Table B-1 DCPL Properties
Property
|
Default Value
|
Range/Rules
|
Explanation
|
AutoDiscovery Property:
|
|
|
Controls the operation of Autodiscovery.
|
/DiscoveryTemplateFolder
|
/Discovery
|
string
|
Template folder under which the templates to be discovered for MPLS VPN Discovery will reside.
|
Cleanup Properties:
|
|
|
Cleans up various system resources such as log files and temporary files.
|
/Cleanup/RuntimeTasks/
|
|
|
This component cleans up old runtime task logs.
|
maxAgeInHours
|
168
|
integer
|
Maximum age for a runtime task in hours. Runtime tasks older than this age will be deleted during the next cleanup cycle. Set to 0 to disable this feature.
|
sleepIntervalInHours
|
24
|
integer
|
Time in hours for runtime task cleanup service to sleep between clean up cycles.
|
/Cleanup/TaskLogs/
|
|
|
This component cleans up old TaskLogs.
|
maxAgeInHours
|
168
|
integer
|
Maximum age of the TaskLogs in hours. TaskLogs older than this age will be deleted during the next cleanup cycle. Set to 0 to disable this feature.
|
sleepIntervalInHours
|
24
|
integer
|
Time in hours for taskLog cleanup service to sleep between clean up cycles.
|
/Cleanup/TempFiles/
|
|
|
This component cleans up old temporary files.
|
maxAgeInHours
|
168
|
integer
|
Maximum age of the temporary files in hours. Temporary files older than this age will be deleted during the next cleanup cycle. Set to 0 to disable this feature.
|
sleepIntervalInHours
|
24
|
integer
|
Time in hours for tempFile cleanup service to sleep between clean up cycles.
|
/Cleanup/logLevel
|
CONFIG
|
string
|
This logLevel is used only if there is no logLevel defined for a component. The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
DCS Properties:
|
|
|
Device Configuration Service. This component corresponds to a library that is used by ISC to communicate with network devices using protocols such as telnet, ssh, tftp, and so forth.
|
/DCS/FTP/
|
|
|
FTP Settings.
|
ftpPassword
|
|
string
|
Password for FTP server login, used by DCS and GTL.
|
ftpRootDirectory
|
|
string
|
FTP root directory, used by DCS and GTL.
|
ftpServer
|
|
string
|
FTP Server host name or IP address, used by DCS and GTL.
|
ftpSubDirectory
|
|
string
|
FTP sub directory, used by DCS and GTL.
|
ftpUsername
|
|
string
|
Username for FTP server login, used by DCS and GTL.
|
/DCS/RCP/
|
|
|
RCP Settings.
|
rcpDirectory
|
/tmp
|
string
|
Directory to use for uploaded/downloaded config files.
|
/DCS/SSH/
|
|
|
SSH Client Settings.
|
overWriteSSHKeys
|
true
|
The valid values are true and false.
|
Overwrite SSH Keys: If true, will allow new keys to overwrite existing keys in the key file for a given host. If false, an error will be displayed if host sent key does not match the server sent key.
|
sshEncryptionCipher
|
3DES->DES
|
string
|
Cipher to use for SSH Encryption/Decryption; requires restart on change. Value: 3DES->DES will first try 3DES then if not available fallback to DES.
|
/DCS/TFTP/
|
|
|
TFTP Settings.
|
tftpCreateFileOnServerBeforeUpload
|
true
|
The valid values are true and false.
|
Some TFTP servers require a file to exist on the server with write access before a TFTP client can upload it. This is sometimes called write-replace or overwrite mode. Other TFTP servers require a that a file NOT exist, this is sometimes called write-create or no overwrite mode. When true, DCS will create the file on the TFTP server before uploading device configuration.
|
tftpRootDirectory
|
/tftpboot
|
string
|
TFTP Root Directory used by DCS and GTL.
|
tftpServerIPAddress
|
|
string
|
TFTP Server host name or IP Address used by DCS and GTL.
|
tftpSubDirectory
|
|
string
|
TFTP Sub Directory used by DCS and GTL.
|
/DCS/CATWarningExpressions
|
|
string
|
CatOS (Catalyst switch) warning expressions that can be safely ignored; case insensitive; . matches any char except newline, * means zero or more, + means one or more, ? means zero or one.
