template <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue-template <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> queue-template <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> queue-template <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest).

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> queue-template <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> replay-log

COMMAND:
[create | no] replay-log <name>
DESCRIPTION:
Create, modify, or delete a Replay Log.

When the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
global/mesh-manager is required for "create replay-log" and "no replay-log".
PARAMETERS:
<name> [1..185 chars] - The name of the Replay Log.


enable configure message-spool message-vpn <vpn-name> replay-log <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> replay-log <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the transmission of messages from the Replay Log and the reception of messages to the Replay Log.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
egress - Enable the reception of messages to the Replay Log.
full - Enable transmission of messages from the Replay Log and the reception of messages to the Replay Log.
ingress - Enable the transmission of messages from the Replay Log.
( no ) egress - Disable the reception of messages to the Replay Log.
( no ) full - Disable transmission of messages from the Replay Log and the reception of messages to the Replay Log.
( no ) ingress - Disable the transmission of messages from the Replay Log.


enable configure message-spool message-vpn <vpn-name> replay-log <name> topic-filter

COMMAND:
topic-filter [shutdown | subscription...]
DESCRIPTION:
Enter the "topic-filter" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable topic filtering for the Replay Log.
[create|no] subscription - Create, modify, or delete a Topic Filter Subscription.

One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.


enable configure message-spool message-vpn <vpn-name> replay-log <name> topic-filter shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable topic filtering for the Replay Log.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> replay-log <name> topic-filter subscription

COMMAND:
[create | no] subscription <topic>
DESCRIPTION:
Create, modify, or delete a Topic Filter Subscription.

One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - The topic of the Subscription.


enable configure message-spool message-vpn <vpn-name> sequenced-topic

COMMAND:
[no] sequenced-topic <topic>
DESCRIPTION:
Create or delete a Sequenced Topic.

A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - Topic for applying sequence numbers.


enable configure message-spool message-vpn <vpn-name> topic-endpoint

COMMAND:
topic-endpoint <name>

create topic-endpoint <name>

no topic-endpoint <name>

DESCRIPTION:
Create, modify, or delete a Topic Endpoint.

A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..250 chars] - The name of the Topic Endpoint.
<size>*2
<value>*10
<value>*11
<value>*12
<value>*13
<value>*14
<value>*15
<value>*16
<value>*17
<value>*18
<value>*19
<value>*2
<value>*20
<value>*3
<value>*4
<value>*5
<value>*6
<value>*7
<value>*8
<value>*9


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to consumer flows bound to the Topic Endpoint.

The no version of the command returns its value to the default ("exclusive").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin fashion.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Topic Endpoint.

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> delivery-count

COMMAND:
[no] delivery-count
DESCRIPTION:
Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case.

The default value is no delivery-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> delivery-delay

COMMAND:
delivery-delay <delay>

no delivery-delay

DESCRIPTION:
The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<delay> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Enter the "reject-low-priority-msg-limit" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Topic Endpoint.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint.

The no version of the command returns its value to the default (10000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the Topic Endpoint, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (5000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Topic Endpoint when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The Client Username which owns the Topic Endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<owner> [0..189 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all consumers of the Topic Endpoint, excluding the owner.

The no version of the command returns its value to the default ("no-access").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
all - Apply to all other users excluding the owner.
consume - Consume (read and remove) messages.
delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
modify-topic - Consume messages or modify the topic/selector.
no-access - Disallows all access.
read-only - Read-only access to the messages.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery

COMMAND:
[no] redelivery
DESCRIPTION:
Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the topic-endpoint more than once.

The default value is redelivery.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay

COMMAND:
redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]
DESCRIPTION:
Enter the "redelivery-delay" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
[no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
[no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
[no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay initial-interval

COMMAND:
initial-interval <value>

no initial-interval

DESCRIPTION:
The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..3600000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay max-interval

COMMAND:
max-interval <value>

no max-interval

DESCRIPTION:
The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.

The no version of the command returns its value to the default (64000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..10800000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay multiplier

COMMAND:
multiplier <value>

no multiplier

DESCRIPTION:
The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.

The no version of the command returns its value to the default ("2.00").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..4 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> redelivery-delay shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable if low priority messages are subject to reject-low-priority-msg-limit checking. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable whether to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.

The default value is no reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest).

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint <name> shutdown

COMMAND:
[no] shutdown [ingress | egress | full]
DESCRIPTION:
Enable or disable the transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
egress - Enable the reception of messages to the Topic Endpoint.
full - Enable transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint.
ingress - Enable the transmission of messages from the Topic Endpoint.
( no ) egress - Disable the reception of messages to the Topic Endpoint.
( no ) full - Disable transmission of messages from the Topic Endpoint and the reception of messages to the Topic Endpoint.
( no ) ingress - Disable the transmission of messages from the Topic Endpoint.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template

COMMAND:
[create | no] topic-endpoint-template <name>
DESCRIPTION:
Create, modify, or delete a Topic Endpoint Template.

A Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..255 chars] - The name of the Topic Endpoint Template.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> access-type

COMMAND:
access-type {exclusive | non-exclusive}

no access-type

DESCRIPTION:
The access type for delivering messages to consumer flows.

The no version of the command returns its value to the default ("exclusive").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
exclusive - Exclusive delivery of messages to the first bound consumer flow.
non-exclusive - Non-exclusive delivery of messages to bound consumer flows in a round-robin fashion.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ).

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> delivery-delay

COMMAND:
delivery-delay <delay>

no delivery-delay

DESCRIPTION:
The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<delay> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter bind-count event configuration.
reject-low-priority-msg-limit - Configure the event thresholds for reject-low-priority-msg-limit
spool-usage - Configure the event thresholds for the queue template spool usage


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter bind-count event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Topic Endpoint consumer flows event, relative to max-bind-count.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..10000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..10000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Configure the event thresholds for reject-low-priority-msg-limit

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to reject-low-priority-msg-limit.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Configure the event thresholds for the queue template spool usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Topic Endpoint, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..6000000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..6000000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow.

The no version of the command returns its value to the default (10000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (5000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Topic Endpoint when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> name-filter

COMMAND:
name-filter <name-filter>

no name-filter

DESCRIPTION:
A pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/).

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name-filter> [0..200 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> permission

COMMAND:
permission all {no-access | read-only | consume | modify-topic | delete}

no permission

DESCRIPTION:
The permission level for all consumers, excluding the owner.

The no version of the command returns its value to the default ("no-access").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
all - Apply to all other users excluding the owner.
consume - Consume (read and remove) messages.
delete - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
modify-topic - Consume messages or modify the topic/selector.
no-access - Disallows all access.
read-only - Read-only access to the messages.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery

COMMAND:
[no] redelivery
DESCRIPTION:
Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max-redelivery. When disabled, the message will never be delivered from the topic-endpoint more than once.

The default value is redelivery.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay

COMMAND:
redelivery-delay [initial-interval... | max-interval... | multiplier... | shutdown]
DESCRIPTION:
Enter the "redelivery-delay" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] initial-interval - The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.
[no] max-interval - The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.
[no] multiplier - The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.
[no] shutdown - Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay initial-interval

COMMAND:
initial-interval <value>

no initial-interval

DESCRIPTION:
The delay to be used between the first 2 redelivery attempts. This value is in milliseconds.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..3600000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay max-interval

COMMAND:
max-interval <value>

no max-interval

DESCRIPTION:
The maximum delay to be used between any 2 redelivery attempts. This value is in milliseconds. Due to technical limitations, some redelivery attempt delays may slightly exceed this value.

The no version of the command returns its value to the default (64000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..10800000] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay multiplier

COMMAND:
multiplier <value>

no multiplier

DESCRIPTION:
The amount each delay interval is multiplied by after each failed delivery attempt. This number is a floating point value between 1.00 and 5.00.

The no version of the command returns its value to the default ("2.00").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..4 chars] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> redelivery-delay shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible. When true, messages are redelivered according to the initial, max and multiplier. This should only be enabled when redelivery is enabled.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the reject-low-priority-msg-limit. This may only be enabled if reject-msg-to-sender-on-discard is also enabled.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages that are permitted before low priority messages are rejected.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.

The default value is no reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> respect-message-priority

COMMAND:
[no] respect-message-priority
DESCRIPTION:
Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest).

The default value is no respect-message-priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-spool message-vpn <vpn-name> topic-endpoint-template <name> respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn

COMMAND:
[create | no] message-vpn <vpn-name>
DESCRIPTION:
Create, modify, or delete a Message VPN.

Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
global/read-write is required for "create message-vpn" and "no message-vpn".
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN.


enable configure message-vpn <vpn-name> authentication

COMMAND:
authentication [basic | client-certificate | kerberos | oauth]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
basic - Enter the "basic" mode.
client-certificate - Enter the "client-certificate" mode.
kerberos - Enter the "kerberos" mode.
oauth - Enter the "oauth" mode.


enable configure message-vpn <vpn-name> authentication basic

COMMAND:
basic [auth-type... | radius-domain... | shutdown]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
auth-type - The authentication mechanism to be used for basic authentication of clients connecting to this Message VPN.
[no] radius-domain - The RADIUS domain to use for basic authentication.
[no] shutdown - Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable.


enable configure message-vpn <vpn-name> authentication basic auth-type

COMMAND:
auth-type {radius <radius-profile> | ldap <ldap-profile> | internal | none }
DESCRIPTION:
The authentication mechanism to be used for basic authentication of clients connecting to this Message VPN.

The default is auth-type "radius".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
internal - Internal database.
ldap - LDAP authentication.
<ldap-profile> [1..32 chars] - LDAP profile name.
none - No authentication.
radius - RADIUS authentication.
<radius-profile> [1..32 chars] - RADIUS profile name.


enable configure message-vpn <vpn-name> authentication basic radius-domain

COMMAND:
radius-domain <radius-domain>

no radius-domain

DESCRIPTION:
The RADIUS domain to use for basic authentication.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<radius-domain> [0..64 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication basic shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate

COMMAND:
client-certificate [allow-api-provided-username | matching-rules | max-certificate-chain-depth... | revocation-check-mode... | shutdown | username-source... | validate-certificate-date]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] allow-api-provided-username - Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used.
matching-rules - Enter the "matching-rules" mode.
[no] max-certificate-chain-depth - The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] revocation-check-mode - The desired behavior for client certificate revocation checking.
[no] shutdown - Enable or disable client certificate authentication for clients connecting to the Message VPN.
[no] username-source - The field from the client certificate to use as the client username.
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate.


enable configure message-vpn <vpn-name> authentication client-certificate allow-api-provided-username

COMMAND:
[no] allow-api-provided-username
DESCRIPTION:
Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used.

The default value is no allow-api-provided-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules

COMMAND:
matching-rules [rule... | shutdown]
DESCRIPTION:
Enter the "matching-rules" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[create|no] rule - Create, modify, or delete a Certificate Matching Rule.

A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.
[no] shutdown - Enable or disable certificate matching rules. When disabled, any valid certificate is accepted.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule

COMMAND:
[create | no] rule <name>
DESCRIPTION:
Create, modify, or delete a Certificate Matching Rule.

A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [1..64 chars] - The name of the rule.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> attribute-filter

COMMAND:
[create | no] attribute-filter <name>
DESCRIPTION:
Create, modify, or delete a Certificate Matching Rule Attribute Filter.

A Cert Matching Rule Attribute Filter compares a username attribute to a string.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [1..64 chars] - The name of the filter.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> attribute

COMMAND:
attribute <value>

no attribute

DESCRIPTION:
Client Username Attribute to be tested.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..64 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> value

COMMAND:
value <value>

no value

DESCRIPTION:
Expected attribute value.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..256 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> condition

COMMAND:
[create] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address} {{matches-attribute <attribute>} | {matches-expression <expression>}}

no condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address}

DESCRIPTION:
Create, modify, or delete a Certificate Matching Rule Condition.

A Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<attribute> [1..64 chars] - Client Username Attribute to be compared with certificate content.
certificate-thumbprint - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
common-name - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
common-name-last - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
dns-name - The attribute is extracted from the certificate's Subject Alt Name DNS Name.
<expression> [1..256 chars] - Glob expression to be matched with certificate content.
ip-address - The attribute is extracted from the certificate's Subject Alt Name IP Address.
issuer - The attribute is extracted from the certificate's Issuer DN.
org-unit - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.
org-unit-last - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.
serial-number - The attribute is extracted from the certificate's Serial Number.
subject - The attribute is extracted from the certificate's Subject DN.
subject-alternate-name-msupn - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
uid - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
uid-last - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules rule <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable a certificate matching rule.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate matching-rules shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable certificate matching rules. When disabled, any valid certificate is accepted.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<max-depth> [0..8] - The value to set.


enable configure message-vpn <vpn-name> authentication client-certificate revocation-check-mode

COMMAND:
revocation-check-mode <permission>

no revocation-check-mode

DESCRIPTION:
The desired behavior for client certificate revocation checking.

The no version of the command returns its value to the default ("allow-valid").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<permission> [allow-all | allow-unknown | allow-valid] - The value to set.

allow-all - Allow the client to authenticate, the result of client certificate revocation check is ignored.

allow-unknown - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.

allow-valid - Allow the client to authenticate only when the revocation check returned an explicit positive response.


enable configure message-vpn <vpn-name> authentication client-certificate shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable client certificate authentication for clients connecting to the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication client-certificate username-source

COMMAND:
username-source <source>

no username-source

DESCRIPTION:
The field from the client certificate to use as the client username.

The no version of the command returns its value to the default ("common-name").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<source> [certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last] - The value to set.

certificate-thumbprint - The username is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.

common-name - The username is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.

common-name-last - The username is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.

subject-alternate-name-msupn - The username is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.

uid - The username is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.

uid-last - The username is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.


enable configure message-vpn <vpn-name> authentication client-certificate validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication kerberos

COMMAND:
kerberos [allow-api-provided-username | shutdown]
DESCRIPTION:
Enter the "kerberos" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
[no] allow-api-provided-username - Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used.
[no] shutdown - Enable or disable Kerberos authentication for clients connecting to the Message VPN.


enable configure message-vpn <vpn-name> authentication kerberos allow-api-provided-username

COMMAND:
[no] allow-api-provided-username
DESCRIPTION:
Enable or disable allowing an incoming client connection to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used.

The default value is no allow-api-provided-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication kerberos shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Kerberos authentication for clients connecting to the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth

COMMAND:
oauth [default-profile... | profile... | shutdown]
DESCRIPTION:
Enter the "oauth" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
[no] default-profile - The name of the profile to use when the client does not supply a profile name.
[create|no] profile - Create, modify, or delete a OAuth Profile.

OAuth profiles specify how to securely authenticate to an OAuth provider.
[no] shutdown - Enable or disable OAuth authentication for clients connecting to the Message VPN.


enable configure message-vpn <vpn-name> authentication oauth default-profile

COMMAND:
default-profile <value>

no default-profile

DESCRIPTION:
The name of the profile to use when the client does not supply a profile name.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile

COMMAND:
[create | no] profile <profile>
DESCRIPTION:
Create, modify, or delete a OAuth Profile.

OAuth profiles specify how to securely authenticate to an OAuth provider.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<profile> [1..32 chars] - The name of the OAuth profile.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> authorization-groups-claim-name

COMMAND:
authorization-groups-claim-name <value>

no authorization-groups-claim-name

DESCRIPTION:
The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorizationType attribute of the Message VPN will be used to determine authorization.

The no version of the command returns its value to the default ("groups").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..100 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> authorization-groups-claim-string-format

COMMAND:
authorization-groups-claim-string-format {single | space-delimited}

no authorization-groups-claim-string-format

DESCRIPTION:
The format of the authorization groups claim value when it is a string.

The no version of the command returns its value to the default ("single").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
single - When the claim is a string, it is interpreted as as single group.
space-delimited - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> client

COMMAND:
client [required-claim... | required-type... | validate-type]
DESCRIPTION:
Configure OAuth client settings.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] required-claim - Create, modify, or delete a Required Claim.

Additional claims to be verified in the ID token.
[no] required-type - The required value for the TYP field in the ID token header.
[no] validate-type - Enable or disable verification of the TYP field in the ID token header.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> client required-claim

COMMAND:
[no] required-claim <name>

create required-claim <name> <value>

DESCRIPTION:
Create, modify, or delete a Required Claim.

Additional claims to be verified in the ID token.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..100 chars] - The name of the ID token claim to verify.
<value> - The required claim value.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> client required-type

COMMAND:
required-type <value>

no required-type

DESCRIPTION:
The required value for the TYP field in the ID token header.

The no version of the command returns its value to the default ("JWT").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> client validate-type

COMMAND:
[no] validate-type
DESCRIPTION:
Enable or disable verification of the TYP field in the ID token header.

The default value is validate-type.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> client-id

COMMAND:
client-id <value>

no client-id

DESCRIPTION:
The OAuth client id.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> client-secret

COMMAND:
client-secret <value>

no client-secret

DESCRIPTION:
The OAuth client secret.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..512 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> disconnect-on-token-expiration

COMMAND:
[no] disconnect-on-token-expiration
DESCRIPTION:
Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections.

The default value is disconnect-on-token-expiration.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints

COMMAND:
endpoints [discovery... | discovery-refresh-interval... | introspection... | introspection-timeout... | jwks... | jwks-refresh-interval... | userinfo... | userinfo-timeout...]
DESCRIPTION:
Configure OAuth endpoints.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] discovery - The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.
[no] discovery-refresh-interval - The number of seconds between discovery endpoint requests.
[no] introspection - The OAuth introspection endpoint.
[no] introspection-timeout - The maximum time in seconds a token introspection request is allowed to take.
[no] jwks - The OAuth JWKS endpoint.
[no] jwks-refresh-interval - The number of seconds between JWKS endpoint requests.
[no] userinfo - The OpenID Connect Userinfo endpoint.
[no] userinfo-timeout - The maximum time in seconds a userinfo request is allowed to take.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints discovery

COMMAND:
discovery <value>

no discovery

DESCRIPTION:
The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints discovery-refresh-interval

COMMAND:
discovery-refresh-interval <value>

no discovery-refresh-interval

DESCRIPTION:
The number of seconds between discovery endpoint requests.

The no version of the command returns its value to the default (86400).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [60..31536000] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints introspection

COMMAND:
introspection <value>

no introspection

DESCRIPTION:
The OAuth introspection endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints introspection-timeout

COMMAND:
introspection-timeout <value>

no introspection-timeout

DESCRIPTION:
The maximum time in seconds a token introspection request is allowed to take.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..60] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints jwks

COMMAND:
jwks <value>

no jwks

DESCRIPTION:
The OAuth JWKS endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints jwks-refresh-interval

COMMAND:
jwks-refresh-interval <value>

no jwks-refresh-interval

DESCRIPTION:
The number of seconds between JWKS endpoint requests.

The no version of the command returns its value to the default (86400).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [60..31536000] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints userinfo

COMMAND:
userinfo <value>

no userinfo

DESCRIPTION:
The OpenID Connect Userinfo endpoint.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> endpoints userinfo-timeout

COMMAND:
userinfo-timeout <value>

no userinfo-timeout

DESCRIPTION:
The maximum time in seconds a userinfo request is allowed to take.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..60] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> issuer

COMMAND:
issuer <value>

no issuer

DESCRIPTION:
The Issuer Identifier for the OAuth provider.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> mqtt-username-validate

COMMAND:
[no] mqtt-username-validate
DESCRIPTION:
Enable or disable whether the API provided MQTT client username will be validated against the username calculated from the token(s). When enabled, connection attempts by MQTT clients are rejected if they differ. Note that this value only applies to MQTT clients; SMF client usernames will not be validated.

The default value is no mqtt-username-validate.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> oauth-role

COMMAND:
oauth-role {client | resource-server}

no oauth-role

DESCRIPTION:
Configure whether the broker is acting as an OAuth client or an OAuth resource server.

The no version of the command returns its value to the default ("client").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
client - The broker is in the OAuth client role.
resource-server - The broker is in the OAuth resource server role.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> proxy

COMMAND:
proxy <proxy-name>

no proxy

DESCRIPTION:
The name of the proxy to use for discovery, user info, jwks, and introspection requests. Leave empty for no proxy.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<proxy-name> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server

COMMAND:
resource-server [parse-access-token | required-audience... | required-claim... | required-issuer... | required-scope... | required-type... | validate-audience | validate-issuer | validate-scope | validate-type]
DESCRIPTION:
Configure OAuth resource server settings.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] parse-access-token - Enable or disable parsing of the access token as a JWT.
[no] required-audience - The required audience value.
[create|no] required-claim - Create, modify, or delete a Required Claim.

Additional claims to be verified in the access token.
[no] required-issuer - The required issuer value.
[no] required-scope - A space-separated list of scopes that must be present in the scope claim.
[no] required-type - The required TYP value.
[no] validate-audience - Enable or disable verification of the audience claim in the access token or introspection response.
[no] validate-issuer - Enable or disable verification of the issuer claim in the access token or introspection response.
[no] validate-scope - Enable or disable verification of the scope claim in the access token or introspection response.
[no] validate-type - Enable or disable verification of the TYP field in the access token header.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server parse-access-token

COMMAND:
[no] parse-access-token
DESCRIPTION:
Enable or disable parsing of the access token as a JWT.

The default value is parse-access-token.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-audience

COMMAND:
required-audience <value>

no required-audience

DESCRIPTION:
The required audience value.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-claim

COMMAND:
[no] required-claim <name>

create required-claim <name> <value>

DESCRIPTION:
Create, modify, or delete a Required Claim.

Additional claims to be verified in the access token.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..100 chars] - The name of the access token claim to verify.
<value> - The required claim value.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-issuer

COMMAND:
required-issuer <value>

no required-issuer

DESCRIPTION:
The required issuer value.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-scope

COMMAND:
required-scope <value>

no required-scope

DESCRIPTION:
A space-separated list of scopes that must be present in the scope claim.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server required-type

COMMAND:
required-type <value>

no required-type

DESCRIPTION:
The required TYP value.

The no version of the command returns its value to the default ("at+jwt").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..200 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-audience

COMMAND:
[no] validate-audience
DESCRIPTION:
Enable or disable verification of the audience claim in the access token or introspection response.

The default value is validate-audience.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-issuer

COMMAND:
[no] validate-issuer
DESCRIPTION:
Enable or disable verification of the issuer claim in the access token or introspection response.

The default value is validate-issuer.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-scope

COMMAND:
[no] validate-scope
DESCRIPTION:
Enable or disable verification of the scope claim in the access token or introspection response.

The default value is validate-scope.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> resource-server validate-type

COMMAND:
[no] validate-type
DESCRIPTION:
Enable or disable verification of the TYP field in the access token header.

The default value is validate-type.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enables or disables this profile. Invoking "shutdown" disables the profile. Invoking "no shutdown" enables the profile.
Note: While the OAuth profile is shutdown, all users attempting to authenticate using this profile fail to authenticate.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authentication oauth profile <profile> username-claim-name

COMMAND:
username-claim-name <value>

no username-claim-name

DESCRIPTION:
The name of the username claim.

The no version of the command returns its value to the default ("sub").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..100 chars] - The value to set.


enable configure message-vpn <vpn-name> authentication oauth shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable OAuth authentication for clients connecting to the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authorization

COMMAND:
authorization [authorization-group... | authorization-type... | ldap]
DESCRIPTION:
Enter the "authorization" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] authorization-group - Create, modify, or delete a Authorization Group.

To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.
authorization-type - The authorization mechanism to be used for clients connecting to this Message VPN.
ldap - Enter the "ldap" mode.


enable configure message-vpn <vpn-name> authorization authorization-group

COMMAND:
[create | no] authorization-group <name>
DESCRIPTION:
Create, modify, or delete a Authorization Group.

To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..256 chars] - The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.


enable configure message-vpn <vpn-name> authorization authorization-group <name> acl-profile

COMMAND:
acl-profile <name>

no acl-profile

DESCRIPTION:
The ACL Profile of the Authorization Group.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure message-vpn <vpn-name> authorization authorization-group <name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the Authorization Group.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure message-vpn <vpn-name> authorization authorization-group <name> order

COMMAND:
order {before | after} <authorization-group-name>
DESCRIPTION:
Arrange the priority of this group relative to another group.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
after - Move current authorization group after existing authorization group name.
<authorization-group-name> [0..256 chars] - Authorization group name.
before - Move current authorization group before existing authorization group name.


enable configure message-vpn <vpn-name> authorization authorization-group <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Authorization Group in the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> authorization authorization-type

COMMAND:
authorization-type {ldap <ldap-profile> | internal }
DESCRIPTION:
The authorization mechanism to be used for clients connecting to this Message VPN.

The default is authorization-type "internal".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
internal - Use information from the internal client-username database to determine access.
ldap - LDAP authorization.
<ldap-profile> [1..32 chars] - LDAP profile name.


enable configure message-vpn <vpn-name> authorization ldap

COMMAND:
ldap [group-membership-attribute-name... | trim-client-username-domain]
DESCRIPTION:
Enter the "ldap" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] group-membership-attribute-name - The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN.
[no] trim-client-username-domain - Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed.


enable configure message-vpn <vpn-name> authorization ldap group-membership-attribute-name

COMMAND:
group-membership-attribute-name <attribute-name>

no group-membership-attribute-name

DESCRIPTION:
The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN.

The no version of the command returns its value to the default ("memberOf").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<attribute-name> [0..64 chars] - The value to set.


enable configure message-vpn <vpn-name> authorization ldap trim-client-username-domain

COMMAND:
[no] trim-client-username-domain
DESCRIPTION:
Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed.

The default value is no trim-client-username-domain.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> bridging

COMMAND:
bridging [ssl]
DESCRIPTION:
Enter the "bridging" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
ssl - Enter the "ssl" mode.


enable configure message-vpn <vpn-name> bridging ssl

COMMAND:
ssl [server-certificate-validation]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
server-certificate-validation - Enter the "server-certificate-validation" mode.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation

COMMAND:
server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]
DESCRIPTION:
Enter the "server-certificate-validation" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] max-certificate-chain-depth - The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates.
[no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<max-depth> [0..8] - The value to set.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> bridging ssl server-certificate-validation validate-server-name

COMMAND:
[no] validate-server-name
DESCRIPTION:
Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.

The default value is validate-server-name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> dynamic-message-routing

COMMAND:
dynamic-message-routing [dmr-bridge... | shutdown]
DESCRIPTION:
Enter the "dynamic-message-routing" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
[create|no] dmr-bridge - Create, modify, or delete a DMR Bridge.

A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.
[no] shutdown - Enable or disable Dynamic Message Routing (DMR) for the Message VPN.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge

COMMAND:
[create | no] dmr-bridge <remote-node-name>
DESCRIPTION:
Create, modify, or delete a DMR Bridge.

A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<remote-node-name> [1..64 chars] - The name of the node at the remote end of the DMR Bridge.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote

COMMAND:
remote [message-vpn...]
DESCRIPTION:
Enter the "remote" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] message-vpn - The remote Message VPN of the DMR Bridge.


enable configure message-vpn <vpn-name> dynamic-message-routing dmr-bridge <remote-node-name> remote message-vpn

COMMAND:
message-vpn <vpn-name>

no message-vpn

DESCRIPTION:
The remote Message VPN of the DMR Bridge.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<vpn-name> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> dynamic-message-routing shutdown

COMMAND:
shutdown

no shutdown

DESCRIPTION:
Enable or disable Dynamic Message Routing (DMR) for the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> event

COMMAND:
event [connections | egress-message-rate | ingress-message-rate | large-message-threshold... | log-tag... | publish-client | publish-message-vpn | publish-subscription... | publish-topic-format... | service | subscriptions]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.
egress-message-rate - Enter the "egress-message-rate" mode.
ingress-message-rate - Enter the "ingress-message-rate" mode.
[no] large-message-threshold - The threshold, in kilobytes, after which a message is considered to be large for the Message VPN.
[no] log-tag - A prefix applied to all published Events in the Message VPN.
[no] publish-client - Enable or disable Client level Event message publishing.
[no] publish-message-vpn - Enable or disable Message VPN level Event message publishing.
[no] publish-subscription - Enable or disable subscription level event message publishing. When enabling subscription level event message publishing, if the event topic format is not specified, it defaults to v1.
[no] publish-topic-format - Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.
service - Enter the "service" mode.
subscriptions - Enter the "subscriptions" mode.


enable configure message-vpn <vpn-name> event connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the client connection count event of the Message VPN, relative to max-connections.


enable configure message-vpn <vpn-name> event connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the client connection count event of the Message VPN, relative to max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event egress-message-rate

COMMAND:
egress-message-rate [thresholds...]
DESCRIPTION:
Enter the "egress-message-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the egress message rate event of the Message VPN.


enable configure message-vpn <vpn-name> event egress-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the egress message rate event of the Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event ingress-message-rate

COMMAND:
ingress-message-rate [thresholds...]
DESCRIPTION:
Enter the "ingress-message-rate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the receive message rate event of the Message VPN.


enable configure message-vpn <vpn-name> event ingress-message-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
The thresholds for the receive message rate event of the Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event large-message-threshold

COMMAND:
large-message-threshold <size>

no large-message-threshold

DESCRIPTION:
The threshold, in kilobytes, after which a message is considered to be large for the Message VPN.

