-
Cisco IOS Configuration Fundamentals Command Reference, Release 12.2T
-
About the Cisco IOS Release 12.2 T Documentation Set
-
Basic Command-Line Interface Commands
-
The Setup Command
-
Terminal Operating Characteristics Commands
-
Connection, Menu, and System Banner Commands
-
Cisco IOS Web Browser User Interface Commands
-
Cisco IOS File System Commands
-
Configuration File Management Commands
-
System Image and Microcode Commands
-
Router Memory Commands
-
Booting Commands
-
Basic File Transfer Services Commands
-
Basic System Management Commands
-
Troubleshooting and Fault Management Commands
-
SNMP Commands
-
CDP Commands
-
RMON Commands
-
Cisco Service Assurance Agent Commands
-
WCCP Commands
-
CNS Commands
-
Distributed Director Commands
-
XSM Commands for VPN Device Manager (VDM)
-
Appendix: ASCII Character Set and Hex Values
-
Index: Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 T
-
Table Of Contents
xsm privilege configuration level
XSM Commands for VDM
This chapter documents the Cisco IOS commands used to configure your router or switch as an XML Subscription Manager (XSM) server. The XSM server subsytem is used on a device to communicate with the VPN Device Manager (VDM) application. VDM is a Java-based application that can be accessed from a remote workstation to manage and configure a VDM-enabled device.
After XSM is enabled, XML-formatted messages containing information about the device (such as its configuration, memory usage, interface statistics, and so on) can be retrieved from the VDM-enabled device (the XSM client).
VDM can operate in a monitor-and-configure mode and a monitor-only mode. The mode depends on what privileges the user started VDM with and what privileges are configured for XSM XRDs. CLI commands are used to set XSM access privilege levels on the XSM Server (VDM-enabled device).
For additional information on this feature, see
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e6/vdm_e.htm
clear xsm
To clear XML Subscription Manager (XSM) client sessions, use the clear xsm command in privileged EXEC mode.
clear xsm [session number]
Syntax Description
session number
(Optional) XSM session ID number of the specific XSM client session you with to clear.
Defaults
If the optional session number syntax is not used, the clear xsm command clears all XSM client sessions.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command disconnects all active client sessions (such as with a VPN Device Manager [VDM]) on the XSM server, unless you state a specific session number. This command allows troubleshooting of the XSM server and its active clients by allowing individual clients to be disconnected. Use the show xsm status command to obtain specific session numbers.
Examples
In the following example, all XSM client sessions are cleared:
Router# clear xsmIn the following example, XSM client session 10 is cleared:
Router# clear xsm session 10Related Commands
Displays information and status about clients subscribed to the XSM server.
Enables XSM client access to the router.
crypto mib topn
To configure TopN sampling parameters, use the crypto mib topn command in global configuration mode. To disable TopN sampling, use the no form of this command.
crypto mib topn [interval seconds] [stop seconds]
no crypto mib topn [interval seconds] [stop seconds]
Syntax Description
Defaults
interval: 300 seconds, stop: continuous sampling (0 seconds)
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to rank objects according to your chosen criteria. You will not see the stop parameter setting after enabling the show running configuration command if the stop parameter is set at a value greater than zero. Otherwise, the current sampling parameters are recorded in the active configuration (if sampling is enabled), and sampling occurs continuously (at the specified intervals) until, and after, the device is rebooted. This command should be disabled if your criteria queries performed by XSM clients (such as VPN Device Manager [VDM]) are not to be processed.
"Crypto MIB" commands apply to characteristics of the IP Security (IPSec) MIBs. TopN (topn) is a special subset of the IPSec MIB Export (IPSMX) interface that provides a set of queries that allows ranked reports of active Ike or IPSec tunnels to be obtained depending on certain criteria. While the VPN Device Manager (VDM) application retrieves and presents the data elements defined in the Ike and IPSec MIBs, the application does not use the SNMP interface.
