ORBEM Configuration Mode Commands


ORBEM Configuration Mode Commands
 
 
The ORB Element Manager Configuration Mode is used to manage the ORBEM server options for the current context.
 
 
activate
Activates/deactivates a client for the ORB element management system interface.
Product
All
Privilege
Security Administrator, Administrator
Syntax
active client id
no active client id
no
Indicates the client specified is to be deactivated. When omitted, the client is activated.
id name
Specifies the client to be activated. name must refer to a previously configured client.
Usage
Activate clients after they have been configured or deactivated by the system or by configuration.
Example
active client sampleClient
no active client sampleClient
 
client
Configures/removes a client from the ORB element manager system interface.
Product
All
Privilege
Security Administrator, Administrator
Syntax
client id name [ encrypted ] password pwd
no client id name
no
Indicates the client specified is to be removed from the configuration.
id name
Specifies the client to be configured. name must be from 1 to 10 alpha and/or numeric characters in length.
encrypted
Indicates password specified is encrypted.
The encrypted keyword is intended only for use by the chassis while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the password keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of the configuration file.
password pwd
Specifies the password for the client. pwd must be from 1 to 35 alpha and/or numeric characters.
Usage
Clients for ORB element manager access must be configured prior to being activated.
Example
The following commands set the password for client sampleClient specifying a plain text password and an encrypted password as well.
client id sampleClient password secretPassword
client id sampleClient encrypted password f54gj801sd
The following deletes sampleClient from the configuration.
no client id sampleClient
 
default
Restores the system default values for the option specified.
Product
All
Privilege
Security Administrator, Administrator
Syntax
default { event-notif-iiop-port | event-notif-service filter | event-notif-siop-port | iiop-port | iop-address | max-attempt | session-timeout | siop-port }
event-notif-iiop-port
Restores the port number for the inter-ORB event notifications to the system default: 7778.
event-notif-service filter
Restores the ORB Notification Service filter to its default behavior of sending all “error” level and higher events, and “info” level events for the orbs facility, CLI command logs, and license change logs.
event-notif-siop-port
Restores the port to use for secure socket layer inter-ORB event communication to the system default: 7777.
iiop-port
Restores the port number for the inter-ORB communications to the system default: 14132.
iop-address
Restores the IP address for the inter-ORB communications to the system default: IP address of current context.
max-attempt
Restores the maximum number of failed login attempts before which the client is deactivated to the system default: 3 attempts.
session-timeout
restores the amount of idle time (no activity) before a session is terminated to the system default: 300 seconds.
siop-port
Restores the secure socket layer I/O port for inter-ORB events to the system default: 14131.
Usage
Restore the ORB element manager options to a well known values, the system defaults.
Example
default event-notif-iiop-port
default max-attempt
 
end
Exits the ORBEM configuration mode and returns to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Change the mode back to the Exec mode.
 
event-notif-iiop-port
Configures the port number for the Internet inter-ORB event notifications.
Product
All
Privilege
Security Administrator, Administrator
Syntax
event-notif-iiop-port number
number
Default: 7778
Specifies the port number to use as a number between 1 and 65535.
Usage
Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for standardized inter-ORB communications.
Event notification port configured is only used if the Internet inter-ORB transport is enabled via the iiop-transport command with the event notification service being enabled as well.
Example
event-notif-iiop-port 25466
 