The no version of the command returns its value to the default (1024).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> event log-tag

COMMAND:
log-tag <tag-string>

no log-tag

DESCRIPTION:
A prefix applied to all published Events in the Message VPN.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<tag-string> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> event publish-client

COMMAND:
[no] publish-client
DESCRIPTION:
Enable or disable Client level Event message publishing.

The default value is no publish-client.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> event publish-message-vpn

COMMAND:
[no] publish-message-vpn
DESCRIPTION:
Enable or disable Message VPN level Event message publishing.

The default value is no publish-message-vpn.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> event publish-subscription

COMMAND:
publish-subscription [no-unsubscribe-events-on-disconnect] [event-topic-format {v1 | v2}]

no publish-subscription

DESCRIPTION:
Enable or disable subscription level event message publishing. When enabling subscription level event message publishing, if the event topic format is not specified, it defaults to v1.

The default value is no publish-subscription.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
event-topic-format - Specify the format of the topic used for publishing the subscription event
no-unsubscribe-events-on-disconnect - Do not generate unsubscribe events for each of a client's subscriptions when the client disconnects
v1 - The publish topic is of form: #LOG/INFO/SUB_ADD|SUB_DEL/<subscribedTopic>
v2 - The publish topic is of form: #LOG/INFO/SUB/<routerName>/ADD|DEL/<vpnName>/<clientName>/<subscribedTopic>


enable configure message-vpn <vpn-name> event publish-topic-format

COMMAND:
publish-topic-format [smf] [mqtt]

no publish-topic-format

DESCRIPTION:
Choose the format used for event publishing. Two formats are supported:
SMF: #LOG/<log-level>/<event-specific-content>
MQTT: $SYS/LOG/<log-level>/<event-specific-content>
At least one format must be selected. If multiple formats are used event logs will be published on both topics.

The default is publish-topic-format "smf".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
mqtt - publish MQTT topic format
smf - publish SMF topic format


enable configure message-vpn <vpn-name> event service

COMMAND:
service [amqp | mqtt | rest | smf | web-transport]
DESCRIPTION:
Enter the "service" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
amqp - Enter the "amqp" mode.
mqtt - Enter the "mqtt" mode.
rest - Enter the "rest" mode.
smf - Enter the "smf" mode.
web-transport - Enter the "web-transport" mode.


enable configure message-vpn <vpn-name> event service amqp

COMMAND:
amqp [connections]
DESCRIPTION:
Enter the "amqp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service amqp connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the AMQP client connection count event of the Message VPN, relative to service amqp max-connections.


enable configure message-vpn <vpn-name> event service amqp connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the AMQP client connection count event of the Message VPN, relative to service amqp max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service mqtt

COMMAND:
mqtt [connections]
DESCRIPTION:
Enter the "mqtt" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service mqtt connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the MQTT client connection count event of the Message VPN, relative to service mqtt max-connections.


enable configure message-vpn <vpn-name> event service mqtt connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the MQTT client connection count event of the Message VPN, relative to service mqtt max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service rest

COMMAND:
rest [incoming]
DESCRIPTION:
Enter the "rest" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
incoming - Enter the "incoming" mode.


enable configure message-vpn <vpn-name> event service rest incoming

COMMAND:
incoming [connections]
DESCRIPTION:
Enter the "incoming" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service rest incoming connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the incoming REST client connection count event of the Message VPN, relative to service rest incoming max-connections.


enable configure message-vpn <vpn-name> event service rest incoming connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the incoming REST client connection count event of the Message VPN, relative to service rest incoming max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service smf

COMMAND:
smf [connections]
DESCRIPTION:
Enter the "smf" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service smf connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the SMF client connection count event of the Message VPN, relative to service smf max-connections.


enable configure message-vpn <vpn-name> event service smf connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the SMF client connection count event of the Message VPN, relative to service smf max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event service web-transport

COMMAND:
web-transport [connections]
DESCRIPTION:
Enter the "web-transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections - Enter the "connections" mode.


enable configure message-vpn <vpn-name> event service web-transport connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter the "connections" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Web Transport client connection count event of the Message VPN, relative to service web-transport max-connections.


enable configure message-vpn <vpn-name> event service web-transport connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Web Transport client connection count event of the Message VPN, relative to service web-transport max-connections.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> event subscriptions

COMMAND:
subscriptions [thresholds...]
DESCRIPTION:
Enter the "subscriptions" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the subscription count event of the Message VPN, relative to max-subscriptions.


enable configure message-vpn <vpn-name> event subscriptions thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the subscription count event of the Message VPN, relative to max-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> export-policy

COMMAND:
export-policy [export-subscriptions]
DESCRIPTION:
Enter the "export-policy" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] export-subscriptions - Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links.


enable configure message-vpn <vpn-name> export-policy export-subscriptions

COMMAND:
[no] export-subscriptions
DESCRIPTION:
Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links.

The default value is no export-subscriptions.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of client connections to the Message VPN.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> max-subscriptions

COMMAND:
max-subscriptions <value>

no max-subscriptions

DESCRIPTION:
The maximum number of local subscriptions that can be added to the Message VPN.

The no version of the command returns its value to the default (5000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> mqtt

COMMAND:
mqtt [mqtt-session... | retain]
DESCRIPTION:
Enter the "mqtt" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] mqtt-session - Create, modify, or delete a MQTT Session.

An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).
retain - Enter the "retain" mode.


enable configure message-vpn <vpn-name> mqtt mqtt-session

COMMAND:
mqtt-session <client-id> [primary | backup | auto]

create mqtt-session <client-id> [primary | backup | auto]

no mqtt-session <client-id> [primary | backup | auto]

DESCRIPTION:
Create, modify, or delete a MQTT Session.

An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
auto - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
backup - The MQTT Session belongs to the backup virtual router.
<client-id> [1..128 chars] - The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.
primary - The MQTT Session belongs to the primary virtual router.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> owner

COMMAND:
owner <owner>

no owner

DESCRIPTION:
The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<owner> [0..189 chars] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue

COMMAND:
[create | no] queue
DESCRIPTION:
Enter the configuration mode for the mqtt-session queue.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue consumer-ack-propagation

COMMAND:
[no] consumer-ack-propagation
DESCRIPTION:
Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN.

The default value is consumer-ack-propagation.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the MQTT Session Queue.

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event

COMMAND:
event [bind-count | reject-low-priority-msg-limit | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
reject-low-priority-msg-limit - Enter the "reject-low-priority-msg-limit" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - Thresholds for the high number of the MQTT Session Queue Consumers Event, relative to `queueMaxBindCount`.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
Thresholds for the high number of the MQTT Session Queue Consumers Event, relative to `queueMaxBindCount`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit [thresholds...]
DESCRIPTION:
Enter the "reject-low-priority-msg-limit" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The threshold for the maximum allowed number of any priority messages queued in the MQTT Session Queue, relative to `queueRejectLowPriorityMsgLimit`.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event reject-low-priority-msg-limit thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The threshold for the maximum allowed number of any priority messages queued in the MQTT Session Queue, relative to `queueRejectLowPriorityMsgLimit`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The threshold for the Message Spool usage event of the MQTT Session Queue, relative to `queueMaxMsgSpoolUsage`.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The threshold for the Message Spool usage event of the MQTT Session Queue, relative to `queueMaxMsgSpoolUsage`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the MQTT Session Queue.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the MQTT Session Queue.

The no version of the command returns its value to the default (10000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-message-size

COMMAND:
max-message-size <size>

no max-message-size

DESCRIPTION:
The maximum message size allowed in the MQTT Session Queue, in bytes (B).

The no version of the command returns its value to the default (10000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..30000000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the MQTT Session Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..255] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the MQTT Session Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.

The no version of the command returns its value to the default (5000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<size> [0..6000000] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the MQTT Session Queue when `queueRespectTtlEnabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queueMaxTtl` configured for the MQTT Session Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg

COMMAND:
[no] reject-low-priority-msg
DESCRIPTION:
Enable or disable the checking of low priority messages against the `queueRejectLowPriorityMsgLimit`. This may only be enabled if `queueRejectMsgToSenderOnDiscardBehavior` does not have a value of `"never"`.

The default value is no reject-low-priority-msg.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-low-priority-msg-limit

COMMAND:
reject-low-priority-msg-limit <limit>

no reject-low-priority-msg-limit

DESCRIPTION:
The number of messages of any priority in the MQTT Session Queue above which low priority messages are not admitted but higher priority messages are allowed.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<limit> [0..4294967295] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> queue respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the MQTT Session Queue. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription

COMMAND:
[create | no] subscription <topic>
DESCRIPTION:
Create, modify, or delete a Subscription.

An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - The MQTT subscription topic.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription <topic> qos

COMMAND:
qos <qos-value>

no qos

DESCRIPTION:
The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<qos-value> [0..1] - The value to set.


enable configure message-vpn <vpn-name> mqtt mqtt-session <client-id> subscription-list

COMMAND:
subscription-list qos <qos-value> [<topic-list>]
DESCRIPTION:
Create or delete multiple subscriptions for the MQTT Session. MQTT topic syntax is expected. The QoS value is either 0 (deliver at most once) or 1 (deliver at least once). When creating subscriptions (with +), the QoS of an existing subscription with the same topic will be changed to the new QoS value. When deleting subscriptions (with -), the QoS of each existing subscription must match for it to be removed.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<qos-value> [0..1] - Quality of service for the subscriptions
<topic-list> [2..251 chars starting with + or -] - List of +/- MQTT topics, space separated. Maximum of 32 topics.


enable configure message-vpn <vpn-name> mqtt retain

COMMAND:
retain [cache... | max-memory...]
DESCRIPTION:
Enter the "retain" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] cache - Create, modify, or delete a MQTT Retain Cache.

Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.
[no] max-memory - The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational.


enable configure message-vpn <vpn-name> mqtt retain cache

COMMAND:
[create | no] cache <cache-name>
DESCRIPTION:
Create, modify, or delete a MQTT Retain Cache.

Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cache-name> [1..64 chars] - The name of the MQTT Retain Cache.


enable configure message-vpn <vpn-name> mqtt retain cache <cache-name> message-lifetime

COMMAND:
message-lifetime <seconds>

no message-lifetime

DESCRIPTION:
The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [0..4294967294] - The value to set.


enable configure message-vpn <vpn-name> mqtt retain cache <cache-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable this MQTT Retain Cache. When the cache is disabled, neither retain messages nor retain requests will be delivered by the cache. However, live retain messages will continue to be delivered to currently connected MQTT clients.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> mqtt retain max-memory

COMMAND:
max-memory <megabytes>

no max-memory

DESCRIPTION:
The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational.

The no version of the command returns its value to the default (-1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<megabytes> [-1..2147483647] - The value to set.


enable configure message-vpn <vpn-name> proxy

COMMAND:
[create | no] proxy <proxy-name>
DESCRIPTION:
Create, modify, or delete a Proxy.

Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<proxy-name> [1..32 chars] - The name of the proxy.


enable configure message-vpn <vpn-name> proxy <proxy-name> authentication

COMMAND:
authentication [auth-scheme... | basic]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] auth-scheme - The authentication scheme used to connect to the proxy.
basic - Enter the "basic" mode.


enable configure message-vpn <vpn-name> proxy <proxy-name> authentication auth-scheme

COMMAND:
auth-scheme {none | basic}

no auth-scheme

DESCRIPTION:
The authentication scheme used to connect to the proxy.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
basic - Username/password authentication.
none - No authentication.


enable configure message-vpn <vpn-name> proxy <proxy-name> authentication basic

COMMAND:
basic [password... | username...]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] password - The password to use with basic authentication.
[no] username - The username to use with basic authentication.


enable configure message-vpn <vpn-name> proxy <proxy-name> authentication basic password

COMMAND:
password <value>

no password

DESCRIPTION:
The password to use with basic authentication.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..64 chars] - The value to set.


enable configure message-vpn <vpn-name> proxy <proxy-name> authentication basic username

COMMAND:
username <value>

no username

DESCRIPTION:
The username to use with basic authentication.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> proxy <proxy-name> host

COMMAND:
host <value>

no host

DESCRIPTION:
The IP address or host name of the proxy.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..253 chars: ] - The value to set.


enable configure message-vpn <vpn-name> proxy <proxy-name> port

COMMAND:
port <value>

no port

DESCRIPTION:
The port to connect to on the proxy host.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..65535] - The value to set.


enable configure message-vpn <vpn-name> proxy <proxy-name> proxy-type

COMMAND:
proxy-type {direct | http}

no proxy-type

DESCRIPTION:
The type of proxy.

The no version of the command returns its value to the default ("direct").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
direct - Direct connection (no proxy).
http - HTTP proxy.


enable configure message-vpn <vpn-name> proxy <proxy-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> replication

COMMAND:
replication [ack-propagation | bridge | queue | reject-msg-when-sync-ineligible | replicated-topic... | shutdown | state... | transaction-replication-mode...]
DESCRIPTION:
Enter the "replication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
ack-propagation - Enter the "ack-propagation" mode.
bridge - Enter the "bridge" mode.
queue - Enter the "queue" mode.
[no] reject-msg-when-sync-ineligible - Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible.
[create|no] replicated-topic - Create, modify, or delete a Replicated Topic.

To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.
[no] shutdown - Enable or disable replication for the Message VPN. The default behavior when enabling replication is fail-on-existing-queue.
state - The replication role for the Message VPN.
[no] transaction-replication-mode - The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction.


enable configure message-vpn <vpn-name> replication ack-propagation

COMMAND:
ack-propagation [interval]
DESCRIPTION:
Enter the "ack-propagation" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
interval - Enter the "interval" mode.


enable configure message-vpn <vpn-name> replication ack-propagation interval

COMMAND:
interval [messages...]
DESCRIPTION:
Enter the "interval" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] messages - The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages.


enable configure message-vpn <vpn-name> replication ack-propagation interval messages

COMMAND:
messages <num-messages>

no messages

DESCRIPTION:
The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages.

The no version of the command returns its value to the default (20).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-messages> [1..65535] - The value to set.


enable configure message-vpn <vpn-name> replication bridge

COMMAND:
bridge [authentication | compressed-data | message-spool | retry-delay... | ssl | unidirectional]
DESCRIPTION:
Enter the "bridge" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
authentication - Enter the "authentication" mode.
[no] compressed-data - Enable or disable use of compression for the replication Bridge.
message-spool - Enter the "message-spool" mode.
[no] retry-delay - The number of seconds that must pass before retrying the replication Bridge connection.
[no] ssl - Enable or disable use of encryption (TLS) for the replication Bridge connection.
unidirectional - Enter the "unidirectional" mode.


enable configure message-vpn <vpn-name> replication bridge authentication

COMMAND:
authentication [auth-scheme... | basic | client-certificate]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
auth-scheme - The authentication scheme for the replication Bridge in the Message VPN.
basic - Enter the "basic" mode.
client-certificate - Enter the "client-certificate" mode.


enable configure message-vpn <vpn-name> replication bridge authentication auth-scheme

COMMAND:
auth-scheme {basic | client-certificate}
DESCRIPTION:
The authentication scheme for the replication Bridge in the Message VPN.

The default is auth-scheme "basic".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
basic - Basic Authentication Scheme (via username and password).
client-certificate - Client Certificate Authentication Scheme (via certificate file or content).


enable configure message-vpn <vpn-name> replication bridge authentication basic

COMMAND:
basic [client-username...]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] client-username - The Client Username and password the replication Bridge uses to login to the remote Message VPN.


enable configure message-vpn <vpn-name> replication bridge authentication basic client-username

COMMAND:
client-username <name> [password <password> ]

no client-username

DESCRIPTION:
The Client Username and password the replication Bridge uses to login to the remote Message VPN.

The no version of the command returns its value to the default (no client-username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [0..189 chars] - The client-username used for authentication on the remote-router.
<password> [0..128 chars] - The password associated with the client-username used for authentication on the remote-router.


enable configure message-vpn <vpn-name> replication bridge authentication client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] certificate-file - The client certificate used by this Bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.


enable configure message-vpn <vpn-name> replication bridge authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> [file-contents <file-contents> ]

no certificate-file

DESCRIPTION:
The client certificate used by this Bridge to login to the remote Message VPN. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
If this certificate file is not configured, the locally configured server certificate will be used.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<file-contents> [0..32768 chars] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure message-vpn <vpn-name> replication bridge compressed-data

COMMAND:
[no] compressed-data
DESCRIPTION:
Enable or disable use of compression for the replication Bridge.

The default value is no compressed-data.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> replication bridge message-spool

COMMAND:
message-spool [window-size...]
DESCRIPTION:
Enter the "message-spool" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] window-size - The size of the window used for guaranteed messages published to the replication Bridge, in messages.


enable configure message-vpn <vpn-name> replication bridge message-spool window-size

COMMAND:
window-size <number>

no window-size

DESCRIPTION:
The size of the window used for guaranteed messages published to the replication Bridge, in messages.

The no version of the command returns its value to the default (255).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<number> [0..65535] - The value to set.


enable configure message-vpn <vpn-name> replication bridge retry-delay

COMMAND:
retry-delay <seconds>

no retry-delay

DESCRIPTION:
The number of seconds that must pass before retrying the replication Bridge connection.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [0..255] - The value to set.


enable configure message-vpn <vpn-name> replication bridge ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable or disable use of encryption (TLS) for the replication Bridge connection.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> replication bridge unidirectional

COMMAND:
unidirectional [client-profile...]
DESCRIPTION:
Enter the "unidirectional" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] client-profile - The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters.


enable configure message-vpn <vpn-name> replication bridge unidirectional client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters.

The no version of the command returns its value to the default ("#client-profile").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure message-vpn <vpn-name> replication queue

COMMAND:
queue [max-spool-usage... | reject-msg-to-sender-on-discard]
DESCRIPTION:
Enter the "queue" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
[no] max-spool-usage - The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes.
[no] reject-msg-to-sender-on-discard - Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender.


enable configure message-vpn <vpn-name> replication queue max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes.

The no version of the command returns its value to the default (60000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<size> [1..6000000] - The value to set.


enable configure message-vpn <vpn-name> replication queue reject-msg-to-sender-on-discard

COMMAND:
[no] reject-msg-to-sender-on-discard
DESCRIPTION:
Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender.

The default value is reject-msg-to-sender-on-discard.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> replication reject-msg-when-sync-ineligible

COMMAND:
[no] reject-msg-when-sync-ineligible
DESCRIPTION:
Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible.

The default value is no reject-msg-when-sync-ineligible.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> replication replicated-topic

COMMAND:
[create | no] replicated-topic <topic>
DESCRIPTION:
Create, modify, or delete a Replicated Topic.

To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<topic> [1..250 chars] - The topic for applying replication. Published messages matching this topic will be replicated to the standby site.


enable configure message-vpn <vpn-name> replication replicated-topic <topic> replication-mode

COMMAND:
replication-mode {sync | async}

no replication-mode

DESCRIPTION:
The replication mode for the Replicated Topic.

The no version of the command returns its value to the default ("async").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
async - Messages are acknowledged when pending replication (spooled locally).
sync - Messages are acknowledged when replicated (spooled remotely).


enable configure message-vpn <vpn-name> replication shutdown

COMMAND:
shutdown

no shutdown [fail-on-existing-queue | force-use-existing-queue | force-recreate-queue]

DESCRIPTION:
Enable or disable replication for the Message VPN. The default behavior when enabling replication is fail-on-existing-queue.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
fail-on-existing-queue - The data replication queue must not already exist.
force-recreate-queue - The data replication queue must already exist. Any data messages on the Queue will be discarded. IMPORTANT: Before using this mode be certain that the messages on the existing data replication queue are not needed by interested applications.
force-use-existing-queue - The data replication queue must already exist. Any data messages on the Queue will be forwarded to interested applications. IMPORTANT: Before using this mode be certain that the messages are not stale or otherwise unsuitable to be forwarded. This mode can only be specified when the existing queue is configured the same as is currently specified under replication configuration otherwise the enabling of replication will fail.


enable configure message-vpn <vpn-name> replication state

COMMAND:
state {active | standby}
DESCRIPTION:
The replication role for the Message VPN.

The default is state "standby".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
active - Configure the VPN replication state to be active
standby - Configure the VPN replication state to be standby


enable configure message-vpn <vpn-name> replication transaction-replication-mode

COMMAND:
transaction-replication-mode {sync | async}

no transaction-replication-mode

DESCRIPTION:
The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction.

The no version of the command returns its value to the default ("async").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
async - Messages are acknowledged when pending replication (spooled locally).
sync - Messages are acknowledged when replicated (spooled remotely).


enable configure message-vpn <vpn-name> rest

COMMAND:
rest [rest-delivery-point... | ssl]
DESCRIPTION:
Enter the "rest" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager or vpn/read-write
PARAMETERS:
[create|no] rest-delivery-point - Create, modify, or delete a REST Delivery Point.

A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.
ssl - Enter the "ssl" mode.


enable configure message-vpn <vpn-name> rest rest-delivery-point

COMMAND:
[create | no] rest-delivery-point <name>
DESCRIPTION:
Create, modify, or delete a REST Delivery Point.

A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..100 chars] - The name of the REST Delivery Point.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> client-profile

COMMAND:
client-profile <name>

no client-profile

DESCRIPTION:
The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP.

The no version of the command returns its value to the default ("default").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding

COMMAND:
[create | no] queue-binding <queue-name>
DESCRIPTION:
Create, modify, or delete a Queue Binding.

A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<queue-name> [1..200 chars] - The name of a queue in the Message VPN.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> gateway

COMMAND:
gateway [replace-target-authority]
DESCRIPTION:
Enter the "gateway" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] replace-target-authority - Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> gateway replace-target-authority

COMMAND:
[no] replace-target-authority
DESCRIPTION:
Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode.

The default value is no replace-target-authority.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> post-request-target

COMMAND:
post-request-target <post-request-target>

no post-request-target

DESCRIPTION:
The request-target string to use when sending requests. It identifies the target resource on the far-end REST Consumer upon which to apply the request. There are generally two common forms for the request-target. The origin-form is most often used in practice and contains the path and query components of the target URI. If the path component is empty then the client must generally send a "/" as the path. When making a request to a proxy, most often the absolute-form is required. This configuration is only applicable when the Message VPN is in REST messaging mode.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<post-request-target> [0..2000 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> protected-request-header

COMMAND:
[create | no] protected-request-header <header-name>
DESCRIPTION:
Create, modify, or delete a Protected Request Header.

A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<header-name> [1..50 chars] - The name of the protected HTTP request header.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> protected-request-header <header-name> header-value

COMMAND:
header-value <value>

no header-value

DESCRIPTION:
The value of the protected HTTP request header. Unlike a non-protected request header, this value cannot be displayed after it is set, and does not support substitution expressions.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..2000 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> request-header

COMMAND:
[create | no] request-header <header-name>
DESCRIPTION:
Create, modify, or delete a Request Header.

A request header to be added to the HTTP request.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<header-name> [1..50 chars] - The name of the HTTP request header.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> request-header <header-name> header-value

COMMAND:
header-value <value>

no header-value

DESCRIPTION:
A substitution expression for the value of the HTTP request header.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..2000 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> queue-binding <queue-name> request-target-evaluation

COMMAND:
request-target-evaluation {none | substitution-expressions}
DESCRIPTION:
The type of evaluation to perform on the request target.

The default is request-target-evaluation "none".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
none - Do not evaluate substitution expressions on the request target.
substitution-expressions - Evaluate substitution expressions on the request target.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer

COMMAND:
[create | no] rest-consumer <name>
DESCRIPTION:
Create, modify, or delete a REST Consumer.

REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [1..32 chars] - The name of the REST Consumer.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication

COMMAND:
authentication [auth-scheme... | aws | client-certificate | http-basic | http-header | oauth-client | oauth-jwt]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] auth-scheme - The authentication scheme used by the REST Consumer to login to the REST host.
aws - Enter the "aws" mode.
client-certificate - Enter the "client-certificate" mode.
http-basic - Enter the "http-basic" mode.
http-header - Enter the "http-header" mode.
oauth-client - Enter the "oauth-client" mode.
oauth-jwt - Enter the "oauth-jwt" mode.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication auth-scheme

COMMAND:
auth-scheme {none | http-basic | client-certificate | http-header | oauth-client | oauth-jwt | transparent | aws}

no auth-scheme

DESCRIPTION:
The authentication scheme used by the REST Consumer to login to the REST host.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
aws - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256).
client-certificate - Login with a client TLS certificate as per RFC 5246. Client certificate authentication is only available on TLS connections.
http-basic - Login with a username and optional password according to HTTP Basic authentication as per RFC 2616.
http-header - Login with a specified HTTP header.
none - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.
oauth-client - Login with OAuth 2.0 client credentials.
oauth-jwt - Login with OAuth (RFC 7523 JWT Profile).
transparent - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws

COMMAND:
aws [access-key-id... | region... | secret-access-key... | service...]
DESCRIPTION:
Enter the "aws" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] access-key-id - The AWS access key id.
[no] region - The AWS region id
[no] secret-access-key - The AWS secret access key.
[no] service - The AWS service id.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws access-key-id

COMMAND:
access-key-id <access-key-id>

no access-key-id

DESCRIPTION:
The AWS access key id.

The no version of the command returns its value to the default (no access-key-id configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<access-key-id> [0..32 chars] - The AWS access key id.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws region

COMMAND:
region <region>

no region

DESCRIPTION:
The AWS region id

The no version of the command returns its value to the default (no region configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<region> [0..20 chars] - The AWS region id.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws secret-access-key

COMMAND:
secret-access-key <secret-access-key>

no secret-access-key

DESCRIPTION:
The AWS secret access key.

The no version of the command returns its value to the default (no secret-access-key configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<secret-access-key> [0..64 chars] - The AWS secret access key.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication aws service

COMMAND:
service <service>

no service

DESCRIPTION:
The AWS service id.

The no version of the command returns its value to the default (no service configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<service> [0..50 chars] - The AWS service id.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] certificate-file - The client certificate that the REST Consumer will present to the REST host. The certificate file must be in the /certs directory and must be PEM formatted (have a .pem extension). If no certificate file is associated with a REST Consumer configured to use the client-certificate auth-scheme then the server certificate of the broker is used instead.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> [file-contents <file-contents> ]

no certificate-file

DESCRIPTION:
The client certificate that the REST Consumer will present to the REST host. The certificate file must be in the /certs directory and must be PEM formatted (have a .pem extension). If no certificate file is associated with a REST Consumer configured to use the client-certificate auth-scheme then the server certificate of the broker is used instead.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<file-contents> [0..32768 chars] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-basic

COMMAND:
http-basic [username...]
DESCRIPTION:
Enter the "http-basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] username - The username that the REST Consumer will use to login to the REST host. If a password is required for authentication, it can also be provided. Normally a username is only configured when basic authentication is selected for the REST Consumer.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-basic username

COMMAND:
username <name> [password <password> ]

no username

DESCRIPTION:
The username that the REST Consumer will use to login to the REST host. If a password is required for authentication, it can also be provided. Normally a username is only configured when basic authentication is selected for the REST Consumer.

The no version of the command returns its value to the default (no username configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..189 chars] - The username used for authentication on the remote server.
<password> [0..128 chars] - The password associated with the username used for authentication on the remote server.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-header

COMMAND:
http-header [name... | value...]
DESCRIPTION:
Enter the "http-header" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] name - The header name that the REST Consumer will use to login to the REST host.
[no] value - The header value that the REST Consumer will use to login to the REST host.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-header name

COMMAND:
name <name>

no name

DESCRIPTION:
The header name that the REST Consumer will use to login to the REST host.