Examples
The following example shows the crypto mib topn command being enabled with an interval frequency of 240 seconds and a designated stop time of 1200 seconds (20 minutes). At that time, the assigned sampling ceases.
crypto mib topn interval 240 stop 1200Related Commands
show xsm status
To display information and subscription status of the XML Subscription Manager (XSM) server and clients (such as VPN Device Manager [VDM]), and to display a list of XML data from the XSM server, use the show xsm status command in privileged EXEC mode.
show xsm status
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to display the following information: which subsystems and histories are enabled or disabled (XSM, Embedded Device Manager [EDM], VDM), XSM client version, number of XSM sessions, duration of XSM session, session IDs, client version and IP address, configuration and monitor privilege levels, and list of subscribed XML Request Descriptors (XRDs).
Examples
The following example shows one XSM session (Session ID = 2) active on the Cisco device for the XSM client at IP address 172.17.129.134, and how long this session has been connected to the XSM server (Session 2: Connected since 22:47:07 UTC Mon Jan 8 2001). The output shows that the XSM, VDM, and EDM subsystems, and EDM and VDM history collecting are enabled. XSM configuration privilege level is set at 15, with XSM monitor privilege level set at 1.
This output also shows the active XRDs (and their version) for Session 2:
Router# show xsm statusXSM subsystem is Enabled.VDM subsystem is Enabled.EDM subsystem is Enabled.EDM History is Enabled.VDM History is Enabled.XSM privilege configuration level 15.XSM privilege monitor level 1.Number of XSM Sessions : 1.Session ID = 2.XSM Client v0.0(0.0)- @ 172.17.129.134Connected since 22:47:07 UTC Mon Jan 8 2001List of subscribed xrds:0 ) device-about v1.01 ) ios-image v1.02 ) if-list v1.03 ) device-health v1.04 ) ike-stats v1.05 ) ike v1.06 ) ipsec-topn-tunnels-by-traffic v1.07 ) ipsec-topn-tunnels-by-duration v1.08 ) ipsec-stats v1.09 ) crypto-maps v1.010) ipsec v1.0Table 136 describes the significant fields shown in the show xsm status output. (see See the Table 137, "show xsm xrd-list Field Descriptions," for a full description of subscribed XRDs).
Table 136 show xsm status Field Descriptions
XSM privilege configuration level
XSM configuration privilege level.
XSM privilege monitor level
XSM monitor privilege level.
Number of XSM Sessions
Total number of concurrent XSM sessions.
Session ID
Specific XSM session number.
XSM Client
Version and IP address of the XSM client.
Connected since
Start time for each session connection to the XSM server.
List of subscribed xrds
Details XRDs available from the XSM server (see show xsm xrd-list command for complete list of XRDs).
Related Commands
show xsm xrd-list
To display all XML Request Descriptors (XRDs) for XML Subscription Manager (XSM) clients (such as the VPN Device Manager [VDM]) made available by subscription to the XSM server and to identify the required privilege levels, use the show xsm xrd-list command in privileged EXEC mode.
show xsm xrd-list
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to display the XRD version and minimum privilege level and type (configuration or monitor) required to view each XRD.
Examples
The following example shows some active XRDs on the XSM server. The end of each line displays the following:
•
XRD version number.
•
This example displays all available XRDs because both relevant commands (xsm edm and xsm vdm) have been configured. However, if one command is not configured, only an abbreviated XRD list will appear.
Router# show xsm xrd-listList of all available xrds:0 ) vlan-db v1.0 privilege=configuration1 ) entity v1.0 privilege=configuration2 ) ip v1.0 privilege=configuration3 ) ios-users v1.0 privilege=configuration4 ) device-about v1.0 privilege=monitor5 ) ios-image v1.0 privilege=configuration6 ) if-stats v1.0 privilege=monitor7 ) if-list v1.0 privilege=configuration8 ) device-health v1.0 privilege=monitor9 ) time v1.0 privilege=monitor10) access-lists v1.0 privilege=configuration11) ike-topn-tunnels-by-traffic v1.0 privilege=monitor12) ike-topn-tunnels-by-errors v1.0 privilege=monitor13) ike-topn-tunnels-by-duration v1.0 privilege=monitor14) ike-stats v1.0 privilege=monitor15) ike v1.0 privilege=configuration16) certificate-authorities v1.0 privilege=configuration17) ipsec-topn-tunnels-by-traffic v1.0 privilege=monitor18) ipsec-topn-tunnels-by-errors v1.0 privilege=monitor19) ipsec-topn-tunnels-by-duration v1.0 privilege=monitor20) ipsec-stats v1.0 privilege=monitor21) crypto-maps v1.0 privilege=configuration22) ipsec v1.0 privilege=configuration23) vdm-history v1.0 privilege=configuration24) gre-tunnels v1.0 privilege=monitorend list.Table 137 describes (in alphabetical order) typical XRDs shown in the show xsm xrd-list output.