event-notif-service
Enables/disables the ORB Notification Service and allows the configuration of filters dictating which event notifications are sent.
Product
All
Privilege
Security Administrator, Administrator
Syntax
event-notif-service [ filter { event-id event_id [ to final_event_id ] | facility event_facility level event_level } ]
no event-notif-service [ filter { event-id event_id [ to final_event_id ] | facility event_facility level event_level } ]
no
Indicates the event notification service is to be disabled.
filter
Allows the specification of a filter dictating which events the system sends notifications for.
event-id event_id [ to final_event_id ]
Specifies an event filter based on event identification (event ID) number.
event_id is a specific event ID to filter or is the initial event ID in range if the to keyword is used. It can be configured to any integer value between 1 to 100,000.
to allows the specification of a range of event IDs to filter. When used, final_event_id specifies the last event ID in the range to be filtered. It can be configured to any integer value between 1 to 100,000 but should be a value greater than the initial event ID.
facility event_facility level event_level
Specifies an event filter based on facility type and notification severity level.
event_facility specifies the facility type and can be any one of the following:
a10: A10 interface facility
a11: A11 interface facility
a11mgr: A11 Manager facility
aaa-client: AAA client facility
aaamgr: AAA manager logging facility
aaaproxy: AAA Proxy facility
acl-log: Access Control List logging facility
acsctrl: Active Charging Service (ACS) Controller facility
acsmgr: Active Charging Service (ACS) Manager facility
alarmctrl: Alarm Controller facility
all: All facilities
asf: Voice Application Server Framework logging facility
asfprt: ASF Protocol Task (SIP) logging facility
asngwmgr: ASN Gateway Manager facility
asnlrmgr: ASN Paging/Location-Registry Manager facility
bgp: Border Gateway Protocol (BGP) facility
cli: CLI logging facility
cscf: IMS/MMD CSCF
cscfmgr: SIP CSCF Manager facility
csp: Card Slot Port controller facility
css: Content Service Selection (CSS) facility
css-sig: Content Service Selection (CSS) RADIUS Signaling facility
dcardctrl: IPSEC Daughtercard Controller logging facility (not used at this time)
dcardmgr: IPSEC Daughtercard Manager logging facility (Not used at this time)
dhcp: DHCP facility (GGSN product only)
dhost: Distributed Host logging facility
diameter: Diameter endpoint logging facility
diameter-ecs: ECS Diameter signaling facility
dpath: IPSEC Data Path facility
drvctrl: Driver Controller facility
evlog: Event log facility
famgr: Foreign Agent manager logging facility
gss-gcdr: GTPP Storage Server GCDR facility
gtpc: GTP-C protocol logging facility (GGSN product only)
gtpcmgr: GTP-C protocol Manager logging facility (GGSN product only)
gtpp: GTP-PRIME protocol logging facility (GGSN product only)
gtpu: GTP-U protocol logging facility (GGSN product only)
hamgr: Home Agent manager logging facility
hat: High Availability Task (HAT) process facility
ims-authorizatn: IMS Authorization Service facility
ip-arp: IP Address Resolution Protocol facility
ip-interface: IP interface facility
ip-route: IP route facility
ipsec: IP Security logging facility
ipsgmgr: IP Services Gateway facility
ipsp: IP Pool Sharing Protocol logging facility
l2tp-control: L2TP control logging facility
l2tp-data: L2TP data logging facility
l2tpdemux: L2TP Demux Manager logging facility
l2tpmgr: L2TP Manager logging facility
li: Lawful intercept facility (Logs are visible only to system accounts with li-administrator privileges.)
mobile-ip: Mobile IP processes
mobile-ip-data: Mobile IP data facility
multicast-proxy: Multicast Proxy logging facility
netwstrg: Network Storage facility
npuctrl: Network Processor Unit Control facility
npumgr: Network Processor Unit Manager facility
nsctrl: Charging Service Controller facility (supported in conjunction with ECSv1)
nsmgr: Charging Service Manager facility
nsproc: Charging Service process facility
orbs: Object Request Broker System logging facility
ospf: OSPF logging facility
ppp: PPP link and packet facilities
radius-acct: RADIUS accounting logging facility
radius-auth: RADIUS authentication logging facility
radius-coa: RADIUS change of authorization and radius disconnect
rct: Recovery Control Task logging facility
rdt: Redirect Task logging facility
resmgr: Resource Manager logging facility
rip: RIP logging facility (RIP is not supported at this time.)
rohc: RObust Header Compression facility
rsvp: Reservation Protocol logging facility
sct: Shared Configuration Task logging facility
sessctrl: Session Controller logging facility
sessmgr: Session Manager logging facility
sft: Switch Fabric Task logging facility
sipcdprt: Sip Call Distributor facility
sitmain: System Initialization Task main logging facility
snmp: SNMP logging facility
srdb: Static Rating Database
srp: Service Redundancy Protocol (SRP) logging facility
ssh-ipsec: SSH IP Security logging facility stat: Statistics logging facility
system: System logging facility
tacacsplus: TACACS+ Protocol logging facility
threshold: threshold logging facility
udr: User detail record facility (used with the Charging Service)
user-data: User data logging facility
user-l3tunnel: User layer-3 tunnel logging facility
vpn: Virtual Private Network logging facility
wimax-data: WiMAX DATA
wimax-r6: WiMAX R6
event_level specifies the severity level of the event notification to filter and can be configured to one of the following:
Usage
This command is used to enable or disable the ORB Notification Service. Additionally, it can be used to configure filters dictating which events are sent. This service is disabled by default.
Filters can be configured for a specific event identification number (event ID), a range of event IDs, or specific severity levels for events for particular facilities.
When no filters are configured and the service is enabled, the ORB Notification Service sends all “error” level and higher events, and “info” level events for the orbs facility, CLI command logs, and license change logs.
Multiple instance of this command can be executed to configure multiple filters.
Example
The following command enables the ORB Notification service:
event-notif-service
The following command disables the ORB Notification service:
no event-notif-service
The following command configures a filter for the ORB Notification Service allowing only event IDs 800 through 805 to be sent:
event-notif-service filter event-id 800 to 805
The following command configures a filter for the ORB Notification Service allowing only “critical” level notifications for the A11 facility:
event-notif-service filter facility a11 level critical
 