^.?.?.?.?.?.?.?.?-[5-7]-$ .*
Access Rules Download Complete$ .*
also defined on firewall module$ .*
already allowed on the trunk$ .*
CDP disabled on port.*$ .*
Dot1q tunnel feature disabled.*$ .*
Dot1q tunnel feature set to.*$ .*
Jumbo frames enabled on port .*$ .*
Jumbo frames disabled.*$ .*
Layer 2 protocol tunneling enabled.*$ .*
Layer 2 protocol tunneling disabled.*$ .*
Packets on native vlan will be tagged on .*$ .*
Port .* enabled$ .*
Removing Vlan.*$
Secured .* cleared from$
.?security level for .* changed to$
.*successful$ .*
This command will deactivate.*$
Vlan .* also defined on firewall module$
Vlans .* declared secure for firewall module$ VLAN Mod/Ports.*$
VTP advertisements transmitting temporarily stopped.*$ .*
VLAN .* modified*$ .*
VLAN .*Mod/Ports .*
|
/DCS/IOSWarningExpressions
|
|
string
|
IOS warning expressions that can be safely ignored; case insensitive; . matches any char except newline, * means zero or more, + means one or more, ? means zero or one.
%Aborting Save. Compress the config$
.*Access Rules Download Complete$
% Access VLAN does not exist.$
Address aliases with.*$
% All RSA Keys will be removed.$
% All router certs issued using these keys will also be removed.*$
% Already found same .* statement in this profile$
.*also defined on firewall module$
% A profile is deemed incomplete until it has match identity statements$
.*certificate accepted$
Certificate request sent$
.?Changes to the System MTU will not take effect until the next reload.*$
CNS config partial agent is running already$
% Configuration buffer full, can't add command.*$
.*Crypto EzVPN does not exist.*$
% declared secure for firewall module$
Enter configuration commands, one per line$ Explicit Path name .*$
% Generating .* bit RSA keys$
Global .* will be Port Address Translated.*$ Global Ethernet MTU is set to.*$
If the interface doesn't support baby giant frames.*$
Increasing .* burst size to$
% Interface .* IP address .* removed due to enabling VRF$
% Interface .* IP address .* removed due to disabling VRF$
% IP addresses from all interfaces in VRF .*have been removed$
% IP routing table V.* does not exist. Create first$
% IP routing table g.*does not exist. Create first$
% No CEF interface information$
|
/DCS/IOSWarningExpressions (Continued)
|
|
string
|
%No matching route to delete$
%Translation not found$
.*Not all config may be removed and may reappear after reactivating$
^%.?NOTE:$
OSPF: Unrecognized virtual interface .* Treat it as loopback stub route$
outside interface address added$
% Profile already contains this keyring$
%PVC is already defined$
Restarting RADIUS authentication service on port .*
$ Restarting RADIUS accounting service on port .*$
Redundant .* statement$
security level for .* changed to$
.*Service policy .* is already attached$
% Signature RSA Keys not found in configuration.$
.*success$
The .*command will also show the fingerprint$ %The static routes in .* with outgoing interface .* will be removed$
Unable to disable parser cache$
% Unknown VPN$ .*
Unknown VRF specified$
Vlan .* also defined on firewall module$
Vlans .* declared secure for firewall module$
% VRF .* does not exist or does not have a RD$
.?warning.*$
|
/DCS/PIXWarningExpressions
|
|
string
|
PIX warning expressions that can be safely ignored; case insensitive; . matches any char except newline, * means zero or more, + means one or more, ? means zero or one
Access Rules Download Complete$
Added .*to the bridge table$
.*also defined on firewall module$
Disabling failover$
Global .* will be Port Address Translated$ outside interface address added$
%PIX-7-$
%PIX-6-$
%PIX-5-$
Restarting .* service$
security level for .* changed to$
Vlan .* also defined on firewall module$
Vlans .* declared secure for firewall module$ VLAN Mod/Ports.*$
WARNING.*
|
/DCS/allowCommandDownloadOnError
|
false
|
The valid values are true and false.
|
Continue command download on error.
|
/DCS/cnsEventTimeout
|
120
|
integer
|
CNS event wait time in seconds
|
/DCS/customPasswordPrompt
|
Password:
|
string
|
Device Custom password prompt.
|
/DCS/customUsernamePrompt
|
Username:
|
string
|
Device Custom User name prompt.