The no version of the command returns its value to the default (no name configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> [0..50 chars] - The authentication header name.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication http-header value

COMMAND:
value <http-header-value>

no value

DESCRIPTION:
The header value that the REST Consumer will use to login to the REST host.

The no version of the command returns its value to the default (no value configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<http-header-value> [0..2100 chars] - The authentication header value.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client

COMMAND:
oauth-client [client-id... | client-secret... | proxy... | scope... | token-endpoint... | token-expiry-default...]
DESCRIPTION:
Enter the "oauth-client" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] client-id - The OAuth client ID.
[no] client-secret - The OAuth client secret.
[no] proxy - The name of the proxy to use. Leave empty for no proxy.
[no] scope - The OAuth scope.
[no] token-endpoint - The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host.
[no] token-expiry-default - The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client client-id

COMMAND:
client-id <client-id>

no client-id

DESCRIPTION:
The OAuth client ID.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<client-id> [0..200 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client client-secret

COMMAND:
client-secret <client-secret>

no client-secret

DESCRIPTION:
The OAuth client secret.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<client-secret> [0..512 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client proxy

COMMAND:
proxy <proxy-name>

no proxy

DESCRIPTION:
The name of the proxy to use. Leave empty for no proxy.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<proxy-name> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client scope

COMMAND:
scope <scope>

no scope

DESCRIPTION:
The OAuth scope.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<scope> [0..200 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client token-endpoint

COMMAND:
token-endpoint <token-endpoint>

no token-endpoint

DESCRIPTION:
The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<token-endpoint> [0..2048 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-client token-expiry-default

COMMAND:
token-expiry-default <value>

no token-expiry-default

DESCRIPTION:
The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync.

The no version of the command returns its value to the default (900).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [60..86400] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt

COMMAND:
oauth-jwt [claim | proxy... | secret-key... | token-endpoint... | token-expiry-default...]
DESCRIPTION:
Enter the "oauth-jwt" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
{create|no} claim - Create or delete a Claim.

A Claim is added to the JWT sent to the OAuth token request endpoint.
[no] proxy - The name of the proxy to use. Leave empty for no proxy.
[no] secret-key - The OAuth secret key used to sign the token request JWT.
[no] token-endpoint - The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host.
[no] token-expiry-default - The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt claim

COMMAND:
create claim <name> <value>

no claim <name>

DESCRIPTION:
Create or delete a Claim.

A Claim is added to the JWT sent to the OAuth token request endpoint.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<name> - The name of the additional claim. Cannot be "exp", "iat", or "jti".
<value> - The value of the additional claim, which must be a string containing a valid JSON value. For example, if the value is a string, it must be enclosed in double quotes. Note that since double quotes are special characters in the CLI, the quotes must be escaped: a claim value of "string" would be specified as \"string\".


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt proxy

COMMAND:
proxy <proxy-name>

no proxy

DESCRIPTION:
The name of the proxy to use. Leave empty for no proxy.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<proxy-name> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt secret-key

COMMAND:
secret-key <value>

no secret-key

DESCRIPTION:
The OAuth secret key used to sign the token request JWT.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..4096 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt token-endpoint

COMMAND:
token-endpoint <value>

no token-endpoint

DESCRIPTION:
The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..2048 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> authentication oauth-jwt token-expiry-default

COMMAND:
token-expiry-default <value>

no token-expiry-default

DESCRIPTION:
The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync.

The no version of the command returns its value to the default (900).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [60..86400] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> local

COMMAND:
local [interface...]
DESCRIPTION:
Enter the "local" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] interface - The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> local interface

COMMAND:
interface <phys-intf>

no interface

DESCRIPTION:
The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<phys-intf> [0..15 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote

COMMAND:
remote [host... | http-method... | max-post-wait-time... | outgoing-connection-count... | port... | proxy... | retry | ssl]
DESCRIPTION:
Enter the "remote" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] host - The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up.
[no] http-method - The HTTP method to use (POST or PUT). This is used only when operating in the REST service "messaging" mode and is ignored in "gateway" mode.
[no] max-post-wait-time - The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset.
[no] outgoing-connection-count - The number of concurrent TCP connections open to the REST Consumer.
[no] port - The port associated with the host of the REST Consumer.
[no] proxy - The name of the proxy to use. Leave empty for no proxy.
retry - Enter the "retry" mode.
[no] ssl - Enable or disable encryption (TLS) for the REST Consumer.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote host

COMMAND:
host <dest-ip-addr-or-host>

no host

DESCRIPTION:
The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<dest-ip-addr-or-host> [0..253 chars: ] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote http-method

COMMAND:
http-method {post | put}

no http-method

DESCRIPTION:
The HTTP method to use (POST or PUT). This is used only when operating in the REST service "messaging" mode and is ignored in "gateway" mode.

The no version of the command returns its value to the default ("post").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
post - Use the POST HTTP method.
put - Use the PUT HTTP method.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote max-post-wait-time

COMMAND:
max-post-wait-time <seconds>

no max-post-wait-time

DESCRIPTION:
The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset.

The no version of the command returns its value to the default (30).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [1..300] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote outgoing-connection-count

COMMAND:
outgoing-connection-count <count>

no outgoing-connection-count

DESCRIPTION:
The number of concurrent TCP connections open to the REST Consumer.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<count> [1..50] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote port

COMMAND:
port <port>

no port

DESCRIPTION:
The port associated with the host of the REST Consumer.

The no version of the command returns its value to the default. The default value is 8080, or 8443 if TLS is enabled.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<port> [1..65535] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote proxy

COMMAND:
proxy <proxy-name>

no proxy

DESCRIPTION:
The name of the proxy to use. Leave empty for no proxy.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<proxy-name> [0..32 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote retry

COMMAND:
retry [delay...]
DESCRIPTION:
Enter the "retry" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] delay - The number of seconds that must pass before retrying the remote REST Consumer connection.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote retry delay

COMMAND:
delay <seconds>

no delay

DESCRIPTION:
The number of seconds that must pass before retrying the remote REST Consumer connection.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [1..300] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> remote ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable or disable encryption (TLS) for the REST Consumer.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the REST Consumer. When disabled, no connections are initiated or messages delivered to this particular REST Consumer.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> ssl

COMMAND:
ssl [cipher-suite...]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] cipher-suite - The list of cipher suites the REST Consumer uses in its encrypted connection. The value "default" implies all supported suites ordered from most secure to least secure. The REST Consumer should choose the first suite from this list that it supports.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> rest-consumer <name> ssl cipher-suite

COMMAND:
cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no cipher-suite name <suite-name>

DESCRIPTION:
The list of cipher suites the REST Consumer uses in its encrypted connection. The value "default" implies all supported suites ordered from most secure to least secure. The REST Consumer should choose the first suite from this list that it supports.

The default is cipher-suite "default".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list.
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> service

COMMAND:
service <value>

no service

DESCRIPTION:
The name of the service that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..50 chars] - The value to set.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the REST Delivery Point. When disabled, no connections are initiated or messages delivered to any of the contained REST Consumers.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> rest rest-delivery-point <name> vendor

COMMAND:
vendor <value>

no vendor

DESCRIPTION:
The name of the vendor that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..50 chars] - The value to set.


enable configure message-vpn <vpn-name> rest ssl

COMMAND:
ssl [server-certificate-validation]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
server-certificate-validation - Enter the "server-certificate-validation" mode.


enable configure message-vpn <vpn-name> rest ssl server-certificate-validation

COMMAND:
server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]
DESCRIPTION:
Enter the "server-certificate-validation" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] max-certificate-chain-depth - The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the REST Consumer server certificate.
[no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.


enable configure message-vpn <vpn-name> rest ssl server-certificate-validation max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<max-depth> [0..8] - The value to set.


enable configure message-vpn <vpn-name> rest ssl server-certificate-validation validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the REST Consumer server certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> rest ssl server-certificate-validation validate-server-name

COMMAND:
[no] validate-server-name
DESCRIPTION:
Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.

The default value is validate-server-name.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> semp-over-msgbus

COMMAND:
semp-over-msgbus [admin-cmds | legacy-show-clear-cmds | show-cmds | shutdown]
DESCRIPTION:
Enter the "semp-over-msgbus" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
admin-cmds - Enter the "admin-cmds" mode.
legacy-show-clear-cmds - Enter the "legacy-show-clear-cmds" mode.
show-cmds - Enter the "show-cmds" mode.
[no] shutdown - Enable or disable SEMP over the message bus for the current Message VPN.


enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds

COMMAND:
admin-cmds [client-cmds | distributed-cache-cmds | shutdown]
DESCRIPTION:
Enter the "admin-cmds" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
client-cmds - Enter the "client-cmds" mode.
distributed-cache-cmds - Enter the "distributed-cache-cmds" mode.
[no] shutdown - Enable or disable "admin" SEMP over the message bus commands for the current Message VPN.


enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds client-cmds

COMMAND:
client-cmds [shutdown]
DESCRIPTION:
Enter the "client-cmds" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] shutdown - Enable or disable "admin client" SEMP over the message bus commands for the current Message VPN.


enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds client-cmds shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable "admin client" SEMP over the message bus commands for the current Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds distributed-cache-cmds

COMMAND:
distributed-cache-cmds [shutdown]
DESCRIPTION:
Enter the "distributed-cache-cmds" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] shutdown - Enable or disable "admin distributed-cache" SEMP over the message bus commands for the current Message VPN.


enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds distributed-cache-cmds shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable "admin distributed-cache" SEMP over the message bus commands for the current Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> semp-over-msgbus admin-cmds shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable "admin" SEMP over the message bus commands for the current Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> semp-over-msgbus legacy-show-clear-cmds

COMMAND:
legacy-show-clear-cmds [shutdown]
DESCRIPTION:
Enter the "legacy-show-clear-cmds" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] shutdown - Enable or disable "legacy-show-clear" SEMP over the message bus commands (that is, SEMP show and administration requests published to the topic "#P2P/[router name]/#client/SEMP") for the current Message VPN.


enable configure message-vpn <vpn-name> semp-over-msgbus legacy-show-clear-cmds shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable "legacy-show-clear" SEMP over the message bus commands (that is, SEMP show and administration requests published to the topic "#P2P/[router name]/#client/SEMP") for the current Message VPN.

The default value is shutdown.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> semp-over-msgbus show-cmds

COMMAND:
show-cmds [shutdown]
DESCRIPTION:
Enter the "show-cmds" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] shutdown - Enable or disable "show" SEMP over the message bus commands for the current Message VPN.


enable configure message-vpn <vpn-name> semp-over-msgbus show-cmds shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable "show" SEMP over the message bus commands for the current Message VPN.

The default value is shutdown.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> semp-over-msgbus shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable SEMP over the message bus for the current Message VPN.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service

COMMAND:
service [amqp | mqtt | rest | smf | web-transport]
DESCRIPTION:
Enter the "service" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
amqp - Enter the "amqp" mode.
mqtt - Enter the "mqtt" mode.
rest - Enter the "rest" mode.
smf - Enter the "smf" mode.
web-transport - Enter the "web-transport" mode.


enable configure message-vpn <vpn-name> service amqp

COMMAND:
amqp [listen-port... | max-connections... | plain-text | ssl]
DESCRIPTION:
Enter the "amqp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] listen-port - The port number for AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. AMQP must not be enabled for the particular transport to change the port.
[no] max-connections - The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.
plain-text - Enter the "plain-text" mode.
ssl - Enter the "ssl" mode.


enable configure message-vpn <vpn-name> service amqp listen-port

COMMAND:
listen-port <port> [ssl]

no listen-port [ssl]

DESCRIPTION:
The port number for AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. AMQP must not be enabled for the particular transport to change the port.

The no version of this command removes the configured port of the specified type (plain-text or TLS).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [0..65535] - The value to set.
ssl - The port uses TLS.


enable configure message-vpn <vpn-name> service amqp max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> service amqp plain-text

COMMAND:
plain-text [shutdown]
DESCRIPTION:
Enter the "plain-text" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected.


enable configure message-vpn <vpn-name> service amqp plain-text shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service amqp ssl

COMMAND:
ssl [shutdown]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.


enable configure message-vpn <vpn-name> service amqp ssl shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service mqtt

COMMAND:
mqtt [authentication | listen-port... | max-connections... | plain-text | ssl | websocket | websocket-secure]
DESCRIPTION:
Enter the "mqtt" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
authentication - Enter the "authentication" mode.
[no] listen-port - The port number for MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text, TLS, WebSocket, and WebSocket Secure ports are configured separately. MQTT must not be enabled for the particular transport to change the port.
[no] max-connections - The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits.
plain-text - Enter the "plain-text" mode.
ssl - Enter the "ssl" mode.
websocket - Enter the "websocket" mode.
websocket-secure - Enter the "websocket-secure" mode.


enable configure message-vpn <vpn-name> service mqtt authentication

COMMAND:
authentication [client-certificate]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
client-certificate - Enter the "client-certificate" mode.


enable configure message-vpn <vpn-name> service mqtt authentication client-certificate

COMMAND:
client-certificate [request-client-certificate...]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] request-client-certificate - Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port.


enable configure message-vpn <vpn-name> service mqtt authentication client-certificate request-client-certificate

COMMAND:
request-client-certificate {always | never | when-enabled-in-message-vpn}

no request-client-certificate

DESCRIPTION:
Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port.

The no version of the command returns its value to the default ("when-enabled-in-message-vpn").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
always - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
never - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
when-enabled-in-message-vpn - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn > authentication > client-certificate > shutdown".


enable configure message-vpn <vpn-name> service mqtt listen-port

COMMAND:
listen-port <port> [ssl] [web]

no listen-port [ssl] [web]

DESCRIPTION:
The port number for MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text, TLS, WebSocket, and WebSocket Secure ports are configured separately. MQTT must not be enabled for the particular transport to change the port.

The no version of this command removes the configured port of the specified type (plain-text, TLS, WebSocket, or WebSocket Secure).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [0..65535] - The value to set.
ssl - The port uses TLS.
web - The port uses WebSocket.


enable configure message-vpn <vpn-name> service mqtt max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> service mqtt plain-text

COMMAND:
plain-text [shutdown]
DESCRIPTION:
Enter the "plain-text" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected.


enable configure message-vpn <vpn-name> service mqtt plain-text shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service mqtt ssl

COMMAND:
ssl [shutdown]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.


enable configure message-vpn <vpn-name> service mqtt ssl shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service mqtt websocket

COMMAND:
websocket [shutdown]
DESCRIPTION:
Enter the "websocket" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected.


enable configure message-vpn <vpn-name> service mqtt websocket shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service mqtt websocket-secure

COMMAND:
websocket-secure [shutdown]
DESCRIPTION:
Enter the "websocket-secure" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected.


enable configure message-vpn <vpn-name> service mqtt websocket-secure shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service rest

COMMAND:
rest [incoming | mode... | outgoing]
DESCRIPTION:
Enter the "rest" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
incoming - Enter the "incoming" mode.
[no] mode - The REST service mode for incoming REST clients that connect to the Message VPN.
outgoing - Enter the "outgoing" mode.


enable configure message-vpn <vpn-name> service rest incoming

COMMAND:
incoming [authentication | authorization-header-handling... | listen-port... | max-connections... | plain-text | ssl]
DESCRIPTION:
Enter the "incoming" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
authentication - Enter the "authentication" mode.
[no] authorization-header-handling - Handling of incoming Authorization headers.
[no] listen-port - The port number for incoming REST clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. REST must not be enabled for the particular transport to change the port.
[no] max-connections - The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.
plain-text - Enter the "plain-text" mode.
ssl - Enter the "ssl" mode.


enable configure message-vpn <vpn-name> service rest incoming authentication

COMMAND:
authentication [client-certificate]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
client-certificate - Enter the "client-certificate" mode.


enable configure message-vpn <vpn-name> service rest incoming authentication client-certificate

COMMAND:
client-certificate [request-client-certificate...]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] request-client-certificate - Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port.


enable configure message-vpn <vpn-name> service rest incoming authentication client-certificate request-client-certificate

COMMAND:
request-client-certificate {always | never | when-enabled-in-message-vpn}

no request-client-certificate

DESCRIPTION:
Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port.

The no version of the command returns its value to the default ("when-enabled-in-message-vpn").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
always - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
never - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
when-enabled-in-message-vpn - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn > authentication > client-certificate > shutdown".


enable configure message-vpn <vpn-name> service rest incoming authorization-header-handling

COMMAND:
authorization-header-handling {drop | forward | legacy}

no authorization-header-handling

DESCRIPTION:
Handling of incoming Authorization headers.

The no version of the command returns its value to the default ("drop").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
drop - Do not attach the Authorization header to the message as a user property. This configuration is most secure.
forward - Forward the Authorization header, attaching it to the message as a user property in the same way as other headers. For best security, use the drop setting.
legacy - If the Authorization header was used for authentication to the broker, do not attach it to the message. If the Authorization header was not used for authentication to the broker, attach it to the message as a user property in the same way as other headers. For best security, use the drop setting.


enable configure message-vpn <vpn-name> service rest incoming listen-port

COMMAND:
listen-port <port> [ssl]

no listen-port [ssl]

DESCRIPTION:
The port number for incoming REST clients that connect to the Message VPN. The port must be unique across the message backbone. Plain-text and TLS ports are configured separately. REST must not be enabled for the particular transport to change the port.

The no version of this command removes the configured port of the specified type (plain-text or TLS).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [0..65535] - The value to set.
ssl - The port uses TLS.


enable configure message-vpn <vpn-name> service rest incoming max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> service rest incoming plain-text

COMMAND:
plain-text [shutdown]
DESCRIPTION:
Enter the "plain-text" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected.


enable configure message-vpn <vpn-name> service rest incoming plain-text shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service rest incoming ssl

COMMAND:
ssl [shutdown]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.


enable configure message-vpn <vpn-name> service rest incoming ssl shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service rest mode

COMMAND:
mode {gateway | messaging}

no mode

DESCRIPTION:
The REST service mode for incoming REST clients that connect to the Message VPN.

The no version of the command returns its value to the default ("messaging").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
gateway - Act as a message gateway through which REST messages are propagated.
messaging - Act as a message broker on which REST messages are queued.


enable configure message-vpn <vpn-name> service rest outgoing

COMMAND:
outgoing [max-connections...]
DESCRIPTION:
Enter the "outgoing" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] max-connections - The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits.


enable configure message-vpn <vpn-name> service rest outgoing max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. See "show service" for supported limits.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..6000] - The value to set.


enable configure message-vpn <vpn-name> service smf

COMMAND:
smf [max-connections... | plain-text | ssl]
DESCRIPTION:
Enter the "smf" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] max-connections - The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.
plain-text - Enter the "plain-text" mode.
ssl - Enter the "ssl" mode.


enable configure message-vpn <vpn-name> service smf max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. See "show service" for supported limits.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> service smf plain-text

COMMAND:
plain-text [shutdown]
DESCRIPTION:
Enter the "plain-text" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected.


enable configure message-vpn <vpn-name> service smf plain-text shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service smf ssl

COMMAND:
ssl [shutdown]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.


enable configure message-vpn <vpn-name> service smf ssl shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service web-transport

COMMAND:
web-transport [authentication | max-connections... | plain-text | ssl]
DESCRIPTION:
Enter the "web-transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
authentication - Enter the "authentication" mode.
[no] max-connections - The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform.
plain-text - Enter the "plain-text" mode.
ssl - Enter the "ssl" mode.


enable configure message-vpn <vpn-name> service web-transport authentication

COMMAND:
authentication [client-certificate]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
client-certificate - Enter the "client-certificate" mode.


enable configure message-vpn <vpn-name> service web-transport authentication client-certificate

COMMAND:
client-certificate [request-client-certificate...]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] request-client-certificate - Determines when to request a client certificate from a Web Transport client connecting via a TLS port.


enable configure message-vpn <vpn-name> service web-transport authentication client-certificate request-client-certificate

COMMAND:
request-client-certificate {always | never | when-enabled-in-message-vpn}

no request-client-certificate

DESCRIPTION:
Determines when to request a client certificate from a Web Transport client connecting via a TLS port.

The no version of the command returns its value to the default ("when-enabled-in-message-vpn").

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
always - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
never - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
when-enabled-in-message-vpn - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn > authentication > client-certificate > shutdown".


enable configure message-vpn <vpn-name> service web-transport max-connections

COMMAND:
max-connections <value>

no max-connections

DESCRIPTION:
The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> service web-transport plain-text

COMMAND:
plain-text [shutdown]
DESCRIPTION:
Enter the "plain-text" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected.


enable configure message-vpn <vpn-name> service web-transport plain-text shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> service web-transport ssl

COMMAND:
ssl [shutdown]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.


enable configure message-vpn <vpn-name> service web-transport ssl shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Message VPN.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> ssl

COMMAND:
ssl [allow-downgrade-to-plain-text]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] allow-downgrade-to-plain-text - Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections.


enable configure message-vpn <vpn-name> ssl allow-downgrade-to-plain-text

COMMAND:
[no] allow-downgrade-to-plain-text
DESCRIPTION:
Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections.

The default value is no allow-downgrade-to-plain-text.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> telemetry-profile

COMMAND:
[create | no] telemetry-profile <telemetry-profile-name>
DESCRIPTION:
Create, modify, or delete a Telemetry Profile.

Using the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<telemetry-profile-name> [1..21 chars] - The name of the Telemetry Profile.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue

COMMAND:
queue
DESCRIPTION:
Enter the configuration mode for the telemetry data queue.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event

COMMAND:
event [bind-count | spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
bind-count - Enter the "bind-count" mode.
spool-usage - Enter the "spool-usage" mode.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event bind-count

COMMAND:
bind-count [thresholds...]
DESCRIPTION:
Enter the "bind-count" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Queue consumer flows event, relative to `queueMaxBindCount`.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event bind-count thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Queue consumer flows event, relative to `queueMaxBindCount`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to `queueMaxMsgSpoolUsage`.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Queue, relative to `queueMaxMsgSpoolUsage`.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue max-bind-count

COMMAND:
max-bind-count <value>

no max-bind-count

DESCRIPTION:
The maximum number of consumer flows that can bind to the Queue.

The no version of the command returns its value to the default (1000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..10000] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> queue max-spool-usage

COMMAND:
max-spool-usage <value>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage allowed by the Queue, in megabytes (MB).

The no version of the command returns its value to the default (800000).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [1..6000000] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver

COMMAND:
receiver [acl | event | max-connections-per-client-username... | shutdown | tcp]
DESCRIPTION:
Enter the "receiver" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
acl - Enter the "acl" mode.
event - Enter the "event" mode.
[no] max-connections-per-client-username - The maximum number of receiver connections per Client Username.
[no] shutdown - Enable or disable the ability for receiver clients to consume from the #telemetry queue.
tcp - Enter the "tcp" mode.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl

COMMAND:
acl [connect]
DESCRIPTION:
Enter the "acl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connect - Enter the "connect" mode.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl connect

COMMAND:
connect [default-action... | exception...]
DESCRIPTION:
Enter the "connect" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
default-action - The default action to take when a receiver client connects to the broker.
[no] exception - Create or delete a Receiver ACL Connect Exception.

A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl connect default-action

COMMAND:
default-action {allow | disallow}
DESCRIPTION:
The default action to take when a receiver client connects to the broker.

The default is default-action "disallow".

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
allow - Allow client connection unless an exception is found for it.
disallow - Disallow client connection unless an exception is found for it.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver acl connect exception

COMMAND:
[no] exception <cidr-addr>
DESCRIPTION:
Create or delete a Receiver ACL Connect Exception.

A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<cidr-addr> [0..43 chars] - The IP address/netmask of the receiver connect exception in CIDR form.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver event

COMMAND:
event [connections-per-client-username]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
connections-per-client-username - Enter the "connections-per-client-username" mode.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver event connections-per-client-username

COMMAND:
connections-per-client-username [thresholds...]
DESCRIPTION:
Enter the "connections-per-client-username" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] thresholds - The thresholds for the Client Username connection count event of the receiver, relative to max-connections-per-client-username.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver event connections-per-client-username thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the Client Username connection count event of the receiver, relative to max-connections-per-client-username.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver max-connections-per-client-username

COMMAND:
max-connections-per-client-username <value>

no max-connections-per-client-username

DESCRIPTION:
The maximum number of receiver connections per Client Username.

The no version of the command returns its value to the default (maximum value supported by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<value> [0..200000] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the ability for receiver clients to consume from the #telemetry queue.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter the "tcp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.
keepalive - Enter the "keepalive" mode.
[no] max-wnd - The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.
[no] mss - The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-mss> [2..7826] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter the "keepalive" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num> [2..5] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [3..120] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<seconds> [1..30] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<num-kilo-bytes> [16..65536] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> receiver tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<byte-count> [256..1460] - The value to set.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace

COMMAND:
trace [filter... | send-spans | shutdown]
DESCRIPTION:
Enter the "trace" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[create|no] filter - Create, modify, or delete a Trace Filter.

A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.
send-spans - Enter the "send-spans" mode.
[no] shutdown - Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace filter

COMMAND:
[create | no] filter <trace-filter-name>
DESCRIPTION:
Create, modify, or delete a Trace Filter.

A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<trace-filter-name> [1..127 chars] - A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as "appNameDebug".


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace filter <trace-filter-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace filter <trace-filter-name> subscription

COMMAND:
[create | no] subscription <subscription> [smf | mqtt]
DESCRIPTION:
Create, modify, or delete a Telemetry Trace Filter Subscription.

Trace filter subscriptions control which messages will be attracted by the tracing filter.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
mqtt - Subscription uses MQTT syntax.
smf - Subscription uses SMF syntax.
<subscription> [1..250 chars] - Messages matching this subscription will follow this filter's configuration.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace send-spans

COMMAND:
send-spans [shutdown]
DESCRIPTION:
Enter the "send-spans" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] shutdown - Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace send-spans shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure message-vpn <vpn-name> telemetry-profile <telemetry-profile-name> trace shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: yes
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
This command does not take any parameters.


enable configure mqtt

COMMAND:
mqtt [retain]
DESCRIPTION:
Enter MQTT global configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
retain - Enter MQTT Retain global configuration.


enable configure mqtt retain

COMMAND:
retain [max-memory...]
DESCRIPTION:
Enter MQTT Retain global configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] max-memory - The maximum total memory usage of all MQTT Retain Caches across all VPNs, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded.

All messages in all MQTT Retain Caches are discarded when this value is 0.


enable configure mqtt retain max-memory

COMMAND:
max-memory <megabytes>

no max-memory

DESCRIPTION:
The maximum total memory usage of all MQTT Retain Caches across all VPNs, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded.

All messages in all MQTT Retain Caches are discarded when this value is 0.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<megabytes> [0 or 300..2147483647] - The number of megabytes, where 1 MB = 1024 x 1024 bytes.


enable configure proxy

COMMAND:
[create | no] proxy <proxy-name>
DESCRIPTION:
Create, modify, or delete a Proxy.

Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a OAuth Provider, select the proxy by name in the configuration for that object.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<proxy-name> [1..32 chars] - The name of the proxy.


enable configure proxy <proxy-name> authentication

COMMAND:
authentication [auth-scheme... | basic]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] auth-scheme - The authentication scheme used to connect to the proxy.
basic - Enter the "basic" mode.


enable configure proxy <proxy-name> authentication auth-scheme

COMMAND:
auth-scheme {none | basic}

no auth-scheme

DESCRIPTION:
The authentication scheme used to connect to the proxy.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
basic - Username/password authentication.
none - No authentication.


enable configure proxy <proxy-name> authentication basic

COMMAND:
basic [password... | username...]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] password - The password to use with basic authentication.
[no] username - The username to use with basic authentication.


enable configure proxy <proxy-name> authentication basic password

COMMAND:
password <value>

no password

DESCRIPTION:
The password to use with basic authentication.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..64 chars] - The value to set.


enable configure proxy <proxy-name> authentication basic username

COMMAND:
username <value>

no username

DESCRIPTION:
The username to use with basic authentication.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..32 chars] - The value to set.


enable configure proxy <proxy-name> host

COMMAND:
host <value>

no host

DESCRIPTION:
The IP address or host name of the proxy.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..253 chars: ] - The value to set.


enable configure proxy <proxy-name> port

COMMAND:
port <value>

no port

DESCRIPTION:
The port to connect to on the proxy host.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<value> [0..65535] - The value to set.


enable configure proxy <proxy-name> proxy-type

COMMAND:
proxy-type {direct | http}

no proxy-type

DESCRIPTION:
The type of proxy.