event-notif-siop-port
Configures the port to use for secure socket layer inter-ORB event communication.
Product
All
Privilege
Security Administrator, Administrator
Syntax
event-notif-siop-port number
number
Default: 7777
Specifies the port number to use as a number between 1 and 65535.
Usage
Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for inter-ORB communications using SSL.
Example
event-notif-siop-port 25466
 
exit
Exits the ORBEM configuration mode and returns to the global configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Return to the global configuration mode.
 
iiop-port
Configures the port number for the internet inter-ORB communications.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] iiop-port number
no
Disables the iiop port.
number
Default: 14132
Specifies the port number to use as a number between 1 and 65535.
Usage
Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for standardized inter-ORB communications.
Internet inter-ORB port is only used if the Internet inter-ORB transport is enabled via the iiop-transport command.
Example
iiop-port 25466
 
iiop-transport
Enables/disables use of the Internet Inter-ORB Protocol for management across the network.
Product
All
Privilege
Security Administrator, Administrator
Syntax
iiop-transport
no iiop-transport
no
Indicates no internet inter-ORB protocol communication is to take place across the network.
Usage
Enable the transport of Internet Inter-ORB Protocol messages to support remote management across the network.
The chassis is shipped from the factory with the Internet Inter-ORB transport disabled.
Example
The following commands enable and disable the ORB-based management across the network, respectively.
iiop-transport
no iiop-transport
 
iop-address
Enables/disables use of the Internet Inter-ORB Protocol for management across the network.
Product
All
Privilege
Security Administrator, Administrator
Syntax
iop-address ip_address
ip_address
Specifies the IP address to use for inter-ORB communications for the current context. ip_address must be specified using the standard IPv4 dotted decimal notation.
Usage
Change the inter-ORB IP address when the IP address of the current context should not be used. The IP address of the local context may not be appropriate when the ORB configuration across nodes would cause conflicts with the IP addresses.
The chassis is shipped from the factory with the inter-ORB IP address defaulted to the IP address of the current context.
Example
iop-address 1.2.3.4
 
max-attempt
Configures the maximum number of failed login attempts before which the client is deactivated.
Product
All
Privilege
Security Administrator, Administrator
Syntax
max-attempt count
count
Default: 3 attempts
Specifies the number of failed login attempts prior to deactivating a client. The value must be within the range of 1 through 10.
Usage
Adjust the maximum number of attempts to a smaller value to increase the security level of the system.
Example
max-attempt 3
 
session-timeout
Configures the amount of idle time (no activity) before a client session is terminated.
Product
All
Privilege
Security Administrator, Administrator
Syntax
session-timeout seconds
seconds
Default: 300 seconds
Specifies the number of seconds of idle time before a client session is terminated. The value must be in the range of 1 through 86400.
Usage
Reduce the session timeout when the maximum number of sessions allowed is frequently being reached. Setting this to a lower value will help release idle sessions faster to allow use by other clients.
Example
session-timeout 1800
 
siop-port
Configures the secure socket layer I/O port for inter-ORB events.
Product
All
Privilege
Security Administrator, Administrator
Syntax
siop-port number
number
Default: 14131
Specifies the port number to use as a number between 1 and 65535.
Usage
Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for inter-ORB communications.
Example
siop-port 25466
 
ssl-auth-policy
Configures the secure socket layer peer authentication policy used by the ORBEM server.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ssl-auth-policy { auth-none | auth-once | auth-once-fail | auth-peer | auth-peer-fail }
auth-none | auth-once | auth-once-fail | auth-peer | auth-peer-fail
Default: auth-none
auth-none: ORBEM server does not authenticate the peer
auth-once: ORBEM server authenticates the peer once (no fail)
auth-once-fail: ORBEM server authenticates the peer once (fail if no certificate)
auth-peer: ORBEM server authenticates the peer every time (no fail)
auth-peer-fail: ORBEM server authenticates the peer every time (fail if no certificate)
Usage
Use to configure the peer authentication policy used by the SSL transport of ORBEM.
Example
The following command sets the policy to authenticate the peer once without failure.
ssl-auth-policy auth-once
 