|
/DCS/logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/DCS/maxCommandDownloadWaitTime
|
60
|
integer
|
Maximum time in seconds to wait for a device command download.
|
/DCS/maxDeviceConnectCompleteTime
|
60
|
integer
|
Maximum time in seconds to wait for a terminal session connection to a device.
|
/DCS/maxDeviceConnectRetry
Count
|
3
|
integer
|
Maximum number of times to retry connecting to a device when the maxDeviceConnectCompleteTime expires. 0= no retries.
|
/DCS/maxOperationTimeout
|
30
|
integer
|
Maximum time in minutes to wait for a device operation to complete.
|
/DCS/maxPromptTimeout
|
60
|
integer
|
Maximum time in seconds to wait for a prompt during a terminal session with a device.
|
/DCS/maxSocketReadTimeout
|
30
|
integer
|
Maximum time in seconds to wait for data on a socket connection read operation.
|
DeploymentFlow Property:
|
|
|
Deployment flow Component: Used to create a flow of different types of steps such as mpls, ipsec, qos and nat.
|
/DeploymentFlow/logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
DistributionFramework Properties:
|
|
|
Distribution Framework. This component handles the distribution of work (jobs) between different servers in an ISC distributed installation.
|
/DistributionFramework/Dispatcher/
|
|
|
Service that dispatches jobs to workers.
|
DefaultUnitDuration
|
1000
|
integer
|
The unit duration (in ms) used to estimate jobs without a profile.
|
PingInterval
|
1000
|
integer
|
The interval (in ms) dispatcher pings the workers to get the load.
|
ProcessorEpsilon
|
10
|
integer
|
If two proccessors differ in usage by an amount less than this, they are considered identical from the point of view of the load balancer.
|
ProfileUpdateThreshold
|
10
|
integer
|
The percent change of a profile that triggers an update of the dispatcher.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/DistributionFramework/Remote
Util/
|
|
|
Layer abstracting the remote call functionality.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/DistributionFramework/Service
Launcher/
|
|
|
Manages the execution of multiple services in the same VM.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/DistributionFramework/Thread
Pool/
|
|
|
Thread pool component used by the worker to execute jobs.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/DistributionFramework/Worker/
|
|
|
Worker.
|
ThreadPoolSize
|
100
|
integer
|
The maximum number of threads. Set it to 0 to allow the pool to use as many thread as necessary.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/DistributionFramework/Naming
Host
|
<master_server>
|
string
|
The hostname or ip address of the name server.
|
/DistributionFramework/Naming
Port
|
<naming_port>
|
string
|
The port of the name server.
|
GSAM Property:
|
|
|
Generic Service Access Model to get an XML dump from the repository for the provisioning driver.
|
/GSAM/logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
GTL Properties:
|
|
|
Generic Transport Layer. This library provides an API to different jobs (such as provisioning, collection etc.) to access Device Configuration Service (DCS). The jobs do not interface with DCS directly (to access the devices), but work with the API provided by GTL.
|
/GTL/ios/
|
|
|
IOS related GTL properties.
|
copy-running-to-startup
|
true
|
The valid values are true and false.
|
Flag indicating whether to copy running config to startup config when downloading configlets. Write Mem flag.
|
/GTL/pix/
|
|
|
PIX related properties.
|
copy-running-to-startup
|
true
|
The valid values are true and false.
|
Flag indicating whether to copy running config to startup config when downloading configlets. Write Mem flag.
|
/GTL/device-config-access-
protocol
|
1
|
integer
|
Protocol to use for device configuration uploads and downloads. 1= TERMINAL (Use the device-terminal-session-protocol for config access) 2= TFTP 3= FTP.
|
/GTL/device-terminal-session-
protocol
|
1
|
integer
|
Protocol to use for device terminal sessions. 1= TELNET 2= SSH.
|
/GTL/echo-mode
|
false
|
The valid values are true and false.
|
Flag indicating whether to run GTL in ECHO mode or DCS mode.
|
/GTL/logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
GUI Properties:
|
|
|
The component for GUI-based properties.
|
/GUI/Common/
|
|
|
Generic GUI component. Use it if you don't have any specific component requirements, such as security or L2VPN.
|
logLevel
|
FINE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/GUI/L2VPN/
|
|
|
L2VPN related GUI component. Use it with L2VPN related operations only.