The no version of the command returns its value to the default ("direct").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
direct - Direct connection (no proxy).
http - HTTP proxy.


enable configure proxy <proxy-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
This command does not take any parameters.


enable configure redundancy

COMMAND:
redundancy [active-standby-role... | authentication | auto-revert | mate-router-name... | release-activity | shutdown | vrrp]
DESCRIPTION:
Use this command to configure redundancy parameters on the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] active-standby-role - The virtual router type this router is acting for in the Active-Standby scenario.
authentication - Enter redundancy authentication configuration.
[no] auto-revert - Backup router to give up activity if primary router is ready to provide service
[no] mate-router-name - Configure the mate router name. Once configured, a subsequent change is not acted upon immediately and will cause redundancy to be down until after the next router restart.
[no] release-activity - Surrender activity to the mate router for all virtual router ids
[no] shutdown - Disable active-active redundancy
vrrp - Enter redundancy VRRP configuration.


enable configure redundancy active-standby-role

COMMAND:
active-standby-role {primary | backup | none }

no active-standby-role

DESCRIPTION:
The virtual router type this router is acting for in the Active-Standby scenario.

The no version of the command returns its value to the default ("none").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
backup - The broker is acting as the backup virtual router in the Active-Standby scenario.
none - The broker is using the Active-Active redundancy model, or its Active-Standby role is being derived from other configuration settings. The value 'none' is only recommended when using Active-Active redundancy.
primary - The broker is acting as the primary virtual router in the Active-Standby scenario.


enable configure redundancy authentication

COMMAND:
authentication [pre-shared-key]
DESCRIPTION:
Enter redundancy authentication configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
pre-shared-key - Enter redundancy authentication PSK configuration.


enable configure redundancy authentication pre-shared-key

COMMAND:
pre-shared-key [key...]
DESCRIPTION:
Enter redundancy authentication PSK configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] key - A key that must be configured the same for all redundancy group members. The key is used to authenticate connections between group members. The key is 32-256 bytes of binary data encoded in base 64. For maximum security, the key should be randomly generated and as long as possible.


enable configure redundancy authentication pre-shared-key key

COMMAND:
key <pre-shared-key>

no key

DESCRIPTION:
A key that must be configured the same for all redundancy group members. The key is used to authenticate connections between group members. The key is 32-256 bytes of binary data encoded in base 64. For maximum security, the key should be randomly generated and as long as possible.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<pre-shared-key> [44..344 chars] - The pre-shared key is encoded in base 64.


enable configure redundancy auto-revert

COMMAND:
[no] auto-revert
DESCRIPTION:
Backup router to give up activity if primary router is ready to provide service

The default value is no auto-revert.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure redundancy mate-router-name

COMMAND:
mate-router-name <name>

no mate-router-name

DESCRIPTION:
Configure the mate router name. Once configured, a subsequent change is not acted upon immediately and will cause redundancy to be down until after the next router restart.

The no version of the command returns its value to the default (no mate-router-name configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [1..64 chars] - The router name. Cannot start with "v:", which stands for virtual router.


enable configure redundancy release-activity

COMMAND:
[no] release-activity
DESCRIPTION:
Surrender activity to the mate router for all virtual router ids

The default value is no release-activity.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure redundancy shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disable active-active redundancy

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure redundancy vrrp

COMMAND:
vrrp [backup-vrid... | failover-criteria... | interface... | primary-vrid...]
DESCRIPTION:
Enter redundancy VRRP configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] backup-vrid - Configure the backup virtual router ID used by VRRP.
[no] failover-criteria - Configure the criteria to use when deciding whether or not to give up activity when a redundancy interface fails.
[no] interface - Configure an interface to be used by redundancy. Failure of a redundancy interface causes the router to give up activity, subject to the configured failover-criteria. At least one interface must be designated as a redundancy interface in order to enable redundancy. The VRRP protocol is run on all redundancy interfaces.
[no] primary-vrid - Configure the primary virtual router ID used by VRRP.


enable configure redundancy vrrp backup-vrid

COMMAND:
backup-vrid <vrid>

no backup-vrid

DESCRIPTION:
Configure the backup virtual router ID used by VRRP.

By default, no virtual router ID is configured for backup.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vrid> [0..255] - VRRP Virtual Router Id (VRID) in the form: nnn


enable configure redundancy vrrp failover-criteria

COMMAND:
failover-criteria {any-fail | all-fail}

no failover-criteria

DESCRIPTION:
Configure the criteria to use when deciding whether or not to give up activity when a redundancy interface fails.

The default is failover-criteria "any-fail".

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
all-fail - Release if all redundancy interface fails.
any-fail - Release if any redundancy interface fails.


enable configure redundancy vrrp interface

COMMAND:
[no] interface <phy-interface>
DESCRIPTION:
Configure an interface to be used by redundancy. Failure of a redundancy interface causes the router to give up activity, subject to the configured failover-criteria. At least one interface must be designated as a redundancy interface in order to enable redundancy. The VRRP protocol is run on all redundancy interfaces.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure redundancy vrrp primary-vrid

COMMAND:
primary-vrid <vrid>

no primary-vrid

DESCRIPTION:
Configure the primary virtual router ID used by VRRP.

By default, no virtual router ID is configured for primary.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vrid> [0..255] - VRRP Virtual Router Id (VRID) in the form: nnn


enable configure replication

COMMAND:
replication [config-sync | interface... | mate | ssl]
DESCRIPTION:
Enter global replication configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
config-sync - Enter replication Config-Sync configuration mode
[no] interface - Configure the replication interface.
mate - Enter replication mate configuration mode.
ssl - Enter replication SSL configuration mode.


enable configure replication config-sync

COMMAND:
config-sync [bridge]
DESCRIPTION:
Enter replication Config-Sync configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
bridge - Enter replication Config-Sync bridge configuration mode.


enable configure replication config-sync bridge

COMMAND:
bridge [authentication | compressed-data | message-spool | retry-delay... | shutdown | ssl | ssl-server-certificate-validation]
DESCRIPTION:
Enter replication Config-Sync bridge configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
authentication - Enter replication Config-Sync bridge authentication configuration mode.
[no] compressed-data - Enable or disable the use of compression on the Config-Sync replication bridge.
message-spool - Enter replication Config-Sync bridge message-spool configuration mode.
[no] retry-delay - Configure the retry-delay used on the config-sync replication bridge.
[no] shutdown - Enable or disable the config-sync replication bridge.
[no] ssl - Toggle whether ssl will be used for the config sync bridge. Changes may only be done when the config sync or the replication config sync bridge is shutdown. This setting may be overridden by the global config-sync ssl setting.
ssl-server-certificate-validation - Enter replication Config-Sync bridge SSL server-certificate validation configuration mode.


enable configure replication config-sync bridge authentication

COMMAND:
authentication [auth-scheme...]
DESCRIPTION:
Enter replication Config-Sync bridge authentication configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
auth-scheme - Configure the authentication scheme for the config-sync bridge


enable configure replication config-sync bridge authentication auth-scheme

COMMAND:
auth-scheme {basic | client-certificate}
DESCRIPTION:
Configure the authentication scheme for the config-sync bridge

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
basic - Basic Authentication Scheme (via username and password).
client-certificate - Client Certificate Authentication Scheme (via certificate file or content).


enable configure replication config-sync bridge compressed-data

COMMAND:
[no] compressed-data
DESCRIPTION:
Enable or disable the use of compression on the Config-Sync replication bridge.

The default value is no compressed-data.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure replication config-sync bridge message-spool

COMMAND:
message-spool [window-size...]
DESCRIPTION:
Enter replication Config-Sync bridge message-spool configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] window-size - Configure the window-size used on the config-sync replication bridge.


enable configure replication config-sync bridge message-spool window-size

COMMAND:
window-size <number>

no window-size

DESCRIPTION:
Configure the window-size used on the config-sync replication bridge.

The no version of the command returns its value to the default (65535).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<number> [1..65535] - The transport window size.


enable configure replication config-sync bridge retry-delay

COMMAND:
retry-delay <seconds>

no retry-delay

DESCRIPTION:
Configure the retry-delay used on the config-sync replication bridge.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [0..255] - Number of seconds.


enable configure replication config-sync bridge shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the config-sync replication bridge.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure replication config-sync bridge ssl

COMMAND:
[no] ssl
DESCRIPTION:
Toggle whether ssl will be used for the config sync bridge. Changes may only be done when the config sync or the replication config sync bridge is shutdown. This setting may be overridden by the global config-sync ssl setting.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure replication config-sync bridge ssl-server-certificate-validation

COMMAND:
ssl-server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]
DESCRIPTION:
Enter replication Config-Sync bridge SSL server-certificate validation configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] max-certificate-chain-depth - Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).
[no] validate-certificate-date - Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.
[no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.


enable configure replication config-sync bridge ssl-server-certificate-validation max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
Set the maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The 'no' version of this command resets the value to the default value (3).

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8


enable configure replication config-sync bridge ssl-server-certificate-validation validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure replication config-sync bridge ssl-server-certificate-validation validate-server-name

COMMAND:
[no] validate-server-name
DESCRIPTION:
Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.

The default value is validate-server-name.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure replication interface

COMMAND:
interface <phys-intf>

no interface

DESCRIPTION:
Configure the replication interface.

The no version of the command returns its value to the default (no interface configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<phys-intf> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure replication mate

COMMAND:
mate [connect-port... | virtual-router-name...]
DESCRIPTION:
Enter replication mate configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] connect-port - Format the replication-mate connect port for either compressed and non-compressed links. The no version of the command sets the port to its default value for either compressed or non-compressed links.
[no] virtual-router-name - Format the replication-mate virtual-router name.


enable configure replication mate connect-port

COMMAND:
connect-port <port> [compressed] [ssl]

no connect-port [compressed] [ssl]

DESCRIPTION:
Format the replication-mate connect port for either compressed and non-compressed links. The no version of the command sets the port to its default value for either compressed or non-compressed links.

The no version of the command returns its value to the default (no connect-port configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
compressed - For compressed traffic
<port> [1..65535] - The port on the replication-mate virtual-router.
ssl - For SSL traffic


enable configure replication mate virtual-router-name

COMMAND:
virtual-router-name <virtual-router-name> connect-via <addr>

no virtual-router-name

DESCRIPTION:
Format the replication-mate virtual-router name.

The no version of the command returns its value to the default (no virtual-router-name configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<addr> [1..253 chars: ] - The FQDN or IP address for the replication-mate virtual-router.
<virtual-router-name> [1..66 chars] - The name of the replication-mate virtual-router. All virtual remote-router names start with "v:", for e.g. v:lab-128-97.


enable configure replication ssl

COMMAND:
ssl [cipher-suite...]
DESCRIPTION:
Enter replication SSL configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] cipher-suite - Configure the replication SSL authentication mechanism with an ordered list of cipher suites. The suite selected will be the first suite in the list that is supported by the remote router.


enable configure replication ssl cipher-suite

COMMAND:
cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no cipher-suite name <suite-name>

DESCRIPTION:
Configure the replication SSL authentication mechanism with an ordered list of cipher suites. The suite selected will be the first suite in the list that is supported by the remote router.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list.
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure router-name

COMMAND:
router-name <name> [defer]

no router-name [defer]

DESCRIPTION:
Sets the router name. Cannot start with "v:", which stands for virtual router. The "no" version of the command causes the router-name to "mirror" the hostname such that if the operator changes the hostname the router name also changes to the same value.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart.
<name> [1..64 chars] - The router name.


enable configure routing

COMMAND:
routing [dynamic-message-routing | interface... | mode... | multi-node-routing]
DESCRIPTION:
Enter routing configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
dynamic-message-routing - Configure dynamic-message-routing
[no] interface - Configure the interface used for all routing protocols.
[no] mode - The routing mode for the router. This affects the way routers can be interconnected to form a network, and how the subscription sets of each router are dynamically learned by the others. A restart is needed for the new mode to becomes operational.
multi-node-routing - Configure multi-node-routing


enable configure routing dynamic-message-routing

COMMAND:
dynamic-message-routing [cluster...]
DESCRIPTION:
Configure dynamic-message-routing

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[create|no] cluster - Create, modify, or delete a Cluster.

A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.


enable configure routing dynamic-message-routing cluster

COMMAND:
[no] cluster <cluster-name>

create cluster <cluster-name> [direct-only]

DESCRIPTION:
Create, modify, or delete a Cluster.

A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<cluster-name> [1..64 chars] - The name of the Cluster.
direct-only - Enable or disable direct messaging only. Guaranteed messages will not be transmitted through the cluster.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication

COMMAND:
authentication [basic | client-certificate]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
basic - Enter the "basic" mode.
client-certificate - Enter the "client-certificate" mode.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic

COMMAND:
basic [auth-type... | password... | shutdown]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] auth-type - The type of basic authentication to use for Cluster Links.
[no] password - The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured.
[no] shutdown - Enable or disable basic authentication for Cluster Links.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic auth-type

COMMAND:
auth-type {internal | none}

no auth-type

DESCRIPTION:
The type of basic authentication to use for Cluster Links.

The no version of the command returns its value to the default ("internal").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
internal - Use locally configured password.
none - No authentication.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic password

COMMAND:
password <password>

no password

DESCRIPTION:
The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<password> [0..128 chars] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication basic shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable basic authentication for Cluster Links.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate

COMMAND:
client-certificate [certificate-file... | matching-rules | shutdown]
DESCRIPTION:
Enter the "client-certificate" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] certificate-file - The client certificate used by the Cluster Links to login to the remote node. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
matching-rules - Enter the "matching-rules" mode.
[no] shutdown - Enable or disable client certificate authentication for Cluster Links.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate certificate-file

COMMAND:
certificate-file <filename> [file-contents <file-contents> ]

no certificate-file

DESCRIPTION:
The client certificate used by the Cluster Links to login to the remote node. The file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<file-contents> [0..32768 chars] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules

COMMAND:
matching-rules [rule...]
DESCRIPTION:
Enter the "matching-rules" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[create|no] rule - Create, modify, or delete a Certificate Matching Rule.

A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule

COMMAND:
[create | no] rule <name>
DESCRIPTION:
Create, modify, or delete a Certificate Matching Rule.

A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [1..64 chars] - The name of the rule.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> attribute-filter

COMMAND:
[create | no] attribute-filter <name>
DESCRIPTION:
Create, modify, or delete a Certificate Matching Rule Attribute Filter.

A Cert Matching Rule Attribute Filter compares a link attribute to a string.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [1..64 chars] - The name of the filter.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> attribute

COMMAND:
attribute <value>

no attribute

DESCRIPTION:
Link Attribute to be tested.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..64 chars] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> attribute-filter <name> value

COMMAND:
value <value>

no value

DESCRIPTION:
Expected attribute value.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..256 chars] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> condition

COMMAND:
[create] condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address} {{matches-attribute <attribute>} | {matches-expression <expression>}}

no condition {certificate-thumbprint | common-name | common-name-last | subject-alternate-name-msupn | uid | uid-last | org-unit | org-unit-last | issuer | subject | serial-number | dns-name | ip-address}

DESCRIPTION:
Create, modify, or delete a Certificate Matching Rule Condition.

A Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<attribute> [1..64 chars] - Link Attribute to be compared with certificate content.
certificate-thumbprint - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
common-name - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
common-name-last - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
dns-name - The attribute is extracted from the certificate's Subject Alt Name DNS Name.
<expression> [1..256 chars] - Glob expression to be matched with certificate content.
ip-address - The attribute is extracted from the certificate's Subject Alt Name IP Address.
issuer - The attribute is extracted from the certificate's Issuer DN.
org-unit - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.
org-unit-last - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.
serial-number - The attribute is extracted from the certificate's Serial Number.
subject - The attribute is extracted from the certificate's Subject DN.
subject-alternate-name-msupn - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
uid - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
uid-last - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate matching-rules rule <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable a certificate matching rule.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> authentication client-certificate shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable client certificate authentication for Cluster Links.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> link

COMMAND:
[no] link <remote-node-name>

create link <remote-node-name>

DESCRIPTION:
Create, modify, or delete a Link.

A Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<remote-node-name> [1..64 chars] - The name of the node at the remote end of the Link.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> attribute

COMMAND:
[create | no] attribute <name> <value>
DESCRIPTION:
Create, modify, or delete a Link Attribute.

A Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<name> [1..64 chars] - The name of the Attribute.
<value> [1..256 chars] - The value of the Attribute.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication

COMMAND:
authentication [auth-scheme... | basic]
DESCRIPTION:
Enter the "authentication" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] auth-scheme - The authentication scheme to be used by the Link which initiates connections to the remote node.
basic - Enter the "basic" mode.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication auth-scheme

COMMAND:
auth-scheme {basic | client-certificate}

no auth-scheme

DESCRIPTION:
The authentication scheme to be used by the Link which initiates connections to the remote node.

The no version of the command returns its value to the default ("basic").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
basic - Basic Authentication Scheme (via username and password).
client-certificate - Client Certificate Authentication Scheme (via certificate file or content).


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication basic

COMMAND:
basic [password...]
DESCRIPTION:
Enter the "basic" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] password - The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> authentication basic password

COMMAND:
password <password>

no password

DESCRIPTION:
The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<password> [0..128 chars] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile

COMMAND:
client-profile [queue... | tcp]
DESCRIPTION:
Enter the "client-profile" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
queue - Enter the "queue" mode.
tcp - Enter the "tcp" mode.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile queue

COMMAND:
queue <type>
DESCRIPTION:
Enter the "queue" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<type> [G-1 | D-1 | D-2 | D-3 | C-1] - The type of queue to configure (G-Guaranteed, D-Direct, C-Control).


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile queue <type> max-depth

COMMAND:
max-depth <depth>

no max-depth

DESCRIPTION:
The maximum depth of the specified priority queue, in work units. Each work unit is 2048 bytes of message data.

The no version of the command returns its value to the default (20000).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<depth> [2..262144] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile queue <type> min-msg-burst

COMMAND:
min-msg-burst <depth>

no min-msg-burst

DESCRIPTION:
The number of messages that are always allowed entry into the specified priority queue, regardless of the max-depth value.

The no version of the command returns its value to the default. The default depends on the priority queue type.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<depth> [0..262144] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter the "tcp" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] initial-cwnd - The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.
keepalive - Enter the "keepalive" mode.
[no] max-wnd - The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.
[no] mss - The TCP maximum segment size, in bytes. Changes are applied to all existing connections.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num-mss> [2..7826] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter the "keepalive" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available.
[no] idle - The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num> [2..5] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [3..120] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [1..30] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker.

The no version of the command returns its value to the default (256).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num-kilo-bytes> [16..65536] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> client-profile tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
The TCP maximum segment size, in bytes. Changes are applied to all existing connections.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<byte-count> [256..1460] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> connect-via

COMMAND:
[no] connect-via <addr-port>
DESCRIPTION:
Create or delete a Remote Address.

Each Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<addr-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - The FQDN or IP address (and optional port) of the remote node. If port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed). Ex.
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> initiator

COMMAND:
initiator {lexical | local | remote}

no initiator

DESCRIPTION:
The initiator of the Link's TCP connections.

The no version of the command returns its value to the default ("lexical").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
lexical - The "higher" node-name initiates.
local - The local node initiates.
remote - The remote node initiates.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> message-spool

COMMAND:
message-spool [window-size...]
DESCRIPTION:
Enter the "message-spool" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] window-size - The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> message-spool window-size

COMMAND:
window-size <number>

no window-size

DESCRIPTION:
The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender.

The no version of the command returns its value to the default (255).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<number> [0..65535] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue

COMMAND:
queue [dead-message-queue... | event | max-delivered-unacked-msgs-per-flow... | max-redelivery... | max-spool-usage... | max-ttl... | reject-msg-to-sender-on-discard... | respect-ttl]
DESCRIPTION:
Enter the "queue" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] dead-message-queue - The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages.
event - Enter the "event" mode.
[no] max-delivered-unacked-msgs-per-flow - The maximum number of messages delivered but not acknowledged per flow for the Queue.
[no] max-redelivery - The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.
[no] max-spool-usage - The maximum message spool usage by the Queue (quota), in megabytes (MB).
[no] max-ttl - The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.
[no] reject-msg-to-sender-on-discard - Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.
[no] respect-ttl - Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue dead-message-queue

COMMAND:
dead-message-queue <dmq-name>

no dead-message-queue

DESCRIPTION:
The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages.

The no version of the command returns its value to the default ("#DEAD_MSG_QUEUE").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<dmq-name> [1..200 chars] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue event

COMMAND:
event [spool-usage]
DESCRIPTION:
Enter the "event" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
spool-usage - Enter the "spool-usage" mode.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue event spool-usage

COMMAND:
spool-usage [thresholds...]
DESCRIPTION:
Enter the "spool-usage" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] thresholds - The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue event spool-usage thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the message spool usage event of the Queue, relative to max-spool-usage.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..4294967295] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..4294967295] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-delivered-unacked-msgs-per-flow

COMMAND:
max-delivered-unacked-msgs-per-flow <max>

no max-delivered-unacked-msgs-per-flow

DESCRIPTION:
The maximum number of messages delivered but not acknowledged per flow for the Queue.

The no version of the command returns its value to the default (1000000).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<max> [1..1000000] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-redelivery

COMMAND:
max-redelivery <value>

no max-redelivery

DESCRIPTION:
The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<value> [0..255] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-spool-usage

COMMAND:
max-spool-usage <size>

no max-spool-usage

DESCRIPTION:
The maximum message spool usage by the Queue (quota), in megabytes (MB).

The no version of the command returns its value to the default (800000).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<size> [1..6000000] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue max-ttl

COMMAND:
max-ttl <ttl>

no max-ttl

DESCRIPTION:
The maximum time in seconds a message can stay in the Queue when respect-ttl is enabled. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the max-ttl configured for the Queue, is exceeded. A value of 0 disables expiry.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<ttl> [0..4294967295] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue reject-msg-to-sender-on-discard

COMMAND:
reject-msg-to-sender-on-discard [including-when-shutdown]

no reject-msg-to-sender-on-discard

DESCRIPTION:
Enable or disable the return of negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and transacted-session commits to fail.

The default is reject-msg-to-sender-on-discard "including-when-shutdown".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
including-when-shutdown - When this parameter is present, negative acknowledgments (NACKs) are returned to the sending client when a topic message is sent to the endpoint and the endpoint is shutdown.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> queue respect-ttl

COMMAND:
[no] respect-ttl
DESCRIPTION:
Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ.

The default value is no respect-ttl.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> retry

COMMAND:
retry [count... | delay...]
DESCRIPTION:
Enter the "retry" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] count - The number of retry attempts to establish a connection before moving on to the next remote Message VPN.
[no] delay - The number of seconds the broker waits for the bridge connection to be established before attempting a new connection.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> retry count

COMMAND:
count <count>

no count

DESCRIPTION:
The number of retry attempts to establish a connection before moving on to the next remote Message VPN.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<count> [0..255] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> retry delay

COMMAND:
delay <seconds>

no delay

DESCRIPTION:
The number of seconds the broker waits for the bridge connection to be established before attempting a new connection.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [0..255] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Link. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> span

COMMAND:
span {internal | external}

no span

DESCRIPTION:
The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters.

The no version of the command returns its value to the default ("external").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
external - Link to other cluster.
internal - Link to same cluster.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> transport

COMMAND:
transport [compressed | ssl]
DESCRIPTION:
Enter the "transport" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] compressed - Enable or disable compression on the Link.
[no] ssl - Enable or disable encryption (TLS) on the Link.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> transport compressed

COMMAND:
[no] compressed
DESCRIPTION:
Enable or disable compression on the Link.

The default value is no compressed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> link <remote-node-name> transport ssl

COMMAND:
[no] ssl
DESCRIPTION:
Enable or disable encryption (TLS) on the Link.

The default value is no ssl.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the Cluster.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> ssl

COMMAND:
ssl [server-certificate-validation]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
server-certificate-validation - Enter the "server-certificate-validation" mode.


enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation

COMMAND:
server-certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]
DESCRIPTION:
Enter the "server-certificate-validation" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] max-certificate-chain-depth - The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.
[no] validate-certificate-date - Enable or disable the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates.
[no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.


enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<max-depth> [0..8] - The value to set.


enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable or disable the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing dynamic-message-routing cluster <cluster-name> ssl server-certificate-validation validate-server-name

COMMAND:
[no] validate-server-name
DESCRIPTION:
Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.

The default value is validate-server-name.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing interface

COMMAND:
interface <phy-interface>

no interface

DESCRIPTION:
Configure the interface used for all routing protocols.

The no version of the command returns its value to the default (no interface configured).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<phy-interface> [0..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


enable configure routing mode

COMMAND:
mode {dynamic-message-routing | multi-node-routing} [defer]

no mode [defer]

DESCRIPTION:
The routing mode for the router. This affects the way routers can be interconnected to form a network, and how the subscription sets of each router are dynamically learned by the others. A restart is needed for the new mode to becomes operational.

The no version of the command returns its value to the default ("multi-node-routing").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
defer - Defer configuration. The deferred value will be applied following a router restart.
dynamic-message-routing - Supports Clustering and Guaranteed Messaging.
multi-node-routing - Supports Neighbors, but not Guaranteed Messaging.


enable configure routing multi-node-routing

COMMAND:
multi-node-routing [cspf | shutdown]
DESCRIPTION:
Configure multi-node-routing

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
cspf - Configure the CSPF routing protocol
[no] shutdown - Shuts down the routing protocols. The no version enables the routing protocols.


enable configure routing multi-node-routing cspf

COMMAND:
cspf [neighbor... | queue | ssl]
DESCRIPTION:
Configure the CSPF routing protocol

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[create|no] neighbor - Enter neighbor configuration mode
queue - Enter the cspf queue configuration mode.
ssl - Enter SSL configuration mode for CSPF routing data connections.


enable configure routing multi-node-routing cspf neighbor

COMMAND:
[create | no] neighbor <physical-router-name>
DESCRIPTION:
Enter neighbor configuration mode

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<physical-router-name> [1..64 chars] - Physical Router name of the neighbor router. CANNOT begin with 'v:', which indicates virtual router
( no ) <physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?
( create ) <physical-router-name> [1..64 chars] - Physical Router name of the neighbor router. CANNOT begin with 'v:', which indicates virtual router


enable configure routing multi-node-routing cspf neighbor <physical-router-name> compressed-data

COMMAND:
[no] compressed-data
DESCRIPTION:
Use compression across the neighbor's data connections. Only data connections are affected. Control connections are always uncompressed.

Setting the data connections to both Compression and SSL on the same neighbor is not supported.

The no version of this command disables compression.

The default value is no compressed-data.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> connect-via

COMMAND:
connect-via <ip-port>

no connect-via

DESCRIPTION:
IP address or FQDN, and optional port that the neighbor data port is reachable from. In the absence of NATs this is the ip-address associated with the neighbor's routing>interface, and port associated with service>smf>listen-port. If port is not specified it defaults to 55555. To change neighbor's listening ports use 'listen-port' command on the neighboring router.

The no version of this command clears the IP address and port value.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<ip-port> [1..259 chars: [:nnnnn] or nnn.nnn.nnn.nnn[:nnnnn] or bracketed [IPV6][:nnnnn] address] - FQDN or IP address (and optional port).
Examples:
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345


enable configure routing multi-node-routing cspf neighbor <physical-router-name> control-port

COMMAND:
control-port <port>

no control-port

DESCRIPTION:
TCP control listen-port number of the neighbor. If left unspecified the control port that will be used is the control port that is returned by the neighbor during the neighbor link establishment phase. Only in the presence of NATs will this mechanism fail to work. If specified this value takes precedence over any returned port from the neighbor

The no version of this command clears any set value in the listen-port.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<port> [1..65535] - TCP control listen-port of the neighbor


enable configure routing multi-node-routing cspf neighbor <physical-router-name> link-cost

COMMAND:
link-cost <cost>

no link-cost

DESCRIPTION:
Configure the link cost to the neighbor

The no version of the command returns its value to the default (100).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<cost> [1..255] - cost of a neighbor link (1-255)


enable configure routing multi-node-routing cspf neighbor <physical-router-name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Shuts down the current cspf neighbor. When shutdown, connections to the neighbor are disconnected and prevented from reconnecting.