Related Commands
xsm
To enable XML Subscription Manager (XSM) client access to the device, use the xsm command in global configuration mode. To disable XSM client access to the device, use the no form of this command.
xsm
no xsm
Syntax Description
This command has no arguments or keywords.
Defaults
XSM client access to the device is enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command requires that the ip http server command is enabled. Enabling the xsm command also enables the xsm vdm and xsm edm commands. This command must be enabled for the XSM client (such as VPN Device Manager [VDM]) to operate.
Examples
In the following example, access by remote XSM clients to XSM data on the device is disabled:
Router# no xsm
Related Commands
xsm dvdm
To enable switch-specific configuration data (for example, configuring switch ports and VLANs) when running VPN Device Manager (VDM) on a switch, use the xsm dvdm command in global configuration mode. To disable switch-specific configuration data for VDM, use the no form of this command.
xsm dvdm
no xsm dvdm
Syntax Description
This command has no arguments or keywords.
Defaults
Access to switch-specific configuration data is enabled when XSM is enabled.
Command Modes
Global configuration
Command History
12.2(9)YO1
This command was introduced.
12.2(13)T
This command was integrated into Cisco IOS Release 12.2(13)T.
Usage Guidelines
Access to switch-specific configuration data (dVDM) is enabled by default when XSM is enabled.
The no xsm dvdm command allows you to disable only switch-specific XSM data. Note however that disabling dVDM will prevent the VDM application from communictating properly with the device (switch). There is minimal performance impact associated with leaving dVDM enabled.
Examples
In the following example, access to switch-specific configuration data is disabled in XSM:
Router(config)# no xsm dvdm
Related Commands
xsm edm
To grant access to Embedded Device Manager (EDM) monitoring and configuration data, use the xsm edm command in global configuration mode. To cancel access to EDM monitoring and configuration data, use the no form of this command.
xsm edm
no xsm edm
Syntax Description
This command has no arguments or keywords.
Defaults
Access to EDM monitoring and configuration data is granted by default if XSM is enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command exists to allow you to disable EDM using the no xsm edm form of the command. EDM is enabled by default when XSM is enabled.
EDM provides the following generic information to the VPN Device Manager (VPM):
•
•
•
•
Note that disabling EDM prevents XSM clients (such as VDM) from working properly and also disables the xsm history edm command. There is minimal performance impact associated with leaving EDM enabled.
Examples
In the following example, access to EDM data is disabled:
Router(config)# xsmRouter(config)# no xsm edmRelated Commands
xsm history edm
To enable statistics collection for the Embedded Device Manager (EDM) on the XML Subscription Manager (XSM) server, use the xsm history edm command in global configuration mode. To disable statistics collection for the EDM on the XSM server, use the no form of this command.
xsm history edm
no xsm history edm
Syntax Description
This command has no arguments or keywords.
Defaults
EDM statistics collection is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to save up to five days of data. Historical information on items such as RAM and CPU utilization is gathered and made available, thus enabling XSM clients (such as VPN Device Manager [VDM]) to display charts and data. Use of this command consumes resources on the device. Disabling this command clears all your historical data, as the XSM server does not save this data between reloads.
Examples
In the following example, statistics collection for the EDM is enabled on the XSM server:
Router(config)# xsmRouter(config)# xsm history edmRelated Commands
Enables XSM client access to the router.
Grants access to EDM monitoring and configuration data.
Enables specific VPN statistics collection on the XSM server.
xsm history vdm
To enable specific VPN statistics collection on the XML Subscription Manager (XSM) server, use the xsm history vdm command in global configuration mode. To disable collection of specific selected VPN statistics on the XSM server, use the no form of this command.
xsm history vdm
no xsm history vdm
Syntax Description
This command has no arguments or keywords.