|
logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/GUI/MplsVPN/
|
|
|
MPLS VPN related GUI component. Use it with MPLS VPN related operations only.
|
logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/GUI/Performance/
|
|
|
For monitoring GUI performance.
|
logLevel
|
INFO
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/GUI/QoS/
|
|
|
QoS related GUI component. Use it with QoS related operations only.
|
logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
/GUI/Security/
|
|
|
Security related component. This is to be used for security purposes only.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/GUI/Topology/
|
|
|
Component related to the web start topology application.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/GUI/VPLS/
|
|
|
VPLS related GUI component. Use it with VPLS related operations only.
|
logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/GUI/srRefreshRate
|
30000
|
integer
|
The refresh rate (in milliseconds) for the SR List screen.
|
/GUI/workflowSteps
|
<vpnsc_home>/
etc/
workflowSteps.
csv
|
string
|
The pre-defined workflow steps.
|
/GUI/workflows
|
<vpnsc_home>/
etc/workflows.
csv
|
string
|
The pre-defined workflows.
|
Logging Properties:
|
|
|
This contains different properties needed by the logging framework. There are a set of default values for logging parameters. These values can be overridden for a specific server.
|
/Logging/Defaults/
|
|
|
This contains the default values for the logging framework.
|
logFileNumber
|
2
|
integer
|
Maximum number of log files for a process. Each of these files can be of size logFileSize. When the maximum number for log files is reached for a process, the log files are rotated by deleting the oldest log file for that process.
|
logFileSize
|
2000000
|
integer
|
Size in bytes of a single log file for a process. Each process will have a number of log files (see logFileNumber property), where each of these files can grow to this size.
|
logFormatter
|
java.util.logging.XMLFormatter
|
string
|
Class name for the default formatter of log records.
|
logLevel
|
CONFIG
|
string
|
NOTE: This logLevel is used only if there is no logLevel defined for a component. The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
logLocation
|
<vpnsc_tmp>
|
string
|
The directory name where log files are kept.
|
/Logging/TaskLogs/
|
|
|
This contains logging properties for task logs.
|
logLocation
|
<vpnsc_tmp>/
TaskLogs
|
string
|
The directory name where all the task logs are kept.
|
Provisioning Properties:
|
|
|
Contains properties and components for service provisioning like MPLS and IPsec VPNs.
|
/Provisioning/Engine/
|
|
|
Contains properties for the XML driven provisioning engine.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
serviceSchema
|
service.xsd
|
string
|
Specifies the XML schema definition file for defining new services.
|
/Provisioning/NOM/
|
|
|
Network Object Model for parsing and delta generation of configs.
|
DocumentBuilderFactory/
|
|
|
This contains the properties for the DOM builder factory.
|
ignoreComments
|
true
|
The valid values are true and false.
|
Flag.
|
ignoreWhiteSpace
|
false
|
The valid values are true and false.
|
Flag for DOM builder factory.
|
validation
|
false
|
The valid values are true and false.
|
Flag for validation of xml files.
|
catSyntaxFile
|
catSyntax.xml
|
string
|
Contains the XML for Catalyst command syntax.
|
iosSyntaxFile
|
iosSyntax.xml
|
string
|
Contains the xml syntax for IOS command.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/Provisioning/ProvDrv/
|
|
|
Contains properties for the XML driven provisioning ProvDrv.
|
AuditJITUpload
|
true
|
The valid values are true and false.
|
If the value of this property is set to false, the provisioning server does NOT upload a copy of the configuration file from the routers when it processes the Service Request for auditing purpose. Instead, it uses copies of the configuration files that were collected and stored in the Repository earlier. If the value of this property is set to true, the provisioning server uploads a copy of the configuration file from the routers when it processes the Service Request for auditing purpose. The default value of this property is true.
|
DownloadTemplateTo
UnmanagedDevice
|
false
|
The valid values are true and false.
|
If this value is true, for an unmanaged device, ISC will attempt to download just the template. The configlet generated by the provision will not be part of the download. By default, this value is false. There will be no attempt to download to unmanaged device. The default value of this property is true.
|
ProvisionJITUpload
|
true
|
The valid values are true and false.