The no version of this command enables the neighbor.

The default value is shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl

COMMAND:
ssl [cipher-suite... | trusted-common-name...]
DESCRIPTION:
Enter SSL configuration mode for the current CSPF neighbor.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] cipher-suite - Configure the cipher-suite list for the current neighbor.

The neighbor link uses this ordered list of cipher-suites in its encrypted data connections.

All supported suites are included by default, from most-secure to least-secure.

The remote router should choose the first suite from this list that it supports.

This attribute can be modified when cspf neighbor is shutdown.

The no version of the command removes the named cipher-suite from the list.
[no] trusted-common-name - Configure the trusted-common-name list for the current neighbor.

The router uses this list of common-names in its encrypted connection to verify the name in the certificate presented by the neighbor. To ensure that link will be established regardless of whether the router is initiating or accepting the neighbor connection, this list should contain both the server-certificate CN and client-certificate CN of the neighbor router.

The no version of the command removes the named common-name from the list.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl cipher-suite

COMMAND:
cipher-suite {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no cipher-suite name <suite-name>

DESCRIPTION:
Configure the cipher-suite list for the current neighbor.

The neighbor link uses this ordered list of cipher-suites in its encrypted data connections.

All supported suites are included by default, from most-secure to least-secure.

The remote router should choose the first suite from this list that it supports.

This attribute can be modified when cspf neighbor is shutdown.

The no version of the command removes the named cipher-suite from the list.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list.
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl trusted-common-name

COMMAND:
trusted-common-name {empty | name <common-name>}

no trusted-common-name name <common-name>

DESCRIPTION:
Configure the trusted-common-name list for the current neighbor.

The router uses this list of common-names in its encrypted connection to verify the name in the certificate presented by the neighbor. To ensure that link will be established regardless of whether the router is initiating or accepting the neighbor connection, this list should contain both the server-certificate CN and client-certificate CN of the neighbor router.

The no version of the command removes the named common-name from the list.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<common-name> [1..64 chars] - The expected trusted common name of the remote certificate.
empty - Removes all common names from the list.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> ssl-data

COMMAND:
[no] ssl-data
DESCRIPTION:
Use SSL across the neighbor's data connections. Only data connections are encrypted. Control connections are always in plain-text.

Setting the data connections to both Compression and SSL on the same neighbor is not supported.

The no version of this command disables SSL.



The default value is no ssl-data.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp

COMMAND:
tcp [initial-cwnd... | keepalive | max-wnd... | mss...]
DESCRIPTION:
Enter TCP configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] initial-cwnd - Configure the TCP initial congestion window size for this neighbor.

The initial congestion window size is used when starting up a TCP connection or recovery from idle (i.e. no traffic). It is the number of segments TCP sends before waiting for an acknowledgment from the peer. Larger values of initial window allows a connection to come up to speed quickly. However, care must be taken for if this parameter's value is too high, it may cause congestion in the network. For further details on initial window, refer to RFC 2581.

Changing the initial window from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support personnel before changing this parameter.

The no version of this command sets the initial TCP congestion window size to its default value of 2.
keepalive - Enter configuration of TCP keepalives.
[no] max-wnd - Configure the TCP maximum window size for this neighbor. The maximum window should be at least the bandwidth-delay product of the link between the TCP peers. If the maximum window is less than the bandwidth-delay product, then the TCP connection operates below its maximum potential throughput. If the maximum window is less than about twice the bandwidth-delay product, then occasional packet loss causes TCP connection to operate below its maximum potential throughput as it handles the missing ACKs and retransmissions. There are also problems with a maximum window that's too large. In the presence of a high offered load, TCP gradually increases its congestion window until either (a) the congestion window reaches the maximum window, or (b) packet loss occurs in the network. Initially, when the congestion window is small, the network's physical bandwidth-delay acts as a memory buffer for packets in flight. As the congestion window crosses the bandwidth-delay product, though, the buffering of in-flight packets moves to queues in various switches, routers, etc. in the network. As the congestion window continues to increase, some such queue in some equipment overflows, causing packet loss and TCP back-off.

The no version of this command sets the initial TCP maximum window size to its default value of 2048 KB.

This setting is ignored on the software broker.
[no] mss - Configure the TCP maximum segment size for the CSPF neighbor.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp initial-cwnd

COMMAND:
initial-cwnd <num-mss>

no initial-cwnd

DESCRIPTION:
Configure the TCP initial congestion window size for this neighbor.

The initial congestion window size is used when starting up a TCP connection or recovery from idle (i.e. no traffic). It is the number of segments TCP sends before waiting for an acknowledgment from the peer. Larger values of initial window allows a connection to come up to speed quickly. However, care must be taken for if this parameter's value is too high, it may cause congestion in the network. For further details on initial window, refer to RFC 2581.

Changing the initial window from its default of 2 results in non-compliance with RFC 2581. Contact Solace Support personnel before changing this parameter.

The no version of this command sets the initial TCP congestion window size to its default value of 2.

The no version of the command returns its value to the default (2).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num-mss> [2..7826] - The size of the initial congestion window measured in number of MSS.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive

COMMAND:
keepalive [count... | idle... | interval...]
DESCRIPTION:
Enter configuration of TCP keepalives.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] count - The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.
[no] idle - The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.
[no] interval - The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive count

COMMAND:
count <num>

no count

DESCRIPTION:
The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.

The no version of the command returns its value to the default (5).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num> [2..5] - The maximum number of keepalive probes TCP should send before dropping the connection.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive idle

COMMAND:
idle <seconds>

no idle

DESCRIPTION:
The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [3..120] - The time (in seconds) the connection needs to be idle before TCP starts sending keepalive probes.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp keepalive interval

COMMAND:
interval <seconds>

no interval

DESCRIPTION:
The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds.

The no version of the command returns its value to the default (1).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<seconds> [1..30] - The time (in seconds) between individual keepalive probes.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp max-wnd

COMMAND:
max-wnd <num-kilo-bytes>

no max-wnd

DESCRIPTION:
Configure the TCP maximum window size for this neighbor. The maximum window should be at least the bandwidth-delay product of the link between the TCP peers. If the maximum window is less than the bandwidth-delay product, then the TCP connection operates below its maximum potential throughput. If the maximum window is less than about twice the bandwidth-delay product, then occasional packet loss causes TCP connection to operate below its maximum potential throughput as it handles the missing ACKs and retransmissions. There are also problems with a maximum window that's too large. In the presence of a high offered load, TCP gradually increases its congestion window until either (a) the congestion window reaches the maximum window, or (b) packet loss occurs in the network. Initially, when the congestion window is small, the network's physical bandwidth-delay acts as a memory buffer for packets in flight. As the congestion window crosses the bandwidth-delay product, though, the buffering of in-flight packets moves to queues in various switches, routers, etc. in the network. As the congestion window continues to increase, some such queue in some equipment overflows, causing packet loss and TCP back-off.

The no version of this command sets the initial TCP maximum window size to its default value of 2048 KB.

This setting is ignored on the software broker.

The no version of the command returns its value to the default (2048).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<num-kilo-bytes> [16..65536] - The size of the maximum TCP window size in KB.


enable configure routing multi-node-routing cspf neighbor <physical-router-name> tcp mss

COMMAND:
mss <byte-count>

no mss

DESCRIPTION:
Configure the TCP maximum segment size for the CSPF neighbor.

The no version of the command returns its value to the default (1460).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<byte-count> [256..1460] - The size in bytes of MSS.


enable configure routing multi-node-routing cspf queue

COMMAND:
queue [max-depth... | min-msg-burst...]
DESCRIPTION:
Enter the cspf queue configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] max-depth - Configure the maximum depth of the neighbor queues.
[no] min-msg-burst - Configure the minimum number of messages that must be on a priority queue before the queue's depth is checked against the max-depth setting.


enable configure routing multi-node-routing cspf queue max-depth

COMMAND:
max-depth <depth>

no max-depth

DESCRIPTION:
Configure the maximum depth of the neighbor queues.

The no version of the command returns its value to the default (20000).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<depth> [50..262144] - The queue depth in number of work units


enable configure routing multi-node-routing cspf queue min-msg-burst

COMMAND:
min-msg-burst <depth>

no min-msg-burst

DESCRIPTION:
Configure the minimum number of messages that must be on a priority queue before the queue's depth is checked against the max-depth setting.

The no version of the command returns its value to the default (255).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<depth> [0..262144] - The queue burst depth in messages


enable configure routing multi-node-routing cspf ssl

COMMAND:
ssl [certificate-validation | client-certificate]
DESCRIPTION:
Enter SSL configuration mode for CSPF routing data connections.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
certificate-validation - Enter certificate-validation configuration mode.
client-certificate - Enter client-certificate configuration mode.


enable configure routing multi-node-routing cspf ssl certificate-validation

COMMAND:
certificate-validation [max-certificate-chain-depth... | validate-certificate-date | validate-server-name]
DESCRIPTION:
Enter certificate-validation configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] max-certificate-chain-depth - Configure the maximum depth for the certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.

The 'no' version resets the value to the default value.
[no] validate-certificate-date - Enable the validation of the "Not Before" and "Not After" validity dates in the certificate.

This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.

The 'no' version disables the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.
[no] validate-server-name - Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the neighbor. If enabled, the name used to connect to the neighbor is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.


enable configure routing multi-node-routing cspf ssl certificate-validation max-certificate-chain-depth

COMMAND:
max-certificate-chain-depth <max-depth>

no max-certificate-chain-depth

DESCRIPTION:
Configure the maximum depth for the certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate.

This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.

The 'no' version resets the value to the default value.

The no version of the command returns its value to the default (3).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<max-depth> [0..8] - The maximum depth that will be accepted for a certificate chain. The valid range is 0 to 8


enable configure routing multi-node-routing cspf ssl certificate-validation validate-certificate-date

COMMAND:
[no] validate-certificate-date
DESCRIPTION:
Enable the validation of the "Not Before" and "Not After" validity dates in the certificate.

This attribute applies to both the server-certificate and client-certificate of the remote CSPF neighbor.

The 'no' version disables the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid according to the "Not Before" and "Not After" validity dates in the certificate.

The default value is validate-certificate-date.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing multi-node-routing cspf ssl certificate-validation validate-server-name

COMMAND:
[no] validate-server-name
DESCRIPTION:
Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the neighbor. If enabled, the name used to connect to the neighbor is checked against the names specified in the certificate returned by the remote router. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled.

The default value is validate-server-name.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure routing multi-node-routing cspf ssl client-certificate

COMMAND:
client-certificate [certificate-file...]
DESCRIPTION:
Enter client-certificate configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] certificate-file - Configure the client certificate that the neighbor links will present to the remote router when initiating the data connections with the neighbor. The certificate file must be in the certs directory in the jail. Once installed the file in the jail can be removed if desired.

There is no SEMP support to configure the certificate-file since the security of the password cannot be assured over the wire.

The no version of the command removes the certificate.


enable configure routing multi-node-routing cspf ssl client-certificate certificate-file

COMMAND:
certificate-file <filename> [file-contents <file-contents> ]

no certificate-file

DESCRIPTION:
Configure the client certificate that the neighbor links will present to the remote router when initiating the data connections with the neighbor. The certificate file must be in the certs directory in the jail. Once installed the file in the jail can be removed if desired.

There is no SEMP support to configure the certificate-file since the security of the password cannot be assured over the wire.

The no version of the command removes the certificate.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
<file-contents> [0..32768 chars] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure routing multi-node-routing shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Shuts down the routing protocols. The no version enables the routing protocols.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
This command does not take any parameters.


enable configure schedule

COMMAND:
schedule [backup...]
DESCRIPTION:
Use this command to schedule automatic local backups of configuration database files on the router. The no version of this command deletes all automatic file backup schedules and returns the router to its default (that is, no scheduled backups).

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
[no] backup - Schedule backups of the router's config


enable configure schedule backup

COMMAND:
backup [days <days-of-week>] times <times-of-day> [max-backups <max-backups>]

no backup

DESCRIPTION:
Schedule backups of the router's config

The no version of the command returns its value to the default (no backup configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<days-of-week> [list of days] - "daily" or a comma-separated list of days, or numbers where 0 is Sunday, 1 is Monday, etc., or the empty-string ("") indicating "none".
<max-backups> [1..25] - Max number of scheduled backups to keep. Default 5.
<times-of-day> [list of times] - "hourly" or comma-separated list of up to 4 times of the form hh:mm where hh is [0..23] and mm is [0..59]. The empty-string ("") is also acceptable, indicating "none"


enable configure service

COMMAND:
service [amqp | event | health-check | mqtt | msg-backbone | rest | semp | smf | ssl | virtual-hostname... | web-transport]
DESCRIPTION:
Enter service configuration mode

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
amqp - Configure AMQP service
event - Enter service events configuration.
health-check - Configure health check service
mqtt - Configure MQTT service
msg-backbone - Enter message backbone service configuration.
rest - Configure REST service
semp - Configure SEMP service
smf - Configure SMF service
ssl - Configure SSL service.
[create|no] virtual-hostname - Create, modify, or delete a Virtual Hostname.

A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.

Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.

This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.
web-transport - Configure Web Transport service


enable configure service amqp

COMMAND:
amqp [listen-port... | shutdown]
DESCRIPTION:
Configure AMQP service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] listen-port - The global port number for AMQP clients that connect to the router. The port must be unique across the message backbone. Plain-text and SSL ports are configured separately. AMQP must be disabled to change the port.
[no] shutdown - Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected.


enable configure service amqp listen-port

COMMAND:
listen-port <port> [ssl]

no listen-port [ssl]

DESCRIPTION:
The global port number for AMQP clients that connect to the router. The port must be unique across the message backbone. Plain-text and SSL ports are configured separately. AMQP must be disabled to change the port.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [0..65535] - The value to set.
ssl - The port uses TLS.


enable configure service amqp shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service event

COMMAND:
event [connections]
DESCRIPTION:
Enter service events configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
connections - Enter connections event configuration.


enable configure service event connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter connections event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the connection count event.


enable configure service event connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the connection count event.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure service health-check

COMMAND:
health-check [listen-port... | shutdown...]
DESCRIPTION:
Configure health check service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] listen-port - The port number for health check clients that connect to the router. Plain-text and TLS ports are configured separately. The health check service must be disabled for the given transport to change the port.
[no] shutdown - Enable or disable plain-text or TLS health check service.


enable configure service health-check listen-port

COMMAND:
listen-port <port> [ssl]

no listen-port [ssl]

DESCRIPTION:
The port number for health check clients that connect to the router. Plain-text and TLS ports are configured separately. The health check service must be disabled for the given transport to change the port.

The no version of this command returns its value to the default (5550 for plain-text, unset for TLS).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [0..65535] - The value to set.
ssl - The port uses TLS.


enable configure service health-check shutdown

COMMAND:
[no] shutdown [plain-text] [ssl]
DESCRIPTION:
Enable or disable plain-text or TLS health check service.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
plain-text - For plain-text health check requests
ssl - For SSL/TLS health check requests


enable configure service mqtt

COMMAND:
mqtt [shutdown]
DESCRIPTION:
Configure MQTT service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected.


enable configure service mqtt shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service msg-backbone

COMMAND:
msg-backbone [shutdown]
DESCRIPTION:
Enter message backbone service configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected.


enable configure service msg-backbone shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected.

The default value is no shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service rest

COMMAND:
rest [event | incoming | outgoing]
DESCRIPTION:
Configure REST service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
event - Enter REST service events configuration.
incoming - Enter REST service incoming connections configuration.
outgoing - Enter REST service outgoing connections configuration.


enable configure service rest event

COMMAND:
event [outgoing]
DESCRIPTION:
Enter REST service events configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
outgoing - Enter outgoing event configuration.


enable configure service rest event outgoing

COMMAND:
outgoing [connections]
DESCRIPTION:
Enter outgoing event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
connections - Enter connections event configuration.


enable configure service rest event outgoing connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter connections event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the outgoing REST connection count event, relative to the maximum capacity of the router.


enable configure service rest event outgoing connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the outgoing REST connection count event, relative to the maximum capacity of the router.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..6000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..6000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure service rest incoming

COMMAND:
incoming [shutdown]
DESCRIPTION:
Enter REST service incoming connections configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Enable or disable the REST service incoming connections on the broker.


enable configure service rest incoming shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the REST service incoming connections on the broker.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service rest outgoing

COMMAND:
outgoing [shutdown]
DESCRIPTION:
Enter REST service outgoing connections configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Enable or disable the REST service outgoing connections on the broker.


enable configure service rest outgoing shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the REST service outgoing connections on the broker.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service semp

COMMAND:
semp [cors | legacy-timeout | listen-port... | session-idle-timeout... | session-max-lifetime... | shutdown...]
DESCRIPTION:
Configure SEMP service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
cors - Configure CORS on SEMP service
[no] legacy-timeout - Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full. When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds. The recommended setting is disabled (no legacy-timeout). This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages. This setting will be removed in a future release.
[no] listen-port - The port number for SEMP clients that connect to the router. Plain-text and SSL ports are configured separately. SEMP must be disabled for the given transport to change the port.
[no] session-idle-timeout - The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time.
[no] session-max-lifetime - The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity.
[no] shutdown - Enable or disable plain-text or ssl SEMP service.


enable configure service semp cors

COMMAND:
cors [allow-any-host]
DESCRIPTION:
Configure CORS on SEMP service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] allow-any-host - Enable or disable cross origin resource requests for the SEMP service.


enable configure service semp cors allow-any-host

COMMAND:
[no] allow-any-host
DESCRIPTION:
Enable or disable cross origin resource requests for the SEMP service.

The default value is allow-any-host.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service semp legacy-timeout

COMMAND:
[no] legacy-timeout
DESCRIPTION:
Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full. When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds. The recommended setting is disabled (no legacy-timeout). This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages. This setting will be removed in a future release.

The default value is no legacy-timeout.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service semp listen-port

COMMAND:
listen-port <port> [ssl]

no listen-port [ssl]

DESCRIPTION:
The port number for SEMP clients that connect to the router. Plain-text and SSL ports are configured separately. SEMP must be disabled for the given transport to change the port.

The no version of this command returns its value to the default (80 for plain-text, 443 for SSL).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [1..65535] - The value to set.
ssl - The port uses TLS.


enable configure service semp session-idle-timeout

COMMAND:
session-idle-timeout <value>

no session-idle-timeout

DESCRIPTION:
The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time.

The no version of the command returns its value to the default (15).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [1..5256000] - The value to set.


enable configure service semp session-max-lifetime

COMMAND:
session-max-lifetime <value>

no session-max-lifetime

DESCRIPTION:
The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity.

The no version of the command returns its value to the default (43200).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<value> [1..5256000] - The value to set.


enable configure service semp shutdown

COMMAND:
[no] shutdown [plain-text] [ssl]
DESCRIPTION:
Enable or disable plain-text or ssl SEMP service.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
plain-text - For plain-text SEMP requests
ssl - For SSL/TLS SEMP requests


enable configure service smf

COMMAND:
smf [event | listen-port... | shutdown]
DESCRIPTION:
Configure SMF service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
event - Enter SMF service events configuration.
[no] listen-port - The port number for SMF clients and neighbors that connect to the router. Plain-text, compressed, SSL, and routing-control ports are configured separately. SMF must be disabled to change the port.
[no] shutdown - Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected.


enable configure service smf event

COMMAND:
event [connections]
DESCRIPTION:
Enter SMF service events configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
connections - Enter connections event configuration.


enable configure service smf event connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter connections event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the SMF connection count event.


enable configure service smf event connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the SMF connection count event.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure service smf listen-port

COMMAND:
listen-port <port> [compressed] [routing-control] [ssl]

no listen-port [compressed] [routing-control] [ssl]

DESCRIPTION:
The port number for SMF clients and neighbors that connect to the router. Plain-text, compressed, SSL, and routing-control ports are configured separately. SMF must be disabled to change the port.

The no version of this command returns its value to the default (55555 for plain-text, 55003 for compressed, 55443 for SSL/TLS, 55556 for routing-control).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
compressed - The port uses compressed.
<port> [1..65535] - The value to set.
routing-control - The port uses routing-control.
ssl - The port uses TLS.


enable configure service smf shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected.

The default value is no shutdown.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service ssl

COMMAND:
ssl [event]
DESCRIPTION:
Configure SSL service.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
event - Enter SSL service events configuration.


enable configure service ssl event

COMMAND:
event [connections]
DESCRIPTION:
Enter SSL service events configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
connections - Enter connections event configuration.


enable configure service ssl event connections

COMMAND:
connections [thresholds...]
DESCRIPTION:
Enter connections event configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] thresholds - The thresholds for the incoming and outgoing TLS connection count event of the broker.


enable configure service ssl event connections thresholds

COMMAND:
thresholds {[set-value <set-value>] [clear-value <clear-value>] | [set-percentage <set-percentage>] [clear-percentage <clear-percentage>]}

no thresholds

DESCRIPTION:
The thresholds for the incoming and outgoing TLS connection count event of the broker.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-percentage> [0..100] - The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
<clear-value> [0..200000] - The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event.
<set-percentage> [0..100] - The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
<set-value> [0..200000] - The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event.


enable configure service virtual-hostname

COMMAND:
[create | no] virtual-hostname <name>
DESCRIPTION:
Create, modify, or delete a Virtual Hostname.

A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.

Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.

This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [1..253 chars: ] - The virtual hostname.


enable configure service virtual-hostname <name> message-vpn

COMMAND:
message-vpn <vpn-name>

no message-vpn

DESCRIPTION:
The message VPN to which this virtual hostname is mapped.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [0..32 chars] - The value to set.


enable configure service virtual-hostname <name> shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable Virtual Hostname to Message VPN mapping.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service web-transport

COMMAND:
web-transport [listen-port... | shutdown | web-url-suffix...]
DESCRIPTION:
Configure Web Transport service

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] listen-port - The port number for web-transport clients that connect to the router. Plain-text and SSL ports are configured separately. Web-transport must be disabled to change the port.
[no] shutdown - Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected.
[no] web-url-suffix - Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker.


enable configure service web-transport listen-port

COMMAND:
listen-port <port> [ssl]

no listen-port [ssl]

DESCRIPTION:
The port number for web-transport clients that connect to the router. Plain-text and SSL ports are configured separately. Web-transport must be disabled to change the port.

The no version of the command returns its value to the default (varies by platform).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [1..65535] - The value to set.
ssl - The port uses TLS.


enable configure service web-transport shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure service web-transport web-url-suffix

COMMAND:
web-url-suffix <suffix>

no web-url-suffix

DESCRIPTION:
Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<suffix> [0..127 chars] - The value to set.


enable configure snmp-server

COMMAND:
[no] snmp-server
DESCRIPTION:
Configure the SNMP server

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server community

COMMAND:
community <name> group <group>

no community <name>

DESCRIPTION:
Configure a community access string

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<group> [0..31 chars] - The group to add the community to
<name> [0..31 chars] - The community string


enable configure snmp-server contact

COMMAND:
contact <name>

no contact

DESCRIPTION:
Configure the contact name for the router

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [0..255 chars] - The contact name


enable configure snmp-server group

COMMAND:
group <name> {v2c | v3 {auth | noauth | priv}}

no group <name>

DESCRIPTION:
Configure a group

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
auth - Use authentication
<name> [0..31 chars] - The group name
noauth - Use no authentication
priv - Use authentication and encryption
v2c - Use SNMPv2c
v3 - Use SNMPv3


enable configure snmp-server host

COMMAND:
host <ip-addr> traps [{v2c | v3 {{auth | noauth | priv} user <name>}}] [port <port>] [community <community-name>]

no host <ip-addr>

DESCRIPTION:
Configure destination host

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
auth - Use authentication
<community-name> [0..31 chars] - The community string
<ip-addr> [1..253 chars: ] - FQDN or IP address
<name> [0..31 chars] - The user name
noauth - Use no authentication
<port> [1..65535] - UDP port number. Port 162 is used as a default if this parameter is not provided
priv - Use authentication and encryption
v2c - Use SNMPv2c
v3 - Use SNMPv3


enable configure snmp-server location

COMMAND:
location <name>

no location

DESCRIPTION:
Configure the location of the router

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [0..255 chars] - The location


enable configure snmp-server shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Shuts down the snmp server. The no version of the command starts the snmp server

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap

COMMAND:
[no] trap
DESCRIPTION:
Configure traps. The no version of the command resets all configured traps to their default thresholds

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap connections

COMMAND:
connections [shutdown | thresholds...]
DESCRIPTION:
Configure a trap for the number of TCP connections in the system.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables connections trap.
[no] thresholds - Configure/reset thresholds for the connections trap.


enable configure snmp-server trap connections shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables connections trap.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap connections thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the connections trap.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap.
<set-value> [0..31 chars] - The {set} value to be configured for this trap.


enable configure snmp-server trap disk-utilization

COMMAND:
disk-utilization [disk <disk-name>]
DESCRIPTION:
Configure the disk-utilization trap.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<disk-name> [md2 | md6 | externalSpool/p1 | externalSpool/p2] - Disk name having one of the following values: "md2" (root disk), "md6" (internal disk), "externalSpool/p1", or "externalSpool/p2". If it is left unspecified specified it defaults to "md6".


enable configure snmp-server trap disk-utilization shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables disk utilization trap.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap disk-utilization thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the disk utilization trap.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap.
<set-value> [0..31 chars] - The {set} value to be configured for this trap.


enable configure snmp-server trap egress-msg-rate

COMMAND:
egress-msg-rate [shutdown | thresholds...]
DESCRIPTION:
Configures a trap for aggregate egress message rates in msgs/sec. If configured, a trap is sent when the aggregate egress message rate exceeds the configured limit.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables egress message rate trap.
[no] thresholds - Configure/reset thresholds for the egress message rate trap.


enable configure snmp-server trap egress-msg-rate shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables egress message rate trap.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap egress-msg-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the egress message rate trap.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap.
<set-value> [0..31 chars] - The {set} value to be configured for this trap.


enable configure snmp-server trap fan-speed

COMMAND:
fan-speed [shutdown]
DESCRIPTION:
Configure all fanSpeed sensor traps in the system with a high and a low threshold. The value polled is the speed of the fan with a unit of RPM.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables fan speed traps.


enable configure snmp-server trap fan-speed shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables fan speed traps.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap ingress-msg-rate

COMMAND:
ingress-msg-rate [shutdown | thresholds...]
DESCRIPTION:
Configures a trap for aggregate ingress message rates in msgs/sec. If configured, a trap is sent when the aggregate ingress message rate exceeds the configured limit.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables ingress message rate trap.
[no] thresholds - Configure/reset thresholds for the ingress message rate trap.


enable configure snmp-server trap ingress-msg-rate shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables ingress message rate trap.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap ingress-msg-rate thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the ingress message rate trap.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap.
<set-value> [0..31 chars] - The {set} value to be configured for this trap.


enable configure snmp-server trap power-status

COMMAND:
power-status [shutdown]
DESCRIPTION:
Configures a binary trap for power-status. Value polled is componentPresence that gives status information of the power-modules. 1 indicates a failure of one of the power-modules and 0 indicates no failure.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables power status traps.


enable configure snmp-server trap power-status shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables power status traps.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Stops the generation of traps. The no version of the command enables the generation of all configured traps.