Defaults
VPN statistics collecting is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
With this command enabled, you can save up to five days of data. Historical information on items such as the number of active IKE tunnels, IPSec tunnels, total crypto throughput, and total throughput is gathered and made available, thus enabling XSM clients (such as VPN Device Manager [VDM]) to display charts and data. Use of this command consumes resources on the device. Disabling this command clears all your historical data. The XSM server does not save history data accross reloads..
Examples
The following example shows how to enable specific VPN statistics collection on the XSM server:
Router(config)# xsmRouter(config)# xsm history vdmRelated Commands
Enables XSM client access to the router.
Enables statistics collection for the EDM on the XSM server.
Grants access to VPN-specific monitoring and configuration data.
xsm privilege configuration level
To enable the XML Subscription Manager (XSM) configuration privilege level required to subscribe to XML Request Descriptors (XRDs), use the xsm privilege configuration level command in global configuration mode. To remove a previously configured XSM configuration privilege level, use the no form of this commmand.
xsm privilege configuration level number
no xsm privilege configuration level number
Syntax Description
Defaults
Level 15
Command Modes
Global configuration
Command History
Usage Guidelines
The privilege level for the xsm privilege configuration level command must be greater than or equal to the privilege level for the xsm privilege monitor level command. For example, if the xsm privilege configuration 7 command is enabled, you need a minimum privilege level of 7 to subscribe to configuration XRDs. The higher the number the higher the privilege level. Trying to set a conflicting range of privilege settings will force the Cisco device to display the following message:
Attempt to set monitor privilege greater than configuration. Privilege denied.You can check the XSM privilege level settings by using the show xsm status command. Use the show xsm xrd-list command to check which privilege level is required for each XRD.
Note
Examples
The following example shows how to set a configuration privilege level of 15, and a monitor privilege level of 11 for subscription to XRDs. Users with a privilege level below 11 are denied access.
xsm privilege configuration level 15xsm privilege monitor level 11Related Commands
privilege
Configures IOS privilege parameters.
Enables monitor privilege level to subscribe to XRDs.
xsm privilege monitor level
To enable the XML Subscription Manager (XSM) monitoring privilege level required to subscribe to XML Request Descriptors (XRDs), use the xsm privilege monitor level command in global configuration mode. To remove a previously configured XSM monitoring privilege level, use the no form of this commmand.
xsm privilege monitor level number
no xsm privilege monitor level number
Syntax Description
Defaults
Level 1
Command Modes
Global configuration
Command History
Usage Guidelines
The privilege level for the xsm privilege monitor level command must be less than or equal to the privilege level for the xsm privilege configuration level command. For example, if the xsm privilege monitor 7 command is enabled, you need a minimum privilege level of 7 to subscribe to monitor XRDs. The higher the number the higher the privilege level. Trying to set a conflicting range of privilege settings will force the Cisco device to display the following message:
Attempt to set monitor privilege greater than configuration. Privilege denied.You can check the XSM privilege level settings by using the show xsm status command. Use the show xsm xrd-list command to check which privilege level is required for each XRD.
Note
Examples
The following example shows how to set a configuration privilege level of 15 and a monitor privilege level of 11 for subscription to XRDs. Users with a privilege level below 11 are denied access.
xsm privilege configuration level 15xsm privilege monitor level 11Related Commands
privilege
Configures IOS privilege parameters.
Enables configuration privilege level to subscribe to XRDs.
xsm vdm
To grant access to VPN-specific monitoring and configuration data for the VPN Device Manager (VDM), use the xsm vdm command in global configuration mode. To cancel access to VPN-specific monitoring and configuration data for VDM, use the no form of this command.
xsm vdm
no xsm vdm
Syntax Description
This command has no arguments or keywords.
Defaults
Access to VPN-specific monitoring and configuration data for the VDM is granted when XSM is enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command enables access to the following VPN-specific information:
•
•
•
•
•
If XSM is enabled, this command is enabled by default. Access to VPN-specific monitoring and configuration data within XSM can be disabled by using the no form of the command. However, disabling this command will prevent VDM from working properly and will also disable the xsm history vdm command. Leaving this command enabled has minimal performance impact.
Examples
In the following example, access to VPN-specific monitoring and configuration data is disabled:
Router(config)# xsmRouter(config)# no xsm dvmRelated Commands