ssl-certificate
Defines the certificate to be used by the SSL transport of ORBEM.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ssl-certificate { string certificate | file url }
string certificate
Specifies an ORBEM SSL certificate. certificate is a string of up to 4096 alpha and/or numeric characters.
file url
Default: /usr/ssl/certs/orbscert.pem
Specifies an ORBEM SSL certificate file and location. url is a string of up to 1024 alpha and/or numeric characters.
Usage
Use to configure the certificate to be used by the SSL transport of ORBEM. Note that if file option is used, the certificate content is read from the url and converted into quoted string.
Example
The following command defines the certificate cert3.pem file as being located in the /usr/ssl/certs directory:
ssl-certificate file /usr/ssl/certs/cert3.pem
The following command defines the certificate string (the string shown is abbreviated):
ssl-certificate string "-----BEGIN CERTIFICATE-----\n\
MIIELDCCA5WgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx\n\
FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCVRld2tzYnVyeTEeMBwG\n\
A1UEChMVU3RhcmVudCBOZXR3b3JrcyBJbmMuMSIwIAYDVQQLExlFbGVtZW50IE1h\n\
bmFnZW1lbnQgU3lzdGVtMQ4wDAYDVQQDEwVPUkJFTTEiMCAGCSqGSIb3DQEJARYT\n\
b3JiZW1AbnVsaW5raW5jLmNvbTAeFw0wMjA5MDYxMjE5MTNaFw0yMjA5MDExMjE5\n\
MTNaMIGxMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAG\n\
A1UdDgQWBBSpuGGMTwgaq8H+e70ZPIFHVZjiWDCB3gYDVR0jBIHWMIHTgBRkVBzy\n\
4zW5Gv0pXcwT07PtzCm53qGBt6SBtDCBsTELMAkGA1UEBhMCVVMxFjAUBgNVBAgT\n\
DU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCVRld2tzYnVyeTEeMBwGA1UEChMVU3Rh\n\
cmVudCBOZXR3b3JrcyBJbmMuMSIwIAYDVQQLExlFbGVtZW50IE1hbmFnZW1lbnQg\n\
U3lzdGVtMQ4wDAYDVQQDEwVPUkJFTTEiMCAGCSqGSIb3DQEJARYTb3JiZW1AbnVs\n\
aW5raW5jLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQATOdeDWikcoUIU8Gth9wr4\n\
Z5Fi8akXHhKhN7UMKyiW/Nn5NyfqPIA+9JwYMqwVOG8ybtfBQIGRCQodbXUm6Z9Z\n\
cM3XxWKVKHVolGS83f/JfpSLnuGkBIW8m3p/snHBH2BtgNT8OLItlTdBHedTKL72\n\
ZIxGF9/ok9hUqU4ikzQcEQ==\n\
-----END CERTIFICATE-----\n"
 
ssl-private-key
Configures the SSL private key used by the ORBEM server.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ssl-private-key { string key | file url }
string key
Specifies an ORBEM SSL private key. key is a string of up to 4096 alpha and/or numeric characters.
file url
Default: /usr/ssl/certs/orbscert.pem
Specifies the ORBEM SSL private key file location. Turl is a string of up to 1024 alpha and/or numeric characters.
Usage
Use to configure the private key to be used by the SSL transport of ORBEM. Note that if file option is used, the private key is read from the url and converted into quoted string.
Example
The following command defines the private-key cert3.pem file as being located in the /usr/ssl/certs directory:
ssl-private-key file /usr/ssl/certs/cert3.pem
The following command defines the private-key string (the string shown is abbreviated):
ssl-private-key string "-----BEGIN RSA PRIVATE KEY-----\n\
MIICXQIBAAKBgQC6Dh79iaK/zZG/Kwme2XS6G8/n3/+sac6huxI1WNyammyYZKZp\n\
XTjHUlS92fvn0UUM4tFjN4XoqveSiqy3IqUhnVKS3+0L7s9beanQUJuR9MdLy9Ho\n\
7qh720wpN4isqN7YfGLoqGslLQjhS8z6ZT0ZUhyusY0rE6yHTV23nHKNtQIDAQAB\n\
9br1iVWvy/N23WXwZIiH+e1tBfHqlSd/0wJBANEEOgH/vJse/YdHeYjlT76IcGRp\n\
Tq6ldBXdoLRDGUF2AqdboJ7wWCOJQO34XbBtmWFfTkqz48Mi6uh3/5kDfH8CQGAl\n\
XObwPFRztvkXprZfh7IekxAIuoHiT1JsEKSIGPzEqDY2rmoWDghOvPETO+5zWEQk\n\
TXzLaRHgbIy9MKnXSt8CQQCcBfT7VndEfG9VWyPzeL4vx4ZhUMZQ6FIJdXo7Xq9x\n\
mzX8hgIcfdg3tahlNt35gL/DjUY7d14+MgLrRf3Udbk9\n\
-----END RSA PRIVATE KEY-----\n"
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883