The default value is shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap subscriptions

COMMAND:
subscriptions [shutdown | thresholds...]
DESCRIPTION:
Configure a trap for the number of subscriptions.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables subscriptions trap.
[no] thresholds - Configure/reset thresholds for the subscriptions trap.


enable configure snmp-server trap subscriptions shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables subscriptions trap.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap subscriptions thresholds

COMMAND:
thresholds [set-value <set-value>] [clear-value <clear-value>]

no thresholds

DESCRIPTION:
Configure/reset thresholds for the subscriptions trap.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<clear-value> [0..31 chars] - The clear value to be configured for this trap.
<set-value> [0..31 chars] - The {set} value to be configured for this trap.


enable configure snmp-server trap temperature

COMMAND:
temperature [shutdown]
DESCRIPTION:
Configure traps for all temperature sensors in the system with a high and a possible low threshold.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables temperature traps.


enable configure snmp-server trap temperature shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables temperature traps.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server trap voltage

COMMAND:
voltage [shutdown]
DESCRIPTION:
Configure traps for all voltage sensors in the system with a high and a low threshold.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] shutdown - Disables/Enables voltage traps.


enable configure snmp-server trap voltage shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Disables/Enables voltage traps.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure snmp-server user

COMMAND:
user <name> group <group> {password <password> }

no user <name>

DESCRIPTION:
Configure a user

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<group> [1..31 chars] - The group name
<name> [1..31 chars] - The user name
<password> [8..128 chars] - The password


enable configure ssl

COMMAND:
ssl [allow-tls-version-1.0 | allow-tls-version-1.1 | cipher-suite | crime-exploit-protection | domain-certificate-authority... | server-certificate... | standard-domain-certificate-authorities | tls-session-timeout...]
DESCRIPTION:
Enter the "ssl" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] allow-tls-version-1.0 - Enable or disable the blocking of incoming TLS version 1.0 connections. When blocked, existing TLS 1.0 connections from Clients and SEMP users remain connected while new connections are blocked. Note that support for TLS 1.0 will eventually be discontinued, at which time TLS 1.0 connections will be blocked regardless of this setting.
[no] allow-tls-version-1.1 - Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting.
cipher-suite - Enter the "cipher-suite" mode.
[no] crime-exploit-protection - Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit.
[create|no] domain-certificate-authority - Create, modify, or delete a Domain Certificate Authority.

Certificate Authorities trusted for domain verification.
[no] server-certificate - Configure the server certificate used for TLS connections. The certificate file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.
[no] standard-domain-certificate-authorities - Enable or disable the standard domain certificate authority list.
[no] tls-session-timeout - The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session.


enable configure ssl allow-tls-version-1.0

COMMAND:
[no] allow-tls-version-1.0
DESCRIPTION:
Enable or disable the blocking of incoming TLS version 1.0 connections. When blocked, existing TLS 1.0 connections from Clients and SEMP users remain connected while new connections are blocked. Note that support for TLS 1.0 will eventually be discontinued, at which time TLS 1.0 connections will be blocked regardless of this setting.

The default value is no allow-tls-version-1.0.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ssl allow-tls-version-1.1

COMMAND:
[no] allow-tls-version-1.1
DESCRIPTION:
Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting.

The default value is allow-tls-version-1.1.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ssl cipher-suite

COMMAND:
cipher-suite [management... | msg-backbone... | ssh...]
DESCRIPTION:
Enter the "cipher-suite" mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
[no] management - The list of cipher suites used for TLS management connections (e.g. SEMP, LDAP).
[no] msg-backbone - The list of cipher suites used for TLS data connections (e.g. client pub/sub).
[no] ssh - The list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP).


enable configure ssl cipher-suite management

COMMAND:
management {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no management {name <suite-name>}

DESCRIPTION:
The list of cipher suites used for TLS management connections (e.g. SEMP, LDAP).

The default is management "default".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure ssl cipher-suite msg-backbone

COMMAND:
msg-backbone {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no msg-backbone {name <suite-name>}

DESCRIPTION:
The list of cipher suites used for TLS data connections (e.g. client pub/sub).

The default is msg-backbone "default".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/mesh-manager
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure ssl cipher-suite ssh

COMMAND:
ssh {default | empty | name <suite-name> [{before | after} <existing-suite-name>] }

no ssh {name <suite-name>}

DESCRIPTION:
The list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP).

The default is ssh "default".

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
after - Add the suite-name after the existing-suite-name
before - Add the suite-name before the existing-suite-name
default - The default cipher suite list
empty - Remove all cipher suites from the list
<existing-suite-name> [1..64 chars]
<suite-name> [1..64 chars] - The cipher suite to be added to the cipher suite list. The cipher suite is appended to the list if no 'before' or 'after' keyword is present
( no ) <suite-name> [1..64 chars] - The suite-name to remove from the list of cipher-suite


enable configure ssl crime-exploit-protection

COMMAND:
[no] crime-exploit-protection
DESCRIPTION:
Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit.

The default value is crime-exploit-protection.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ssl domain-certificate-authority

COMMAND:
[create | no] domain-certificate-authority <ca-name>
DESCRIPTION:
Create, modify, or delete a Domain Certificate Authority.

Certificate Authorities trusted for domain verification.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-name> [1..64 chars] - The name of the Certificate Authority.


enable configure ssl domain-certificate-authority <ca-name> certificate

COMMAND:
certificate {file <ca-certificate> | content <raw-data>}

no certificate

DESCRIPTION:
The trusted root certificate for a domain certificate authority. The file must be located in the /certs directory and must be PEM formatted.

The no version of the command returns its value to the default (no certificate configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<ca-certificate> [1..127 chars] - The CA certificate file.
<raw-data> [0..32768 chars] - The CA certificate content.


enable configure ssl server-certificate

COMMAND:
server-certificate <filename> [file-contents <file-contents> ]

no server-certificate

DESCRIPTION:
Configure the server certificate used for TLS connections. The certificate file must be located in the /certs directory and must be PEM formatted (have a .pem extension). It must consist of a private key and between one and three certificates comprising the certificate trust chain.

The no version of the command returns its value to the default ("").

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<file-contents> [0..32768 chars] - The server certificate.
<filename> [Filename of certificate in /certs directory.] - The certificate file in the certs directory.


enable configure ssl standard-domain-certificate-authorities

COMMAND:
[no] standard-domain-certificate-authorities
DESCRIPTION:
Enable or disable the standard domain certificate authority list.

The default value is standard-domain-certificate-authorities.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure ssl tls-session-timeout

COMMAND:
tls-session-timeout <seconds>

no tls-session-timeout

DESCRIPTION:
The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session.

The no version of the command returns its value to the default (86400).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<seconds> [1..86400] - The value to set.


enable configure syslog

COMMAND:
[create | no] syslog <name>
DESCRIPTION:
Enter syslog configuration mode, to configure file and remote logging destination parameters

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<name> [1..64 chars] - The name to identify this Syslog destination definition. The "no" version of the command removes this Syslog destination definition.


enable configure syslog <name> facility

COMMAND:
[no] facility {command | event | system }
DESCRIPTION:
Configure syslog facility

By default, no facilities are configured.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
command - Add or remove command facility to this Syslog destination definition.
event - Add or remove event facility to this Syslog destination definition.
system - Add or remove system facility to this Syslog destination definition.


enable configure syslog <name> host

COMMAND:
[no] host <hostname-or-address> [transport {tcp | udp | tls}]
DESCRIPTION:
Change remote syslog receiver

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<hostname-or-address> [1..70 chars: [:nnnnn]] - Hostname or IP address (and optional port).
Examples:
192.1.2.3:12345
solace
[1111:0:1::4]:12345
tcp - Send Syslog via TCP
tls - Send Syslog via TLS
transport - Set the transport protocol mode to one of the following:
udp - Send Syslog via UDP


enable configure system

COMMAND:
system [topic-routing]
DESCRIPTION:
Enter system configuration mode.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
topic-routing - Configure topic routing system options


enable configure system topic-routing

COMMAND:
topic-routing [subscription-exceptions...]
DESCRIPTION:
Configure topic routing system options

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[no] subscription-exceptions - This command is used to enable subscription-exceptions for the router. When subscription-exceptions are enabled, a leading '!' character in a guaranteed messaging queue's topic subscription, or in an MQTT QoS-1 subscription, indicates a subscription exception. Any messages published to a topic matching a subscription exception will not be delivered to the guaranteed message queue (or the client), but will simply be discarded.

Subscription-exceptions are not supported for Durable Topic Endpoint subscriptions, Direct messaging subscriptions, ACL topic exceptions, or SolCache topics. The router will not accept a leading '!' in these topic strings when subscription-exceptions are enabled.

The 'no' version of the command disables subscript-exceptions for the router. When subscription-exceptions are disabled, a leading '!' character in a topic is treated as a literal character in the topic.

If the defer option is NOT used, this command triggers an immediate reboot of the system. If the defer option is used, the value is applied following a router restart.


enable configure system topic-routing subscription-exceptions

COMMAND:
[no] subscription-exceptions [defer]
DESCRIPTION:
This command is used to enable subscription-exceptions for the router. When subscription-exceptions are enabled, a leading '!' character in a guaranteed messaging queue's topic subscription, or in an MQTT QoS-1 subscription, indicates a subscription exception. Any messages published to a topic matching a subscription exception will not be delivered to the guaranteed message queue (or the client), but will simply be discarded.

Subscription-exceptions are not supported for Durable Topic Endpoint subscriptions, Direct messaging subscriptions, ACL topic exceptions, or SolCache topics. The router will not accept a leading '!' in these topic strings when subscription-exceptions are enabled.

The 'no' version of the command disables subscript-exceptions for the router. When subscription-exceptions are disabled, a leading '!' character in a topic is treated as a literal character in the topic.

If the defer option is NOT used, this command triggers an immediate reboot of the system. If the defer option is used, the value is applied following a router restart.

The default value is subscription-exceptions.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
defer - defer configuration. The deferred value will be applied following a router restart.


enable configure username

COMMAND:
username <name>

create username <name> [{password <password> }] [cli [global-access-level <access-level>] | file-transfer]

no username <name>

DESCRIPTION:
Use this command to create new Solace PubSub+ Broker CLI or SFTP user accounts, or to change passwords on existing user accounts. The no version deletes the specified user. Deleting a user will also cause all SEMP sessions associated with the user to be deleted.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
global/read-write is required for "create username" and "no username".
Notes/Exceptions: global/read-write is required to access usernames with global-access-level=none other than yourself. global/admin is required to access usernames with global-access-level>none other-than yourself. global/admin is required for "create username" and "no username" for usernames with global-access-level>none and for file-transfer usernames.
PARAMETERS:
<name> [1..32 chars] - Username
( no ) <name> [1..32 chars] - Username to delete
<access-level> - CLI global access level
cli - CLI user (default)
file-transfer - File transfer user. Used for remotely copying files to/from the router. Supported protocols are SFTP and SCP.
global-access-level - Allows the default global access level assigned to CLI users be overridden when creating a CLI username
( create ) <name> [1..32 chars] - Username to add
<password> - Set password for the user. This parameter is not required for the "no" version of the command


enable configure username <name> change-password

COMMAND:
change-password <password>

no change-password

DESCRIPTION:
Change the password of the user. This will cause all SEMP sessions associated with this user to be deleted.

The no version of the command returns its value to the default (no change-password configured).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
Notes/Exceptions: global/read-write is required when run against any username with global-access-level=none other than yourself. global/admin is required when run against any username with global-access-level>none other than yourself.
PARAMETERS:
<password> [0..128 chars] - New password


enable configure username <name> global-access-level

COMMAND:
global-access-level <access-level>
DESCRIPTION:
Set the global-scope access-level of a CLI username.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<access-level> [none | read-only | mesh-manager | read-write | admin] - CLI global access level


enable configure username <name> message-vpn

COMMAND:
message-vpn [access-level-exception... | default-access-level...]
DESCRIPTION:
Enter sub-mode to configure the access level at Message VPN level for CLI users.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
[create|no] access-level-exception - The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.
default-access-level - The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.


enable configure username <name> message-vpn access-level-exception

COMMAND:
[create | no] access-level-exception <vpn-name>
DESCRIPTION:
The 'create' version of this command creates a new vpn-scope access-level exception which overrides the access-level specified by the vpn-scope default access-level. The 'no' version of this command removes the access-level exception. If the 'create' and 'no' keywords are omitted, this command enters an existing access-level-exception, allowing that exception's access-level setting to be changed.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<vpn-name> [1..32 chars] - The name of the Message VPN for which an access level exception may be configured.


enable configure username <name> message-vpn access-level-exception <vpn-name> access-level

COMMAND:
access-level <access-level>
DESCRIPTION:
vpn-scope access-level to assign to CLI users.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI Message VPN access level


enable configure username <name> message-vpn default-access-level

COMMAND:
default-access-level <access-level>
DESCRIPTION:
The vpn-scope access-level that gets assigned by default to CLI users on each Message VPN unless there is an access-level exception configured for it. In that case the exception takes precedence.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<access-level> [none | read-only | read-write] - CLI user Message VPN


enable configure username <name> rename

COMMAND:
rename <name>
DESCRIPTION:
Change the name of the user. This will cause all SEMP sessions associated with this user to be deleted.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
Notes/Exceptions: global/admin is required to rename any username with global-access-level > none.
PARAMETERS:
<name> [1..32 chars] - New username


enable configure web-manager

COMMAND:
web-manager [allow-unencrypted-wizards | redirect-http]
DESCRIPTION:
Use this command to access commands related to the web-based broker manager UI.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] allow-unencrypted-wizards - Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure. Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping.
redirect-http - Configure HTTP to HTTPS redirections for web-manager access over the SEMP/SEMPS ports


enable configure web-manager allow-unencrypted-wizards

COMMAND:
[no] allow-unencrypted-wizards
DESCRIPTION:
Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure. Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping.

The default value is no allow-unencrypted-wizards.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable configure web-manager redirect-http

COMMAND:
redirect-http [override-ssl-port... | shutdown]
DESCRIPTION:
Configure HTTP to HTTPS redirections for web-manager access over the SEMP/SEMPS ports

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
[no] override-ssl-port - The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value.
[no] shutdown - Enable or disable redirection of HTTP requests for the broker manager to HTTPS.


enable configure web-manager redirect-http override-ssl-port

COMMAND:
override-ssl-port <port>

no override-ssl-port

DESCRIPTION:
The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value.

The no version of the command returns its value to the default (0).

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
<port> [0..65535] - The value to set.


enable configure web-manager redirect-http shutdown

COMMAND:
[no] shutdown
DESCRIPTION:
Enable or disable redirection of HTTP requests for the broker manager to HTTPS.

The default value is no shutdown.

CONFIG-SYNC:
HA: yes Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable copy

COMMAND:
copy <source> <destination>
DESCRIPTION:
Use this command to copy files to and from the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<destination> [0..255 chars] - destination file. Possible formats: sftp://[<username>@]<ip-addr>/<remote-pathname>, scp://[<username>@]<ip-addr>/<remote-pathname>, or <local-pathname>. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files.
<source> [0..255 chars] - source file. Possible formats: current-config, sftp://[<username>@]<ip-addr>/<remote-pathname>, scp://[<username>@]<ip-addr>/<remote-pathname>, or <local-pathname>. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files.


enable delete

COMMAND:
delete <file>
DESCRIPTION:
Use this command to delete files from the router. Note: Some files are not allowed to be deleted (for example, rotating system event logs such as solcbr.log.X files).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<file> [0..255 chars] - file(s) to delete. Only <local-pathname> formats may be used. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files.


enable delete-load

COMMAND:
delete-load <version>
DESCRIPTION:
Use this command to delete a SolOS software version already installed in the /loads subdirectory on the router (as displayed through the show version User EXEC command), which may not be the current version or the backout version. It may also be used to delete a SolBase version installed in the /loads subdirectory, which may not be the SolBase for the current version or the backout version.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<version> [0..63 chars] - Load version to delete


enable disable

COMMAND:
disable
DESCRIPTION:
Use this command to return yourself to the User EXEC level of the CLI from the Privileged EXEC level.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


enable disconnect

COMMAND:
disconnect sessionid <session-id>
DESCRIPTION:
Disconnect a CLI session

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
Notes/Exceptions: global/admin is required to disconnect any session belonging to someone else's username.
PARAMETERS:
<session-id> [1..8] - session Id of an existing session


enable power-down

COMMAND:
power-down
DESCRIPTION:
Use this command to turn off power to the router, on a router by router basis. Note: The router does NOT restart automatically after this command is run.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable reload

COMMAND:
reload [default-config | config <config-file>]
DESCRIPTION:
Use this command to restart the router using the currently installed software version. Optionally, the system configuration can be set to a backed-up configuration or the system default configuration during the restart.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
Notes/Exceptions: global/admin is required to use the config parameter.
PARAMETERS:
<config-file> [0..255 chars] - Reload from a backed-up configuration file
default-config - Reload with a default configuration


enable rename

COMMAND:
rename <old> <new>
DESCRIPTION:
Use this command to rename a regular (that is, Pathname) router file in the jail subdirectory.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-write
PARAMETERS:
<new> [0..255 chars] - new file. Only <local-pathname> formats may be used
<old> [0..255 chars] - old file. Only <local-pathname> formats may be used


enable setup

COMMAND:
setup
DESCRIPTION:
Use this command to quickly set the hostname, interfaces, clock and time zone on the router.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-write
PARAMETERS:
This command does not take any parameters.


enable shell

COMMAND:
shell <reason>
DESCRIPTION:
Use this command to access the SolOS shell.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<reason> [0..32768 chars] - Specify the reason for accessing the SolOS shell


end

COMMAND:
end
DESCRIPTION:
Use this command to exit the current CONFIG command level of the CLI and return to the Privileged EXEC level.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


exit

COMMAND:
exit
DESCRIPTION:
Use this command to exit the current command level of the CLI and return to the previous level. From the User EXEC level, use it to exit the CLI.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


help

COMMAND:
help
DESCRIPTION:
Use this command to display the Help facility for the command line interface.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


home

COMMAND:
home
DESCRIPTION:
Use this command to exit the current command level of the CLI and return to the User EXEC level.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


logout

COMMAND:
logout
DESCRIPTION:
Use this command to log out of a current CLI session.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


more

COMMAND:
more <pattern>
DESCRIPTION:
Use this command to display the contents of a text file in a directory.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<pattern> [0..255 chars] - text file(s) to display. Only <local-pathname> formats may be used. '*' and '?' wildcard characters, and '[...]' character classes can be used to match multiple files.


paging

COMMAND:
[no] paging [size <size>]
DESCRIPTION:
Use this command to control the output page size for show commands. The no version disables paging.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
<size> [1..2147483647] - Page size, default is current screen size


ping

COMMAND:
ping <vrf-ip-addr-or-host> [ip-interface <ip-interface>]
DESCRIPTION:
Use this command to send ICMP ECHO_REQUEST packets to a specified host.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"
<vrf-ip-addr-or-host> [0..266 chars] - VRF scoped IP address or hostname. VRF defaults to "management" if omitted. Examples: management:myhost, management:192.168.1.21


ping6

COMMAND:
ping6 <ip-addr> [ip-interface <ip-interface>]
DESCRIPTION:
Use this command to send ICMP ECHO_REQUEST packets to a specified host.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<ip-addr> [0..39 chars] - IPv6 address.
<ip-interface> [1..15 chars] - (eth<port>:<ip> | chassis/lag1:1 | <cartridge>/<slot>/<port>:<ip> | <cartridge>/<slot>/lag<N>:<ip>)
Examples: "eth1:1", "chassis/lag1:1", "1/5/2:3", "1/6/lag1:2"


pwd

COMMAND:
pwd
DESCRIPTION:
Use this command to display the present working directory (pwd).

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
This command does not take any parameters.


session

COMMAND:
session [timeout...]
DESCRIPTION:
Use this command to change the CLI inactivity timeout setting for your current CLI user session.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
timeout - Configure the current session's inactivity timeout. If not specified during a CLI session, the global console inactivity timeout is used.


session timeout

COMMAND:
timeout <idle-timeout>
DESCRIPTION:
Configure the current session's inactivity timeout. If not specified during a CLI session, the global console inactivity timeout is used.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<idle-timeout> [0..43200] - timeout value in minutes (0 to disable)


show

COMMAND:
show [acl-profile... | alarm | authentication... | backup | bridge... | cache-cluster... | cache-instance... | client... | client-certificate-authority... | client-profile... | client-username... | clock... | cluster... | compression | config-sync... | console... | cspf | current-config | debug... | deferred-config | disk... | distributed-cache... | dns | domain-certificate-authority... | environment | hardware... | home-cache-cluster... | hostname | interface... | ip | jndi | kerberos... | ldap-profile... | log | logging | memory | message-spool... | message-vpn... | mqtt | oauth-profile... | paging | process... | product-key | proxy... | queue... | queue-template... | radius-profile... | redundancy... | replay-log... | replicated-topic... | replication... | router-name | routing | semp-session... | sequenced-topic... | service... | session | smrp | snmp... | ssl | standard-domain-certificate-authority... | stats | syslog... | system... | telemetry | topic-endpoint... | topic-endpoint-template... | transaction... | username... | version | web-manager]
DESCRIPTION:
Use this command to display a variety of configuration and statistical information about the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
acl-profile - Show ACL profile information
alarm - Show current alarm status
authentication - Show authentication parameters for a class of users
backup - Show information on configuration backups
bridge - Show bridge information
cache-cluster - Show the contents of the distributed-cache cluster
cache-instance - Show the contents of the distributed-cache instance
client - Show client information
client-certificate-authority - Show client certificate authority settings
client-profile - Show client-profile information
client-username - Show client-username information
clock - Show system clock
cluster - Show cluster status
compression - Show compression information
config-sync - Show Config-Sync information. With no parameters configuration and basic operational state are displayed.
console - Show console configuration
cspf - Show CSPF routing information
current-config - Enter show current configuration mode. The subcommands are typically used with output redirection via '>' to create a script of CLI commands to create or remove the requested configuration
debug - Show internal debug information
deferred-config - Show the deferred configuration which will be applied on a router restart.
disk - Show local disk usage and the RAID status
distributed-cache - Show the contents of the distributed-cache
dns - Show Domain Name System (DNS) configuration.
domain-certificate-authority - Show domain certificate authority settings
environment - Show system environment information
hardware - Show system hardware information
home-cache-cluster - Show the contents of the home cache cluster
hostname - Show hostname
interface - Show the parameters configured for the interface
ip - Show Internet Protocol Parameters
jndi - Show JNDI configuration
kerberos - Show Kerberos authentication information
ldap-profile - Show ldap profile settings
log - Show the router log
logging - Show logging information
memory - Show memory usage
message-spool - Show message spool
message-vpn - Show Message VPN information
mqtt - Show MQTT information.
oauth-profile - Show OAuth profile settings
paging - Use this command to control the output page size for show commands. The no version disables paging.
process - Show system process information. Given a pid, displays detailed information for that process.
product-key - Show installed product-keys and the features they unlock
proxy - Show proxy settings
queue - Show queue information
queue-template - Show queue template information
radius-profile - Show radius profile settings
redundancy - Show redundancy configuration
replay-log - Show replay-log information
replicated-topic - Show replicated-topic information
replication - Show global replication information
router-name - Show router's name
routing - Show routing configuration
semp-session - Show information regarding currently active SEMP sessions.
sequenced-topic - Show sequenced-topic information
service - Show the port configuration for the protocols/services supported
session - Show information regarding currently active CLI sessions.
smrp - Show SMRP routing information
snmp - Show SNMP agent configuration
ssl - Show SSL configuration and state
standard-domain-certificate-authority - Show standard domain certificate authority settings
stats - Show global level stats
syslog - Show the configured syslog destinations
system - Show system
telemetry - Show telemetry information
topic-endpoint - Show topic-endpoint information
topic-endpoint-template - Show topic endpoint template information
transaction - Show transaction information
username - Show the names of all the CLI and file transfer users configured on a router
version - Show information on software loads
web-manager - Show web manager information


show acl-profile

COMMAND:
acl-profile <name> [message-vpn <vpn-name>] [{detail [[client-connect ] [publish-topic] [subscribe-topic] [subscribe-share-name] ]} | {users } ]
DESCRIPTION:
Show ACL profile information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
client-connect - Show client-connect information
detail - Show detailed information
<name> [1..32 chars] - ACL profile name; may contain wildcard characters
publish-topic - Show publish-topic information
subscribe-share-name - Show subscribe share name information
subscribe-topic - Show subscribe-topic information
users - Show users of this profile
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show alarm

COMMAND:
alarm
DESCRIPTION:
Show current alarm status

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show authentication

COMMAND:
authentication [user-class cli-semp] [{current-user } | access-level [{default | ldap [group <group-name-pattern>]}] [detail ]]
DESCRIPTION:
Show authentication parameters for a class of users

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
Notes/Exceptions: global/read-only is required to access any variant other than "current-user".
PARAMETERS:
access-level - Show access level configuration.
cli-semp - Show auth parameters for CLI and SEMP users.
current-user - Show access level for the current user.
default - Show only the default access level configuration.
detail - Show access level detailed configuration
group - Filter the display of LDAP access level configuration based on the group name.
<group-name-pattern> [1..256 chars] - The group name filter to apply to the show command; may contain wildcard characters * or ?
ldap - Show only the LDAP access level configuration.
<num-elements>*2
user-class - Class of user to operate on.


show backup

COMMAND:
backup
DESCRIPTION:
Show information on configuration backups

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show bridge

COMMAND:
bridge <bridge-name-pattern> [message-vpn <vpn-name-pattern>] [remote-message-vpn <remote-vpn-name-pattern>] [remote-router-name <remote-router-name-pattern>] [connect-via <addr-port>] [primary | backup | auto] [subscriptions [local | remote] | stats [queues] | connections [wide] | detail | message-spool-stats | ssl | client-certificate]
DESCRIPTION:
Show bridge information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<addr-port> [0..259 chars] - FQDN or IP address (and optional port).
Examples:
192.1.2.3:12345
solace.com
[1111:0:1::4]:12345
auto - Restrict output to only auto virtual routers
backup - Restrict output to only backup virtual routers
<bridge-name-pattern> [0..300 chars] - Bridge name; may contain wildcard characters * or ?
client-certificate - Display client certificate information
connections - Show connections.
detail - Show the detailed version.
local*2 - Show only local bridges.
message-spool-stats - Display message spool statistics.
primary - Restrict output to only primary virtual routers
queues - Show queue stats.
remote - Show only remote subscriptions.
<remote-router-name-pattern> [0..66 chars] - Router name; may contain wildcard characters * and ?
<remote-vpn-name-pattern> [0..32 chars] - Message VPN name; may contain wildcard characters * or ?
ssl - Display ssl information
stats - Show stats.
subscriptions - Show details about subscriptions configured for the bridge.
<vpn-name-pattern> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?
wide - Show more information on connections in wide format.
OUTPUT:
show bridge (Inbound/Outbound Oper State) NotApplicable - The connection is not relevant in the indicated direction. Shutdown - The bridge is down in the indicated direction. There are many potential reasons: - the bridge is shutdown - the bridge has no remote message-vpns - all remote message-vpns are shutdown - the local message-vpn is shutdown - the SMF service is shutdown - not active for virtual-router (VR): - no ip-interface for phys-interface - phys-interface is shutdown - ip-interface is shutdown - redundant mate has taken activity for VR - local message-vpn is replication-standby NotReady-Connecting - The bridge is down in the indicated direction. It is in the process of connecting to the remote host. NotReady-Handshaking - The bridge is down in the indicated direction. It has connected to the remote host and is in the process of negotiating with it. NotReady-WaitNext - The bridge is down in the indicated direction. It has failed to connect to a remote host and is waiting for the configured remote retry delay to expire before retrying. NotReady-WaitReuse - The bridge is down in the indicated direction. It established its own connection to the remote host but determined instead that it should use an pre-existing connection established from that remote host. It is waiting for its own connection to close before reusing the existing connection. NotReady-WaitCleanup - The bridge is down in the indicated direction. Its connection has closed and is in the process of being cleaned up. Ready-Subscribing - The bridge is up and is attracting traffic plus is in the process of adding configured subscriptions to the remote router. Ready-InSync - The bridge is up and is attracting traffic. All configured subscriptions have been added to the remote router.


show cache-cluster

COMMAND:
cache-cluster <name> [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | topics [filter <topic-pattern>] [type {local | global [home-cache-cluster <home-cache-cluster-name>]}] ]
DESCRIPTION:
Show the contents of the distributed-cache cluster

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ?
detail - Show details for each cache-cluster
<following-cache-cluster-name>*2 - Show cach clusters from this Cache cluster name
global - Show only global topics
<home-cache-cluster-name> [1..200 chars] - Home-cache-cluster name, can contain wildcard characters * or ?
local - Show only local topics
<name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<num-elements>*2 - The number of elements to display.
<topic-pattern> [0..255 chars] - Filter topics, can contain wildcard characters * or ?
topics - Show configured topics
type - Show only topics of specified type
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show cache-instance

COMMAND:
cache-instance <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>] [detail | remote {status | home-cache-clusters [<home-cluster-name>] | topics [detail*2] [filter <topic-pattern> ] [type {local | global}] }]
DESCRIPTION:
Show the contents of the distributed-cache instance