|
If the value of this property is set to false, the provisioning server does NOT upload a copy of the configuration file from the routers when it processes the Service Request for provisioning purpose. Instead, it uses copies of the configuration files that were collected and stored in the Repository earlier. If the value of this property is set to true, the provisioning server uploads a copy of the configuration file from the routers when it processes the Service Request for provisioning purpose. The default value of this property is true.
|
SaveConfigletsFromAllSRs
|
true
|
The valid values are true and false.
|
If the value of this property is set to true, for each device in a SR, the provisioning server will save the configlet contributed from all SRs that are processed in the same provisioning run. If the value is set to false, only the configlet contributed by the current SR is saved for this device in this SR even though this same device may be in multiple SRs that are processed by the same provisioning run. The default value of this property is true.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/Provisioning/Service/
|
|
|
Contains different services and their properties.
|
Firewall/
|
|
|
Firewall provision related properties.
|
platform/
|
|
|
ProvDrv service blade mapping.
|
CISCO_ROUTER/
|
|
|
IOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.firewall.FWServiceBlade
|
string
|
Service blade class name.
|
PIX/
|
|
|
PIX firewall.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.firewall.FWServiceBlade
|
string
|
Class name.
|
logLevel
|
CONFIG
|
string
|
Log level for firewall services.
|
maxDMZ
|
5
|
integer
|
The maximum dmz value supported. GUI will use this to generate a drop down list for dmz.
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
IPSEC/
|
|
|
IPsec Site-to-Site Provisioning.
|
platform/
|
|
|
IPsec site-to-site supported platforms.
|
CISCO_ROUTER/
|
|
|
IOS.
|
generateCryptoLocalIdentity
|
true
|
The valid values are true and false.
|
If enabled the crypto local identity will be generated for the ipsec service.
|
generateNoXAuth
|
true
|
The valid values are true and false.
|
If enabled will bypass the XAuth authentication for site-to-site remote peers.
|
iosPresharedKeyLength
|
125
|
integer
|
Defines the length of Preshared Keys generated for IOS devices.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.ipsec.lan2lan.IPSecIosServiceBlade
|
string
|
IOS IPsec Service Blade Location.
|
PIX/
|
|
|
PIX.
|
generateNoXAuth
|
true
|
The valid values are true and false.
|
If enabled will bypass the XAuth for the site-to-site remote peers.
|
pixPresharedKeyLength
|
125
|
integer
|
Defines the length of Preshared Keys generated for PIX devices.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.ipsec.lan2lan.IPSecPixServiceBlade
|
string
|
PIX IPsec service blade location.
|
VPN3000/
|
|
|
Cisco 3000 Route.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.ipsec.vpn3k.IPSec3KServiceBlade
|
string
|
IPSEC L2L Service Blade Class Location.
|
vpn3000PresharedKeyLength
|
32
|
integer
|
Defines the length of Preshared Keys generated for VPN 3000 devices.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
IPSEC_RA/
|
|
|
IPSEC Remote Access Provisioning.
|
platform/
|
|
|
Platforms supported by IPSEC remote access provisioning.
|
CAT6K/
|
|
|
Catalyst 6000 VPNSM.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.ipsec.ra.framework.RaServiceBlade
|
string
|
IPSEC RA Service Blade Class Location.
|
CISCO_ROUTER/
|
|
|
Cisco IOS Router.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.ipsec.ra.framework.RaServiceBlade
|
string
|
IPSEC RA Service Blade Class Location.
|
PIX/
|
|
|
Cisco PIX Firewall.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.ipsec.ra.framework.RaServiceBlade
|
string
|
IPSEC RA Service Blade Class Location
|
VPN3000/
|
|
|
Cisco 3000 Router.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.ipsec.vpn3k.IPSec3KServiceBlade
|
string
|
IPSEC RA Service Blade Class Location.
|
logCount
|
3
|
integer
|
Set the number of the log files for a provisioned device.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
NAT/
|
|
|
NAT provision related properties.
|
platform/
|
|
|
ProvDrv service blade mapping.
|
CISCO_ROUTER/
|
|
|
IOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.nat.NatIosPixServiceBlade
|
string
|
Service blade class name.
|
PIX/
|
|
|
PIX NAT.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.nat.NatIosPixServiceBlade
|
string
|
Class name.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
QoS/
|
|
|
QoS Provisioning Service related properties section.
|
platform/
|
|
|
Used by ProvDrv.
|
CISCO_ROUTER/
|
|
|
Used by ProvDrv.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.qos.ServiceBlade.QosServiceBlade
|
string
|
Identifies ServiceBlade class name for ProvDrv.
|
EoMPLSExpValue
|
0
|
string
|
EoMPLS Exp Value.
|
managementLanAddress
|
0.0.0.0/0
|
string
|
Management LAN address in the format of a.b.c.d/x. This will become the default value in QoS Policy's TrafficClassification's Mgmt_lan_addr_mask field.
|
mapDscpToMplsExp_0
|
0 1 2 3 4 5 6 7
|
string
|
This defines the mapping between MPLS Exp 0 and its corresponding DSCP value(s).
|
mapDscpToMplsExp_1
|
8 9 10 11 12 13 14 15
|
string
|
This defines the mapping between MPLS Exp 1 and its corresponding DSCP value(s).
|
mapDscpToMplsExp_2
|
16 17 18 19 20 21 22 23
|
string
|
This defines the mapping between MPLS Exp 2 and its corresponding DSCP value(s).
|
mapDscpToMplsExp_3
|
24 25 26 27 28 29 30 31
|
string
|
This defines the mapping between MPLS Exp 3 and its corresponding DSCP value(s).
|
mapDscpToMplsExp_4
|
32 33 34 35 36 37 38 39
|
string
|
This defines the mapping between MPLS Exp 4 and its corresponding DSCP value(s).
|
mapDscpToMplsExp_5
|
40 41 42 43 44 45 46 47
|
string
|
This defines the mapping between MPLS Exp 5 and its corresponding DSCP value(s).
|
mapDscpToMplsExp_6
|
48 49 50 51 52 53 54 55
|
string
|
This defines the mapping between MPLS Exp 6 and its corresponding DSCP value(s).
|
mapDscpToMplsExp_7
|
56 57 58 59 60 61 62 63
|
string
|
This defines the mapping between MPLS Exp 7 and its corresponding DSCP value(s).
|
mapPrecToMplsExp_0
|
0
|
string
|
This defines the mapping between MPLS Exp 0 and its corresponding IP Precedence.
|
mapPrecToMplsExp_1
|
1
|
string
|
This defines the mapping between MPLS Exp 1 and its corresponding IP Precedence.
|
mapPrecToMplsExp_2
|
2
|
string
|
This defines the mapping between MPLS Exp 2 and its corresponding IP Precedence.
|
mapPrecToMplsExp_3
|
3
|
string
|
This defines the mapping between MPLS Exp 3 and its corresponding IP Precedence.
|
mapPrecToMplsExp_4
|
4
|
string
|
This defines the mapping between MPLS Exp 4 and its corresponding IP Precedence.
|
mapPrecToMplsExp_5
|
5
|
string
|
This defines the mapping between MPLS Exp 5 and its corresponding IP Precedence.
|
mapPrecToMplsExp_6
|
6
|
string
|
This defines the mapping between MPLS Exp 6 and its corresponding IP Precedence.
|
mapPrecToMplsExp_7
|
7
|
string
|
This defines the mapping between MPLS Exp 7 and its corresponding IP Precedence.
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
l2vpn/
|
|
|
MPLS Layer 2 VPN Provisioning.
|
DownloadWeights/
|
|
|
Specifies the download weights for different devices in an L2VPN service request. The higher the weight, the sooner we download to that device. By default the weights are set to 0, so that all devices get downloaded at the same time during service deployment.
|
weightForCE
|
0
|
integer
|
Download weight for CE devices.
|
weightForPE
|
0
|
integer
|
Download weight assigned to PE devices.
|
weightForPE_CLE
|
0
|
integer
|
download weight for PE_CLE devices.
|
platform/
|
|
|
Contains properties for L2VPN for different platforms.
|
CATOS/
|
|
|
Service blade parameters for CATOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.l2vpn.L2VPNServiceBlade
|
string
|
ServiceBladeClass location.
|
CISCO_ROUTER/
|
|
|
IOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.l2vpn.L2VPNServiceBlade
|
string
|
ServiceBladeClass location.
|
dataFileSchema
|
l2vpnData.xsd
|
string
|
Layer 2 VPN Data File schema.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
parseConfigAfterProvisioning
|
false
|
The valid values are true and false.
|
This property controls the parsing of the configuration file after the provisioning is completed in order to make sure that device inventory is in sync with network.
|
saveDebugData
|
true
|
The valid values are true and false.
|
If this property is set to true, whenever an SR is provisioned, the uploaded config files and input XML data are saved to a temporary directory for debugging purposes.