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ?
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
detail - Show details for each cache-instance
detail*2 - Show more detailed display of each topic
<following-cache-cluster-name>*2 - Show cach clusters from this Cache cluster name
<following-cache-instance-name>*2
global - Show only global topics
home-cache-clusters - Show remote global caching home-cache-clusters status
<home-cluster-name> [1..200 chars] - Home cache-cluster name, can contain wildcard characters * or ?
local - Show only local topics
<name> [1..200 chars] - Cache-instance name, can contain wildcard characters * or ?
<num-elements>*2 - The number of elements to display.
remote - Show info from the remote instance
status - Show remote status info
<topic-pattern> [0..255 chars] - Filter topics, can contain wildcard characters * or ?
topics - Show remote cached topics
type - Show only topics of specified type
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show client

COMMAND:
client <name> [client-username <username>] [message-vpn <vpn-name>] [authorization-group <group-name>] [{[{stats [congestion | queues]} | {connections [wide]}] } | {subscriptions [{subscription <subscription-name>}]} | {{message-spool | message-spool-stats | {transaction-stats [session <session-id>]}} [{{ingress | egress }} [flow <flow-id>]] } | {transacted-session [{session*2 <session-name>}]} | {sorted-stats [<stats-to-show>] [sort-by <stats-to-sort-by>] [clear-high-water-marks]} | web-transport ] [detail] [primary] [backup] [static] [slow-subscriber] [connected | disconnected]
DESCRIPTION:
Show client information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
authorization-group - Display only clients associated with certain authorization groups
backup - Show info for clients associated with the backup virtual router.
clear-high-water-marks - Clear the high water marks statistics.
client-username - Display clients associated with certain client-usernames
congestion - Display congestion discards stats. If applicable, output will be sorted in descending order
connected - Show info for connected clients only
connections - Display connection information
detail - Show detailed information for clients matching 'name'
disconnected - Show info for disconnected clients only
egress - Display egress message spool info/stats.
<fc-client-name>*2 - Client name.
<fc-client-name>*3 - Client name.
<fc-vpn-id>*2 - Message VPN id.
<fc-vpn-id>*3 - Message VPN id.
<fc-vr-index>*2 - Virtual router index.
<fc-vr-index>*3 - Virtual router index.
<flow-id> [0..4294967294] - Flow id to be displayed (associated with ingress/egress).
<group-name> [1..256 chars]
ingress - Display ingress message spool info/stats.
message-spool-stats - Display client message spool stats.
<name> [1..160 chars] - Client name; may contain wildcard characters * or ?
primary - Show info for clients associated with the primary virtual router.
queues - Display queue information
<session-id> [0..4294967295] - Session id to be displayed.
<session-name> [1..63 chars] - The name of the transacted session to be displayed.
slow-subscriber - Show info for clients that are unable to drain the load offered to them by the router
static - Show info for clients associated with the static virtual router.
stats - Display client traffic stats
<stats-to-show> [0..1024 chars] - Show the specified stats (comma separated list) in descending sorted order.
<stats-to-sort-by> [0..1024 chars] - The stats will be sorted in descending order based on the sorting criteria. If more than one criteria is present, multiple sets of stats are shown, each being sorted based on only one criteria.
<subscription-name> [1..250 chars] - The name of the subscription to be displayed.
subscriptions - Display subscription information
transacted-session - Display transacted session information.
transaction-stats - Display transaction information
<username> [1..189 chars] - client-username; may contain wildcard characters
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?
web-transport - Show info for web transport connections.
wide - Output connection info in a wide format


show client-certificate-authority

COMMAND:
client-certificate-authority {ca-name <ca-name> [cert [raw-content] | crl | stats | detail] [count <num-elements>] | stats*2}
DESCRIPTION:
Show client certificate authority settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<ca-name> [1..64 chars] - Certificate authority name; may contain wildcards * or ?.
ca-name [1..64 chars] - Display only the certificate authorities matching the given pattern.
cert - Display the CA certificate information
crl - Display Certificate Revocation List (CRL) information
detail - Display detailed information
<num-elements> [1..4294967295] - The maximum number of elements to display.
raw-content - Display the CA certificate raw content.
stats - Display statistics information
stats*2 - Display globals statistics information


show client-profile

COMMAND:
client-profile <name> [message-vpn <vpn-name>] [detail]
DESCRIPTION:
Show client-profile information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Display detailed information on client profile(s).
<name> [1..32 chars] - The name of the Client Profile.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show client-username

COMMAND:
client-username <name> [message-vpn <vpn-name>] [authorization-group <group-name>] [stats | detail ]
DESCRIPTION:
Show client-username information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Display detailed information about the specified client-username
<group-name> [1..256 chars] - Display only client usernames associated with certain authorization groups; may contain wildcard characters * or ?
<name> [1..189 chars] - Client Username; may contain wildcard characters
stats - Display client-username statistics
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show clock

COMMAND:
clock [{detail | {timezones [<pattern>]} | {synchronization ntp-source <host>}}]
DESCRIPTION:
Show system clock

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - List information about clock synchronization
<host> [1..253 chars] - Display NTP Sources matching the host, which may include wildcards * and ?.
<pattern> [0..32 chars] - Patterns may include wildcard characters * or ? (e.g. America*, U??, *East*)
timezones - List all or matching available time zones


show cluster

COMMAND:
cluster <cluster-name-pattern> [detail | link <link-name-pattern> [detail*2 | client-profile | queue | ssl | channel [message-vpn <vpn-name>] [detail*3] ] ]
DESCRIPTION:
Show cluster status

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
channel - Display channels of link
client-profile - Display client-profile link information
<cluster-name-pattern> [0..64 chars] - The cluster name, which may include wildcards * and ?.
detail - Display detailed cluster information
detail*2 - Display detailed link information
detail*3 - Display detailed channel information
<link-name-pattern> [0..64 chars] - Display cluster links to nodes matching the pattern, which may include wildcards * or ?
no-wildcard*2 - Do not use wildcarding
queue - Display queue link information
ssl - Display SSL link information
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show compression

COMMAND:
compression
DESCRIPTION:
Show compression information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show config-sync

COMMAND:
config-sync [database [router | message-vpn <vpn-name>] [detail | remote] [count <num-elements>]]
DESCRIPTION:
Show Config-Sync information. With no parameters configuration and basic operational state are displayed.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
Notes/Exceptions: A minimum access scope/level of global/read-only is required to view the router table.
PARAMETERS:
database - Display database table(s)
detail - Display details for selected table
message-vpn - Display only the VPN tables matching the given pattern
<num-elements> [1..4294967295] - The maximum number of elements to display.
remote - Display latest remote database info
router - Display only the router table
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show console

COMMAND:
console [login-banner]
DESCRIPTION:
Show console configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
login-banner - Displays the current banner text that is displayed on user login


show cspf

COMMAND:
cspf [database | neighbor... | queue | route... | ssl | stats]
DESCRIPTION:
Show CSPF routing information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
database - Show the CSPF database
neighbor - Show the state of CSPF links
queue - Show the CSPF queue settings
route - Show the CSPF route
ssl - Show the CSPF ssl
stats - Show the CSPF statistics


show cspf database

COMMAND:
database
DESCRIPTION:
Show the CSPF database

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show cspf neighbor

COMMAND:
neighbor <physical-router-name> [stats [queues | detail] | connections [wide] | detail*2]
DESCRIPTION:
Show the state of CSPF links

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
connections - Show neighbor tcp connection info
detail - Show detailed information
detail*2 - Show neighbor details
<physical-router-name> [1..64 chars] - Physical Router name of the neighbor; may contain wildcard characters * and ?
queues - Show queue statistics
stats - Show neighbor statistics
wide - Display cli output suitable for wide terminals (300+ character width)


show cspf queue

COMMAND:
queue
DESCRIPTION:
Show the CSPF queue settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show cspf route

COMMAND:
route [destination <router-destination>] [source <router-source>]
DESCRIPTION:
Show the CSPF route

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
destination - Filter to only show routes that have router-name as the final destination
<router-destination> [1..66 chars] - Router name; may contain wildcard characters * and ?
<router-source> [1..66 chars] - Router name; may contain wildcard characters * and ?
source - Filter to only show routes that assume router-name is the ingress node


show cspf ssl

COMMAND:
ssl
DESCRIPTION:
Show the CSPF ssl

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show cspf stats

COMMAND:
stats
DESCRIPTION:
Show the CSPF statistics

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.
OUTPUT:
show cspf stats (Error Conditions) Neighbor Dead Timer Expires - Number of inactive CSPF links due to the neighbor dead timer expiration. Neighbor Response Timer Expires - Number of non-responses received after CSPF sends a Neighbor Acquisition Request to a neighbor router. LSP Response Timer Expires - Number of non-responses received after CSPF sends an LSP to a neighbor router. Connect Response Timer Expires - CSPF has not established a connection after ~30 seconds of trying. Neighbor Handshake Fails - Number of CSPF links between routers made inactive during the Neighbor Handshake process. Neighbor Response Timer Expires - Number of non-responses received after CSPF sends a Neighbor Acquisition Request to a neighbor router. Neighbor Fails - Number of inactive connections on previously established CSPF links between routers. Unexpected Messages Received - Number of unrecognizable messages received. If you receive this error, please contact your Solace technical support representative for assistance. Unexpected Datapath Requests Received - Number of unrecognized CSPF request message types received. Unexpected Datapath Responses Received - Number of unrecognized CSPF response message types received. LSDD Timer Expires - Number of non-responses received after LSDD messages are sent to neighbor routers. Packet Processing Errors (Request) - A total of all errors encountered while handling a request packet. Packet Processing Errors (Response) - A total of all errors encountered while handling a response packet.


show current-config

COMMAND:
current-config [all... | message-vpn...]
DESCRIPTION:
Enter show current configuration mode. The subcommands are typically used with output redirection via '>' to create a script of CLI commands to create or remove the requested configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
all - Show the CLI commands needed to create the current configuration for the router, including configuration for all Message VPNs. The global/admin access level is required unless the redact parameter is used.
message-vpn - Show the CLI commands needed to create (or remove) the current configuration for Message VPNs. The global/admin access level is required unless the redact parameter is used.


show current-config all

COMMAND:
all [redact]
DESCRIPTION:
Show the CLI commands needed to create the current configuration for the router, including configuration for all Message VPNs. The global/admin access level is required unless the redact parameter is used.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
redact - Remove any sensitive information.


show current-config message-vpn

COMMAND:
message-vpn <vpn-name> [redact] [remove]
DESCRIPTION:
Show the CLI commands needed to create (or remove) the current configuration for Message VPNs. The global/admin access level is required unless the redact parameter is used.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
redact - Remove any sensitive information.
remove - Generate remove commands rather than create
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show debug

COMMAND:
debug [process-name <process-name>] [process-instance <process-instance>] [timeout <seconds>] <command> [<parameter-list>]
DESCRIPTION:
Show internal debug information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/admin
PARAMETERS:
<command> [0..1024 chars] - Debug command to execute.
<parameter-list> [0..32768 chars] - Parameters to pass to debug command, space separated.
<process-instance> [0..255] - Process instance to query.
<process-name> [cli | mgmtplane | controlplane | dataplane | soldebug | watchdog | adbtool | smlmanager | solsnmp | trmmanager | msgbusadapter | solcachemgr | smrp | solevent | dnsmanager | cmdserver | nab] - Name of process to query.
<seconds> [0..65535] - Time to wait for command to complete.


show deferred-config

COMMAND:
deferred-config
DESCRIPTION:
Show the deferred configuration which will be applied on a router restart.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show disk

COMMAND:
disk [detail]
DESCRIPTION:
Show local disk usage and the RAID status

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - show detailed information


show distributed-cache

COMMAND:
distributed-cache {<name> [message-vpn <vpn-name>] [detail] | summary}
DESCRIPTION:
Show the contents of the distributed-cache

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show details for each cache
<name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ?
summary - Show summary of all caches
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show dns

COMMAND:
dns
DESCRIPTION:
Show Domain Name System (DNS) configuration.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show domain-certificate-authority

COMMAND:
domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>]
DESCRIPTION:
Show domain certificate authority settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<ca-name> [1..64 chars] - Certificate authority name; may contain wildcards * or ?.
ca-name [1..64 chars] - Display only the certificate authorities matching the given pattern.
cert - Display the CA certificate information
detail - Display detailed information
<num-elements> [1..4294967295] - The maximum number of elements to display.
raw-content - Display the CA certificate raw content.


show environment

COMMAND:
environment
DESCRIPTION:
Show system environment information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show hardware

COMMAND:
hardware [details | post]
DESCRIPTION:
Show system hardware information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
details - Show detailed information about hardware
post - Show Power-On Self Test (POST) status


show home-cache-cluster

COMMAND:
home-cache-cluster <name> [cache-cluster <cluster-name>] [distributed-cache <cache-name>] [message-vpn <vpn-name>]
DESCRIPTION:
Show the contents of the home cache cluster

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<cache-name> [1..200 chars] - Distributed-cache name, can contain wildcard characters * or ?
<cluster-name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<name> [1..200 chars] - Cache-cluster name, can contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show hostname

COMMAND:
hostname
DESCRIPTION:
Show hostname

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


show interface

COMMAND:
interface [<phy-interface>] [detail]
DESCRIPTION:
Show the parameters configured for the interface

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed information
<phy-interface> [1..15 chars] - (eth<port> | chassis/lag1 | <cartridge>/<slot>/<port> | <cartridge>/<slot>/lag<N>)
Examples: "eth1", "chassis/lag1", "1/5/2", "1/6/lag1"


show ip

COMMAND:
ip [route | vrf...]
DESCRIPTION:
Show Internet Protocol Parameters

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
route - Show Global IP routing information
vrf - Show Virtual Forwarding Instance information


show ip route

COMMAND:
route
DESCRIPTION:
Show Global IP routing information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show ip vrf

COMMAND:
vrf [<name> [link-local-address | {route | interface <interface-pattern>} [detail]]]
DESCRIPTION:
Show Virtual Forwarding Instance information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed information
<interface-pattern> [0..15 chars] - show VRF IP interface information
link-local-address - show VRF IP link local address information
<name> [0..12 chars] - VRF name
route - show VRF IP routing information


show jndi

COMMAND:
jndi [connection-factory... | object... | queue... | schema... | summary... | topic...]
DESCRIPTION:
Show JNDI configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
connection-factory - Show JNDI connection-factory objects
object - Show JNDI objects
queue - Show JNDI queue objects
schema - Show JNDI object schema
summary - Show JNDI configuration summary
topic - Show JNDI topic objects


show jndi connection-factory

COMMAND:
connection-factory <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail]
DESCRIPTION:
Show JNDI connection-factory objects

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show detailed information
<name> [1..256 chars] - Object name; may contain wildcard characters.
<property-name> [1..64 chars] - Show the objects containing this property.
<property-value> [0..256 chars] - Show the objects containing this property.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show jndi object

COMMAND:
object <name> [message-vpn <vpn-name>]
DESCRIPTION:
Show JNDI objects

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<name> [1..256 chars] - Object name; may contain wildcard characters.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show jndi queue

COMMAND:
queue <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail]
DESCRIPTION:
Show JNDI queue objects

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show detailed information
<name> [1..256 chars] - Object name; may contain wildcard characters.
<property-name> [1..64 chars] - Show the objects containing this property.
<property-value> [0..256 chars] - Show the objects containing this property.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show jndi schema

COMMAND:
schema [connection-factory | topic | queue]
DESCRIPTION:
Show JNDI object schema

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
connection-factory - Show connection-factory schema only.
queue - Show queue schema only.
topic - Show topic schema only.


show jndi summary

COMMAND:
summary [message-vpn <vpn-name>]
DESCRIPTION:
Show JNDI configuration summary

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show jndi topic

COMMAND:
topic <name> [message-vpn <vpn-name>] [with <property-name> <property-value>] [detail]
DESCRIPTION:
Show JNDI topic objects

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show detailed information
<name> [1..256 chars] - Object name; may contain wildcard characters.
<property-name> [1..64 chars] - Show the objects containing this property.
<property-value> [0..256 chars] - Show the objects containing this property.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show kerberos

COMMAND:
kerberos [{keytab | keytab-file <file-name>} [detail]]
DESCRIPTION:
Show Kerberos authentication information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Display detail information about each keytab entry.
<file-name> [Filename of keytab in jail/keytabs directory.] - Kerberos keytab file within the keytabs directory. Wildcard characters are allowed to specify multiple files.
keytab - Display internal keytab store for incoming clients.
keytab-file - Display keytab file in keytabs directory.


show ldap-profile

COMMAND:
ldap-profile <profile-name> [detail | [index <server-index>] stats | users]
DESCRIPTION:
Show ldap profile settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Display detailed information.
<profile-name> [1..32 chars] - Ldap profile name. May contain wildcard characters * and ?.
<server-index> [1..3] - Show statistics for the ldap-server at the specified index.
stats - Show ldap-profile statistics
users - Show ldap-profile users
OUTPUT:
show ldap-profile (Last Error States and Statistics) None - No error has been found so far. OK - A successful connection has been made. Encoding Error - This indicates that the LDAP client ran into errors when trying to encode the request. Out of Memory - This indicates that the LDAP client was unable to allocate memory for the outgoing request or incoming response. Server Down - This indicates that the LDAP client was unable to send a request because the LDAP server is down. Decoding Error - This indicates that the LDAP client was unable to decode a server response. No Such Object - This indicates that the LDAP client was unable to bind as a given entity because that entity doesn't exist. Timeout - This indicates that the LDAP client's request has timed out. Filter Error - This indicates that the LDAP client encountered errors when trying to encode or parse the filter string. Multiple Entries - This indicates that a search returned more than one entry. Invliad Syntax - This indicates that the LDAP server found a syntax errors in the request. Referral - This indicates that the LDAP client has returned at least one referral in search reponse. Referral Limit Exceeded - This indicates that the LDAP client's referral has exceeded the referral limit of 10 levels. Invalid Credentials - This indicates that the LDAP server replies with Invalid when we attempt to a bind operation Start TLS Failed - This indicates that the LDAP client fails to enable TLS when connecting with the LDAP server. Local Error - This indicates that a LDAP_LOCAL_ERROR has occurred in the LDAP routine. Operations Error - This indicates that the intialization of the LDAP library failed, or an internal operations error has occurred. Auth Method Not Supported - This indicates that the authentication method is not supported. Protocol Error - This indicates that a protocol error has occurred. Parameter Error - This indicates that an incorrect parameter has been passed to a routine. Peer Disconnect - This indicates that the LDAP connection has timed out and the LDAP server issues a disconnect. Not Supported - This indicates that the feature is not supported. Other - This statistic encapsulates any additional errors not covered above. (timestamp) - If an error has been detected, a timestamp of the error is also given in the last error field.


show log

COMMAND:
log [acl... | command... | debug... | event... | login... | no-subscription-match... | rest... | system...]
DESCRIPTION:
Show the router log

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
acl - Display ACL logs.
command - Display command logs.
debug - Display debug logs.
event - Display event logs.
login - Display login logs.
no-subscription-match - Display no-subscription-match logs.
rest - Display REST logs.
system - Display system logs.


show log acl

COMMAND:
acl [client-connect | publish-topic | subscribe-topic] [client-username <username>] [message-vpn <vpn-name>] [wide]
DESCRIPTION:
Display ACL logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
client-connect - Show only logs relating to client-connect ACLs
publish-topic - Show only logs relating to publish-topic ACLs
subscribe-topic - Show only logs relating to subscribe-topic ACLs
<username> [1..189 chars] - Client username; may contain wildcard characters
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?
wide - Output log in a wide format


show log command

COMMAND:
command [lines <num-lines>] [find <search-string>]
DESCRIPTION:
Display command logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000.
<search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default.


show log debug

COMMAND:
debug [lines <num-lines>] [find <search-string>]
DESCRIPTION:
Display debug logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000.
<search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default.


show log event

COMMAND:
event [lines <num-lines>] [find <search-string>]
DESCRIPTION:
Display event logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000.
<search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default.


show log login

COMMAND:
login diag [wide]
DESCRIPTION:
Display login logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
diag - Show logs for login diagnostics
wide - Output log in a wide format


show log no-subscription-match

COMMAND:
no-subscription-match [client-username <username>] [client-name <name>] [message-vpn <vpn-name>] [wide]
DESCRIPTION:
Display no-subscription-match logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<name> [1..160 chars] - Show only logs for the specified client-name
<username> [1..189 chars] - Show only logs for the specified client-username
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?
wide - Output log in a wide format


show log rest

COMMAND:
rest rest-delivery-point errors [wide]
DESCRIPTION:
Display REST logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
errors - Show logs for error responses
rest-delivery-point - Show logs for REST Delivery Points
wide - Output log in a wide format


show log system

COMMAND:
system [lines <num-lines>] [find <search-string>]
DESCRIPTION:
Display system logs.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<num-lines> [0..4294967295] - The number of lines to read. Default is 1000.
<search-string> [0..32768 chars] - A string to use as a filter. No filtering applied by default.


show logging

COMMAND:
logging [command | config | debug... | event]
DESCRIPTION:
Show logging information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
command - Show command logging information
config - Show global logging configuration
debug - Show debug logging information
event - Show system publish event logging information


show logging command

COMMAND:
command
DESCRIPTION:
Show command logging information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show logging config

COMMAND:
config
DESCRIPTION:
Show global logging configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show logging debug

COMMAND:
debug [<subsystem-id>]
DESCRIPTION:
Show debug logging information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<subsystem-id> [0..50 chars] - Show logging info for the given subsystem ID. Default: Show logging info for all subsystems. If the logging info for each process varies, it will be displayed with a process name prefixed to it (DP = Dataplane, CP = Controlplane).


show logging event

COMMAND:
event
DESCRIPTION:
Show system publish event logging information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show memory

COMMAND:
memory
DESCRIPTION:
Show memory usage

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show message-spool

COMMAND:
message-spool [message-vpn <vpn-name> [sort-by-messages-spooled]] [stats | detail | rates ]
DESCRIPTION:
Show message spool

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
Notes/Exceptions: global/read-only is required to run this command without the "message-vpn" argument.
PARAMETERS:
detail - Show detailed information
rates - Show rate information
sort-by-messages-spooled - Sort the output in descending order of number of messages spooled
stats - Show spooled message stats
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show message-vpn

COMMAND:
message-vpn <vpn-name> {[[detail | stats [detail*2] | service [stats*2]] | subscriptions [primary] [backup] [static] ] | proxy <proxy-name> [detail*3] | replication [stats*3 | detail*4 | client-certificate] | rest [{rest-delivery-point <rdp-name> [stats*4 | queue-binding <queue-binding-name> [request-header <header-name> ] [protected-request-header <header-name>*2 ]] [count*3 <num-elements>*3] [detail*5] | rest-consumer <rest-consumer-name> [rest-delivery-point*2 <rdp-name>*2 ] [stats*5 | outgoing-connections [tcp [wide]] | authentication [{oauth-jwt-claim <oauth-jwt-claim-name> }] | client-certificate*2 | ssl | detail*6] [count*4 <num-elements>*4] }] | authorization [authorization-group <name> [detail*7]] [count*5 <num-elements>*5] | mqtt [{mqtt-session <client-id-pattern> [owner <owner-pattern>] [auto] [primary*2] [backup*2] [detail*8 | subscriptions*2 [qos <qos-value>] | stats*6 | client | queue]} | {retain {cache <cache-name> [detail*9]}}] | bridging | dynamic-message-routing [dmr-bridge <remote-node-name-pattern> ] | oauth {{profile <profile> [client*2 required-claim <required-claim-name-pattern> | resource-server required-claim*2 <required-claim-name-pattern>*2 ]} } [detail*10 [stats*7]] | telemetry-profile <telemetry-profile-name> [{receiver acl connect exception <cidr-addr>} | {trace filter <filter-name> [subscription <subscription-name> [smf | mqtt*2] ]}] }
DESCRIPTION:
Show Message VPN information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
authentication - Display the authentication configured for the REST Consumer
authorization - Show authorization information
authorization-group - Show authorization group information
auto - Filter mqtt-session by auto virtual-router (default)
backup - Show subscriptions for the backup virtual router.
backup*2 - Filter mqtt-session by backup virtual-router (default)
bridging - Display bridging message VPN information.
cache - Show MQTT Retain Cache information.
<cache-name> [1..64 chars] - Filter MQTT Retain Cache by name.
<cidr-addr> [0..43 chars] - Filter exception by CIDR address; may contain wildcard characters * or ?
client - Display the client of each mqtt-session
client-certificate - Show replication client certificate
client-certificate*2 - Display the certificate configured for the REST Consumer
<client-id-pattern> [0..128 chars] - Filter mqtt-session by client-id
count*10 - The maximum number of certificate matching rules or rule conditions to be displayed.
count*3 - Specifies that a limited number of REST Delivery Points, Queue Bindings, or Request Headers should be displayed
count*4 - Specifies that a limited number of REST Consumers or OAuth JWT claims should be displayed.
count*5 - The maximum number of authorization groups to be displayed
count*6 - Specifies that a limited number of mqtt objects should be displayed.
count*7 - Specifies that a limited number of dmr-bridge objects should be displayed.
count*8 - Specifies that a limited number of oauth objects should be displayed.
count*9 - Specifies that a limited number of telemetry-profile objects should be displayed.
detail - Show detailed message VPN information
detail*10 - Show detailed information about the Provider.
detail*2 - Show statistics detailed information
detail*3 - Show proxy details
detail*4 - Show replication details
detail*5 - Display detailed information about the REST Delivery Point
detail*6 - Display detailed information about the REST Consumer.
detail*7 - detail
detail*8 - Display details for each mqtt-session
detail*9 - Display details for each MQTT Retain Cache.
dynamic-message-routing - Show dynamic-message-routing information
<filter-name> [1..127 chars] - Filter trace-filter by name; may contain wildcard characters * or ?
following*2 - following keyword
following*3 - following keyword
<following-vpn-name>*2 - following message vpn name
<following-vpn-name>*3 - the vpn name
<following-vpn-name>*4
<header-name> [1..50 chars] - The pattern that filters the request header name. May contain wildcard characters * and ?
<header-name>*2 - The pattern that filters the request header name. May contain wildcard characters * and ?
mqtt*2 - Subscription uses MQTT syntax.
mqtt-session - Show MQTT session information.
<name> [1..256 chars] - Authorization group name; may contain wildcard characters * or ?
no-wildcard*10 - Do not use wildcarding
no-wildcard*11 - Do not use wildcarding
no-wildcard*2 - Do not use wildcarding
no-wildcard*3 - Do not use wildcarding
no-wildcard*4 - Do not use wildcarding
no-wildcard*5 - Do not use wildcarding
no-wildcard*6 - Do not use wildcarding
no-wildcard*7 - Do not use wildcarding
no-wildcard*8 - Do not use wildcarding
no-wildcard*9 - Do not use wildcarding
<num-elements>*10
<num-elements>*2 - The maximum number of elements to display.
<num-elements>*3
<num-elements>*4
<num-elements>*5
<num-elements>*6
<num-elements>*7
<num-elements>*8
<num-elements>*9
oauth - Display OAuth information about this VPN.
oauth-jwt-claim - Show OAuth JWT claim information.
<oauth-jwt-claim-name> [1..100 chars] - The pattern that filters the claim object name. May contain wildcard characters * and ?.
outgoing-connections - Show outgoing connection information for the REST Consumer
<owner-pattern> [0..189 chars] - Filter mqtt-session by owner (default *)
primary - Show subscriptions for the primary virtual router.
primary*2 - Filter mqtt-session by primary virtual-router (default)
<profile> [1..32 chars] - The name of the profile, which may include wildcards * or ?
protected-request-header - Show protected request headers for the queue binding.
proxy - Show proxies
<proxy-name> [0..32 chars] - The pattern that filters the proxy name. May contain wildcard characters * and ?.
<qos-value> [0..1] - Display subscriptions only of this QoS
queue - Display the Queue of each mqtt-session
queue-binding - Show queue bindings information for the REST Delivery Point.
<queue-binding-name> [0..200 chars] - The pattern that filters the Queue binding name. May contain wildcard characters * and ?
<rdp-name> [1..100 chars] - The pattern that filters the RDP object name. May contain wildcard characters * and ?.
<rdp-name>*2 - The pattern that filters the RDP object name. May contain wildcard characters * and ?.
<remote-node-name-pattern> [0..64 chars] - Display dmr-bridges to nodes matching the pattern, which may include wildcards * or ?
replication - Show replication
request-header - Show request headers for the queue binding.
required-claim - Show claim values required to be present in the access token.
required-claim*2 - Show claim values required to be present in the access token.
<required-claim-name-pattern> [1..100 chars] - The required claim name filter to apply to the show command; may contain wildcard characters * or ?
<required-claim-name-pattern>*2 - The required claim name filter to apply to the show command; may contain wildcard characters * or ?
rest - Show REST
rest-consumer - Show REST Consumer information. Omit all optional parameters to display aggregates.
<rest-consumer-name> [1..32 chars] - REST Consumer name specified. String wildcarding is supported.
rest-delivery-point - Show REST Delivery Point information. Omit all optional parameters to display aggregates.
service - Show services
smf - Subscription uses SMF syntax.
ssl - Display ssl attributes of the REST Consumer.
static - Show subscriptions for the static virtual router.
stats - Show message VPN statistics
stats*2 - Show services statistics
stats*3 - Show replication statistics
stats*4 - Show summary statistics for the REST Delivery Point
stats*5 - Show summary statistics for the REST Consumer.
stats*6 - Display stats for each mqtt-session
stats*7 - Show statistics about the Provider.
<subscription-name> [1..250 chars] - Filter subscription by name; may contain wildcard characters * or ?
subscriptions - Show message VPN subscriptions
subscriptions*2 - Display subscriptions for each mqtt-session
tcp - Show outgoing connection TCP information for the REST Consumer
telemetry-profile - Show telemetry-profile information.
<telemetry-profile-name> [1..21 chars] - Filter telemetry-profile by name; may contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?
wide - Display output suitable for wide terminals (300+ characters)


show mqtt

COMMAND:
mqtt
DESCRIPTION:
Show MQTT information.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show oauth-profile

COMMAND:
oauth-profile <profile-name-pattern> [access-level [{default | group <group-name-pattern> } ] [detail] | client {allowed-host <allowed-host-name-pattern> | authorization-parameter <authorization-parameter-name-pattern> | required-claim <required-claim-name-pattern> } | resource-server {required-claim*2 <required-claim-name-pattern>*2 } | detail*2 | stats]
DESCRIPTION:
Show OAuth profile settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
access-level - Show access level configuration.
allowed-host - Show allowed Host header values for incoming redirects.
<allowed-host-name-pattern> [1..255 chars] - The allowed host name filter to apply to the show command; may contain wildcard characters * or ?
authorization-parameter - Show additional parameters for OAuth Authorization server requests.
<authorization-parameter-name-pattern> [1..32 chars] - The authorization parameter name filter to apply to the show command; may contain wildcard characters * or ?
default - Show only the default access level configuration.
detail - Show access level detailed configuration
detail*2 - Display detailed information.
group - Filter the display of OAuth access level configuration based on the group name.
<group-name-pattern> [1..64 chars] - The group name filter to apply to the show command; may contain wildcard characters * or ?
no-wildcard*2 - Do not use wildcarding
no-wildcard*3 - Do not use wildcarding
no-wildcard*4 - Do not use wildcarding
no-wildcard*5 - Do not use wildcarding
<profile-name-pattern> [1..32 chars] - OAuth profile name. May contain wildcard characters * and ?.
required-claim - Show claim values required to be present in the ID token.
required-claim*2 - Show claim values required to be present in the access token.
<required-claim-name-pattern> [1..100 chars] - The required claim name filter to apply to the show command; may contain wildcard characters * or ?
<required-claim-name-pattern>*2 - The required claim name filter to apply to the show command; may contain wildcard characters * or ?
stats - Show oauth-profile statistics


show paging

COMMAND:
paging
DESCRIPTION:
Use this command to control the output page size for show commands. The no version disables paging.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


show process

COMMAND:
process [pid <pid>]
DESCRIPTION:
Show system process information. Given a pid, displays detailed information for that process.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<pid> [1..4194303] - process ID


show product-key

COMMAND:
product-key
DESCRIPTION:
Show installed product-keys and the features they unlock

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show proxy

COMMAND:
proxy <proxy-name> [detail]
DESCRIPTION:
Show proxy settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed proxy information
<proxy-name> [0..32 chars] - Proxy name. May contain wildcard characters * and ?.


show queue

COMMAND:
queue <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] | subscriptions | rates | sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue <dmq-filter> [dmq-list] | replay | partitions] [durable | non-durable] [detail] [replay-state {initializing | active | pending-complete | failed | all}] [count <num-elements>]
DESCRIPTION:
Show queue information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
active - Only show queues with an active replay
all - Show queues regardless of their replay state
detail - Show detailed information
<dmq-filter> [1..200 chars] - Shows only those queues that use <dmq-filter> as their dead-message queue; may contain wildcard characters
dmq-list - Show the Queues associated with the dead-message-queue
durable - Show durable queues only
failed - Only show queues with in the failed replay state
flows - Show flows
initializing - Only show queues with an initializing replay
messages - Show message spool messages
<msg-id> [1..18446744073709551615] - Show message spool starting from this msg-id
<name> [1..200 chars] - Queue name; may contain wildcard characters * or ?
newest - Show message spool ordered from newest to oldest messages
non-durable - Show non-durable queues only
<num-elements> [1..4294967295] - The number of elements to display.
oldest - Show message spool ordered from oldest to newest messages
partitions - Show partitions associated with the Queue
pending-complete - Only show queues with a pending-complete replay
priorities - Show priority stats also
<priority> [0..9 (lowest to highest)] - Show only messages in message spool with this priority
rates - Show rates associated with the Queue
replay - Show replay log information
replay-state - filter on replay states
<replication-group-msg-id> [41..41 chars] - Show message spool starting from this replication-group-msg-id
sort-by-messages-spooled - Sort the output in descending order of number of messages spooled
sort-by-unacked-messages-spooled - Sort the output in descending order of number of unacked messages spooled
stats - Show queue statistics
subscriptions - Show subscriptions associated with the Queue
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show queue-template

COMMAND:
queue-template <name> [message-vpn <vpn-name>] [detail]
DESCRIPTION:
Show queue template information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show detailed information
<name> [1..255 chars] - Queue Template name; may contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show radius-profile

COMMAND:
radius-profile <profile-name> [detail | stats]
DESCRIPTION:
Show radius profile settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed RADIUS profile information
<profile-name> [1..32 chars] - RADIUS profile name. May contain wildcard characters * and ?.
stats - Show RADIUS profile statistics


show redundancy

COMMAND:
redundancy [detail]
DESCRIPTION:
Show redundancy configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - show detailed information
OUTPUT:
show redundancy (General Status Items) Activity Status - Indicates whether the local router is active for the VRID. Values: Local Active, Mate Active. VRRP Status - Indicates whether the local router owns the VRID from the viewpoint of the VRRP. Values: Master, Backup. Local Priority - The priority the local router is announcing for the VRID. Values: Assert Activity, Active, Standby, Primary Reconcile, Backup Reconcile, Release. show redundancy (Local Priority Levels) Assert-Activity - The priority level the virtual router uses when it wants to assert itself as the 'master' of the VRID. After a timeout period, when the virtual router is sure that the mate router does not claim to be the Master, the local priority value for the virtual router is reduced to Active. Active - The normal priority level to indicate that the virtual router is currently active. Standby - The priority level that a backup virtual router uses to advertise that it is not currently active, but it is capable of taking activity if the primary virtual router unavailable. Primary-Reconcile - The priority level that a virtual router uses on start up, to ensure that it does not take activity before it is ready. Backup-Reconcile - The priority level that a backup virtual router uses to indicate that it is initializing, and it will not be able to take activity even if the primary virtual router is unavailable. Release - The priority level that a virtual router uses to indicate that it is no longer willing to act on behalf of the IP address. This priority level is advertised when the release-activity Router Redundancy CONFIG command is used. It is also the priority advertised for the backup virtual router whenever the redundancy feature is shutdown on the virtual router. show redundancy (Activity Status Items) Redundancy Status - Indicates whether the redundancy facility believes the router is in a state where it could provide service for the VRID. Values: Up, Down. SMRP Status - Indicates whether SMRP is ready to provide service for the VRID. Values: Ready, Not Ready. Db Build Status - Whenever a router is restarted while running Multi-Node Routing, SMRP needs to learn of the topic subscriptions it is to become active for. It does this by synchronizing its database with its neighbor routers. This value indicates the status of this SMRP synchronization. Values: Ready, Not Ready. Db Sync Status - Whenever redundancy is enabled on a router, it can take SMRP up to one minute to initialize its database to the state required of it for taking activity from its mate router on demand. This value indicates the readiness of SMRP to take such activity. Values: Ready, Not Ready. Internal Priority - The priority of the VRID within the redundancy facility. Values: Assert Activity, Active, Backup Reconcile, Release. Internal Activity Status - An indication of whether the local or mate router should be active, based solely on priorities exchanged between routers. Due to debounce timers, and the need for the mate router to acknowledge activity switches, this status can be different than the overall activity status for the VRID. Values: Local Active, Mate Active. Internal Redundancy State - The internal state of the Redundancy facility. Values: Primary-NotReady, Primary-WaitForLA, Primary-Active, Primary-Assert, Primary-Shutdown, Bkup-NotReady, Bkup-Standby, Bkup-DebounceLA, Bkup-Active, Bkup-Assert, Bkup-Shutdown. show redundancy (Redundancy Status Items) Redundancy Config Status - The operator-configured state of the Redundancy facility. Values: Enabled, Release, Shutdown. Message Spool Status - The readiness of the message spooler to provide Guaranteed Messaging. Values: Ready, Not Ready. show redundancy (CSMP Status Items) Internal Redundancy Status - The internal state of the CSMP Redundancy facility. Values: Primary-Shutdown, Bkup-Shutdown, LA-WaitForCspfLink, LA-WaitForDsdbSync, LA-CsmpReady, MA-WaitForDsdbSync, MA-CsmpReady, MA-CspfDownDebounce. show redundancy (Message Spool Status Items) Message Spool Config Status - The operator-configured status of message spooling on the Guaranteed Messaging VRID. Values: Enabled, Shutdown. VRID Config Status - Indicates whether the local Guaranteed Messaging VRID configuration matches what has been reported by the ADB. Values: Ready, Config Mismatch. ADB Status - Indicates the high-level status of the ADB. Values: Ready, Not Ready. Flash Module Status - Indicates the high-level status of the Flash Memory Module on the ADB. Values: Ready, Not Ready. Power Module Status - Indicates the high-level status of the power module on the ADB. Values: Ready, Not Ready. ADB Contents - Indicates whether the contents of the ADB appear to be valid. Values: Invalid, Stale, Ready. Disk Status - Indicates the status of the external disk storage array. Values: Ready, Not Ready. Disk Contents - Indicates whether the spool file directory on the external disk storage array appears to be valid. This value will generally be Unknown on a router that is not active. Values: Unknown, Mount Error, Invalid, Stale, Ready. ADB Datapath Status - Indicates the high-level status of the power module on the ADB. Values: Ready, Not Ready. ADB Contents - Indicates whether the contents of the ADB appear to be valid. Values: Invalid, Stale, Ready.


show replay-log

COMMAND:
replay-log <name> [message-vpn <vpn-name>] [messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] [detail] | topic-filters ] [count <num-elements>]
DESCRIPTION:
Show replay-log information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show detailed information
<msg-id> [1..18446744073709551615] - Show message spool starting from this msg-id
<name> [1..185 chars] - Queue name; may contain wildcard characters * or ?
newest - Show message spool ordered from newest to oldest messages
<num-elements> [1..4294967295] - The number of elements to display.
oldest - Show message spool ordered from oldest to newest messages
<priority> [0..9 (lowest to highest)] - Show only messages in message spool with this priority
<replication-group-msg-id> [41..41 chars] - Show message spool starting from this replication-group-msg-id
topic-filters - Show subscriptions associated with the replay log.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show replicated-topic

COMMAND:
replicated-topic <topic> [message-vpn <vpn-name>] [replication-mode {sync | async}] [count <num-elements>]
DESCRIPTION:
Show replicated-topic information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
async - Asynchronous replication-mode
<num-elements> [1..4294967295] - The number of elements to display.
replication-mode - Only this replication-mode
sync - Synchronous replication-mode
<topic> [0..255 chars] - Topic pattern, can contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show replication

COMMAND:
replication [stats]
DESCRIPTION:
Show global replication information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
stats - Show stats.


show router-name

COMMAND:
router-name
DESCRIPTION:
Show router's name

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show routing

COMMAND:
routing
DESCRIPTION:
Show routing configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show semp-session

COMMAND:
semp-session [<username-pattern>] [session-id <id-pattern>] [count <num-elements>]
DESCRIPTION:
Show information regarding currently active SEMP sessions.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<id-pattern> [1..56 chars] - The session ID pattern to use as a filter.
<num-elements> [1..4294967295] - The number of elements to display.
<username-pattern> [1..189 chars] - The username pattern to use as a filter.


show sequenced-topic

COMMAND:
sequenced-topic <topic> [message-vpn <vpn-name>] [count <num-elements>]
DESCRIPTION:
Show sequenced-topic information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
<num-elements> [1..4294967295] - The number of elements to display.
<topic> [0..255 chars] - Topic pattern, can contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show service

COMMAND:
service [web-transport | {virtual-hostname <hostname-name> } | semp]
DESCRIPTION:
Show the port configuration for the protocols/services supported

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<hostname-name> [1..253 chars: ] - FQDN or IPv4 address
semp - Show the SEMP service configuration.
web-transport - Show the web transport service configuration.


show session

COMMAND:
session
DESCRIPTION:
Show information regarding currently active CLI sessions.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
Notes/Exceptions: global/admin is required to see any session belonging to someone else's username.
PARAMETERS:
This command does not take any parameters.


show smrp

COMMAND:
smrp [database... | route... | stats... | subscription-block... | subscriptions...]
DESCRIPTION:
Show SMRP routing information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
database - Show SMRP database information
route - Show SMRP routing information
stats - Show SMRP statistics. Global stats across all router names are shown if no router-name is specified otherwise router-name specific stats are shown.
subscription-block - Show SMRP subscription-block information
subscriptions - Show SMRP subscription information


show smrp database

COMMAND:
database [router-name <router-name>] [detail]
DESCRIPTION:
Show SMRP database information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Display detailed information on router.
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


show smrp route

COMMAND:
route topic <topic-string> [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] [backup] [static] [persistent | non-persistent]
DESCRIPTION:
Show SMRP routing information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
backup - Only show routes to backup local destinations
client - Only show routes to local clients
<destination-name> [1..160 chars] - Only show routes to the specified destination. May contain wildcard characters * and ?
non-persistent - Only show routes for non-persistent topics
persistent - Only show routes for persistent topics
primary - Only show routes to primary local destinations
queue - Only show routes to local queues
remote-router - Only show routes to remote routers
static - Only show routes to static local destinations
topic-endpoint - Only show routes to local topic-endpoints
<topic-string> [1..250 chars] - Topic to display route information about
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show smrp stats

COMMAND:
stats [router-name [<router-name>]]
DESCRIPTION:
Show SMRP statistics. Global stats across all router names are shown if no router-name is specified otherwise router-name specific stats are shown.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?


show smrp subscription-block

COMMAND:
subscription-block [router-name <router-name>] [block-id <block-id>] [message-vpn <vpn-name>] [persistent | non-persistent] [detail]
DESCRIPTION:
Show SMRP subscription-block information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<block-id> [1..127 chars] - (output filter) range indicating which block numbers to display. Range example: 0-23,33,39 - display any blocks from 0 through 23 inclusive as well as blocks 33, and 39 (if they exist). Default is all blocks if left unspecified.
detail - Display detailed information on subscription block.
non-persistent - Only show non-persistent subscription block
persistent - Only show persistent subscription block
<router-name> [1..66 chars] - Router name; may contain wildcard characters * and ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show smrp subscriptions

COMMAND:
subscriptions [message-vpn <vpn-name>] [destination-name <destination-name>] [client] [queue] [topic-endpoint] [remote-router] [primary] [backup] [static] [{[dto-priority <priority>] [topic <topic-str>] [persistent | non-persistent] } | {summary }]
DESCRIPTION:
Show SMRP subscription information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
backup - Only show subscriptions from backup local destinations
client - Only show subscriptions from local clients
<destination-name> [1..160 chars] - Only show subscriptions from the specified destination. May contain wildcard characters * and ?
non-persistent - Only show routes for non-persistent topics
persistent - Only show persistent subscription
primary - Only show subscriptions from primary local destinations
<priority> [P1 | P2 | P3 | P4 | DA] - Only show subscription with this priority
queue - Only show subscriptions from local queues
remote-router - Only show subscriptions from remote routers
static - Only show subscriptions from static local destinations
summary - Show per-destination summary information
topic-endpoint - Only show subscriptions from local topic-endpoints
<topic-str> [1..250 chars] - The value of the Topic in the form a/b/c. Wildcard characters * and ? are allowed.
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show snmp

COMMAND:
snmp [trap [<name>]]
DESCRIPTION:
Show SNMP agent configuration

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<name> [0..42 chars] - Trap name
trap - Show snmp trap configuration


show ssl

COMMAND:
ssl [allow-tls-version | certificate-files... | cipher-suite-list... | crime-exploit-protection | server-certificate... | standard-domain-certificate-authorities | supported-cipher-suites... | supported-tls-versions | tls-session-timeout]
DESCRIPTION:
Show SSL configuration and state

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
allow-tls-version - This command is used to display the versions of TLS that clients and SEMP users are allowed to use when connecting to the router. As well as which versions of TLS the router's LDAP authentication connections can use when communicating with an external LDAP server
certificate-files - Show certificates uploaded to the router
cipher-suite-list - Show the preconfigured cipher suite lists.
crime-exploit-protection - This command is used to display whether CRIME exploit protection is enabled.
server-certificate - Show the router's configured SSL certificate
standard-domain-certificate-authorities - show the standard domain certificate authorities
supported-cipher-suites - Show the cipher suites supported by the router.
supported-tls-versions - show TLS versions
tls-session-timeout - Show the router's tls-session-timeout in seconds


show ssl allow-tls-version

COMMAND:
allow-tls-version
DESCRIPTION:
This command is used to display the versions of TLS that clients and SEMP users are allowed to use when connecting to the router. As well as which versions of TLS the router's LDAP authentication connections can use when communicating with an external LDAP server

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show ssl certificate-files

COMMAND:
certificate-files [filename <filename>] [detail]
DESCRIPTION:
Show certificates uploaded to the router

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed information for each certificate
<filename> [Filename of certificate in /certs directory.] - Certificate filename; may contain wildcard characters * and ?


show ssl cipher-suite-list

COMMAND:
cipher-suite-list {default | management [default*2] | msg-backbone [default*3] | ssh [default*4]}
DESCRIPTION:
Show the preconfigured cipher suite lists.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
default - show the generic default
default*2 - Show the default cipher suite list.
default*3 - show the default cipher suite list.
default*4 - show the default cipher list.
management - show the list for the management plane
msg-backbone - show the list for the message backbone
ssh - show the list for the SSH applications


show ssl crime-exploit-protection

COMMAND:
crime-exploit-protection
DESCRIPTION:
This command is used to display whether CRIME exploit protection is enabled.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show ssl server-certificate

COMMAND:
server-certificate [detail]
DESCRIPTION:
Show the router's configured SSL certificate

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed information on configured certificate


show ssl standard-domain-certificate-authorities

COMMAND:
standard-domain-certificate-authorities
DESCRIPTION:
show the standard domain certificate authorities

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
This command does not take any parameters.


show ssl supported-cipher-suites

COMMAND:
supported-cipher-suites [{management | msg-backbone | ssh}]
DESCRIPTION:
Show the cipher suites supported by the router.

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
management - show the list for the management plane
msg-backbone - show the list for the message backbone
ssh - show the list for the SSH applications


show ssl supported-tls-versions

COMMAND:
supported-tls-versions
DESCRIPTION:
show TLS versions

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
This command does not take any parameters.


show ssl tls-session-timeout

COMMAND:
tls-session-timeout
DESCRIPTION:
Show the router's tls-session-timeout in seconds

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show standard-domain-certificate-authority

COMMAND:
standard-domain-certificate-authority ca-name <ca-name> [cert [raw-content] | detail] [count <num-elements>]
DESCRIPTION:
Show standard domain certificate authority settings

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<ca-name> [1..64 chars] - Certificate authority name; may contain wildcards * or ?.
ca-name [1..64 chars] - Display only the certificate authorities matching the given pattern.
cert - Display the CA certificate information
detail - Display detailed information
<num-elements> [1..4294967295] - The maximum number of elements to display.
raw-content - Display the CA certificate raw content.


show stats

COMMAND:
stats [client... | neighbor... | ssl]
DESCRIPTION:
Show global level stats

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
client - Show aggregate client statistics
neighbor - Show aggregate neighbor statistics
ssl - Show global SSL statistics


show stats client

COMMAND:
client [detail]
DESCRIPTION:
Show aggregate client statistics

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed stats information


show stats neighbor

COMMAND:
neighbor [detail]
DESCRIPTION:
Show aggregate neighbor statistics

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed stats information


show stats ssl

COMMAND:
ssl
DESCRIPTION:
Show global SSL statistics

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.
OUTPUT:
show stats ssl Connections Accepted - The total number of SSL connections that completed the SSL handshake. Note that this also includes connections that are later rejected for other reasons, such as client certificate validation faliures, client authentication failures or VPN shutdown. Connections Rejected - The aggregate number of connections that were rejected for reasons to do with the SSL handshake. Unsupported Cipher Suite - The number of connections rejected due to the client requesting an unsupported cipher suite. SSL Not operational - The number of connections rejected because SSL is not in the operational state. Other failure - The number of connections rejected for all other reasons. For example, unexpected data framing within the encrypted data stream.


show syslog

COMMAND:
syslog [<name>]
DESCRIPTION:
Show the configured syslog destinations

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<name> [0..64 chars] - Syslog destination definition name


show system

COMMAND:
system [detail | post]
DESCRIPTION:
Show system

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
detail - Show detailed information.
post - Show Power-On Self Test (POST) status


show telemetry

COMMAND:
telemetry
DESCRIPTION:
Show telemetry information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
This command does not take any parameters.


show topic-endpoint

COMMAND:
topic-endpoint <name> [message-vpn <vpn-name>] [flows | stats [priorities] | messages [oldest | newest] [msg-id <msg-id> | replication-group-msg-id <replication-group-msg-id> | priority <priority>] | topics | rates | sort-by-messages-spooled | sort-by-unacked-messages-spooled | dead-message-queue <dmq-filter> [dmq-list] | replay] [durable | non-durable] [replay-state {initializing | active | pending-complete | failed | all}] [detail] [flow <flow-id>] [count <num-elements>]
DESCRIPTION:
Show topic-endpoint information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
active - Only show topic-endpoints with an active replay
all - Show topic-endpoints regardless of their replay state
detail - Show detailed information
<dmq-filter> [1..200 chars] - Shows only those topic-endpoints that use <dmq-filter> as their dead-message queue; may contain wildcard characters
dmq-list - Show the topic-endpoints associated with the dead-message-queue
durable - Show durable topic-endpoint only
failed - Only show topic-endpoints with in the failed replay state
<flow-id> [0..4294967294] - Flow id to be displayed
flows - Show flows
initializing - Only show topic-endpoints with an initializing replay
messages - Show message spool messages
<msg-id> [1..18446744073709551615] - Show message spool starting from this msg-id
<name> [1..250 chars] - Topic Endpoint name; may contain wildcard characters * or ?
newest - Show message spool ordered from newest to oldest messages
non-durable - Show non-durable topic-endpoint only
<num-elements> [1..4294967295] - The number of elements to display.
oldest - Show message spool ordered from oldest to newest messages
pending-complete - Only show topic-endpoints with a pending-complete replay
priorities - Show priority stats also
<priority> [0..9 (lowest to highest)] - Show only messages in message spool with this priority
rates - Show rates associated with the topic-endpoint
replay - Show replay log information
replay-state - filter on replay states
<replication-group-msg-id> [41..41 chars] - Show message spool starting from this replication-group-msg-id
sort-by-messages-spooled - Sort the output in descending order of number of messages spooled
sort-by-unacked-messages-spooled - Sort the output in descending order of number of messages spooled
stats - Show topic-endpoint statistics
topics - Show topics associated with the topic-endpoint
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show topic-endpoint-template

COMMAND:
topic-endpoint-template <name> [message-vpn <vpn-name>] [detail]
DESCRIPTION:
Show topic endpoint template information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show detailed information
<name> [1..255 chars] - Topic Endpoint Template name; may contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?


show transaction

COMMAND:
transaction [xid <xid>] [message-vpn <vpn-name>] [state <transaction-state>] [replicated] [detail | sort-by-last-state-change | sort-by-messages-spooled] [count <num-elements>]
DESCRIPTION:
Show transaction information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
detail - Show detailed information
<num-elements> [1..4294967295] - The number of elements to display.
replicated - Show only replicated transactions
sort-by-last-state-change - Sort the output in descending order of time since last state change
sort-by-messages-spooled - Sort the output in descending order of number of messages spooled
<transaction-state> [0..31 chars] - Transaction state, may contain wildcard characters * or ?
<vpn-name> [1..32 chars] - Message VPN name; may contain wildcard characters * or ?
<xid> [1..266 chars] - XID for a distributed transaction, may contain wildcard characters * or ?
OUTPUT:
show transaction Session - This is a unique name for the associated transacted session if there is one. If there is no associated session, then this field is N/A. Session Id - This is a unique identifier for the associated transacted session if there is one. If there is no associated session, then this field is N/A. Idle Timeout - The number of seconds before an idle transaction may be automatically rolled back and freed. Type - The type of transaction (XA or Local) State - The state of the transaction: Active - the transaction is associated to a transacted-session. Suspended - the transaction is associated to a transacted-session but is suspended. Idle - the transaction is not associated to any transacted-session and will be rolled back if not prepared, committed or rolled back within the idle-timeout period. Last State Change - The elapsed time since the last state change. This does not include a status change from in-Progress to complete, but only the time since entering the state.


show username

COMMAND:
username <username-pattern> [detail]
DESCRIPTION:
Show the names of all the CLI and file transfer users configured on a router

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
<username-pattern> [1..32 chars] - The username pattern to use as a filter.


show version

COMMAND:
version
DESCRIPTION:
Show information on software loads

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
This command does not take any parameters.


show web-manager

COMMAND:
web-manager
DESCRIPTION:
Show web manager information

MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
vpn/read-only
PARAMETERS:
This command does not take any parameters.


source

COMMAND:
source script <script-name> [stop-on-error] [no-prompt]
DESCRIPTION:
Use this command to run a cli script.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/read-only
PARAMETERS:
no-prompt - Skip yes/no confirmation prompting.
<script-name> [0..255 chars]
stop-on-error - Stop running script on encountering an error.


strict-column-wrapping

COMMAND:
[no] strict-column-wrapping
DESCRIPTION:
By default, this is enabled. Use the 'no' version of this command to allow designated columns to be displayed without wrapping. A column may be designated to be controlled by this setting if it is identified as a column where the content would need to be frequently cut and pasted. This is more easily performed if the content is not wrapped.

The default value is strict-column-wrapping.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
This command does not take any parameters.


tree

COMMAND:
tree [all | global]
DESCRIPTION:
Use this command to show the CLI command tree, starting from the current mode.

CONFIG-SYNC:
HA: no Replicated VPNs: no
MINIMUM REQUIRED SCOPE/ACCESS LEVEL:
global/none
PARAMETERS:
all - Display both the global command tree and the command tree for mode-specific commands (starting from the current mode)
global - Display the command tree for global commands (commands that are available in all modes


Copyright 2005-2024 Solace Corporation. All rights reserved.

The information contained herein is the property of Solace Corporation. and is strictly confidential. Except as expressly authorized in writing by Solace Corporation, the holder shall keep all information contained herein confidential, shall disclose it only to its employees with a need to know, and shall protect it, in whole or in part, from disclosure and dissemination to third parties with the same degree of care it uses to protect its own confidential information, but with noless than reasonable care.

Except as expressly authorized in writing by Solace Corporation, the holder is granted no rights to use the informationcontained herein.

Solace and Corporation. corporate logo are trademarks of Solace Corporation.All other trademarks used in this document are the property of their respective owners. The use of the word partner doesnot imply a partnership relationship between Solace Corporation and any other company.