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
serviceFile
|
l2vpnService.xml
|
string
|
Layer 2 VPN Service definition file.
|
mpls/
|
|
|
Contains properties for MPLS/BGP Layer 3 VPN service.
|
DownloadWeights/
|
|
|
Specifies the download weights for different devices in an MPLS-VPN service request. The higher the weight, the sooner we download to that device. By default the weights are set to 0, so that all devices get downloaded at the same time during service deployment.
|
weightForCE
|
0
|
integer
|
Download weight for CE devices.
|
weightForMVRFCE
|
0
|
integer
|
Download weight for MVRFCE. The higher the weight the sooner we download to this device while deploying a service request.
|
weightForPE
|
0
|
integer
|
Download weight assigned to PE devices.
|
weightForPE_CLE
|
0
|
integer
|
Download weight for PE_CLE devices.
|
platform/
|
|
|
Platform related classes.
|
CATOS/
|
|
|
Service blade parameters for CATOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.mpls.MplsServiceBlade
|
string
|
ServiceBladeClass location.
|
CISCO_ROUTER
|
|
|
IOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.mpls.MplsServiceBlade
|
string
|
ServiceBladeClass location
|
dataFileSchema
|
l3vpnData.xsd
|
string
|
Specifies the schema for the data XML file for MPLS/BGP layer3 VPNs.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
parseConfigAfterProvisioning
|
false
|
The valid values are true and false.
|
This property controls the parsing of the configuration file after the provisioning is completed in order to make sure that device inventory is in sync with network.
|
reapplyIpAddress
|
false
|
The valid values are true and false.
|
Re-apply the same IP address to the interface when decommission a service request. This option is only applicable to manually-assigned IP addresses. It does not work for automatically-assigned IP addresses. When this property is in effect, the interface negate command will not be generated.
|
removeSubInterface
|
true
|
The valid values are true and false.
|
Removing the ISC generated subinterface commands in decommission service requests.
|
saveDebugData
|
true
|
The valid values are true and false.
|
If this property is set to true, whenever an SR is provisioned, the uploaded config files and input XML data are saved to a temporary directory for debugging purposes.
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
serviceFile
|
l3vpnService.xml
|
string
|
Specifies the XML file containing the service definition for MPLS/BGP layer3 VPNs. The schema for this file is specified by Provisioning.Engime.serviceSchema
|
useNextHopAddressForStaticRoutes
|
false
|
The valid values are true and false.
|
For Static Roues, use local router outbound interface or IP address of the next hop to reach the destination network.
|
useOnlyExtraCEloopbackForGreyAccessList
|
false
|
The valid values are true and false.
|
With Extra CE loopback, the user can select this option to add only the loopback address instead of the interface ip address and extra CE loopback.
|
shared/
|
|
|
Properties shared by MPLS VPN, L2VPN and VPLS.
|
FeatureQuery/
|
|
|
ISC components that check if certain features are available for certain devices based on their software version and platform information.
|
enableValidation
|
true
|
The valid values are true and false.
|
If enabled, FeatureQuery will check if the features are available based on the feature matrix and device OS version (IOS Version or PIX Version). If disable it will assume that all features are available on all platforms (should be used for testing only).
|
actionTakenOnUNIVlanList
|
prune
|
string
|
Action taken when switch port allowed vlan cmd is absent for ERS service.
|
vpls/
|
|
|
Contains properties for Virtual Private LAN Service.
|
DownloadWeights/
|
|
|
Specifies the download weights for different devices in an MPLS VPN service request. The higher the weight, the sooner we download to that device. By default the weights are set to 0, so that all devices get downloaded at the same time during service deployment.
|
weightForCE
|
0
|
integer
|
Download weight for CE devices.
|
weightForPE
|
0
|
integer
|
Download weight assigned to PE devices.
|
weightForPE_CLE
|
0
|
integer
|
Download weight for PE_CLE devices.
|
platform/
|
|
|
Platform related classes.
|
CATOS/
|
|
|
Service blade parameters for CATOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.vpls.VplsServiceBlade
|
string
|
ServiceBladeClass location.
|
CISCO_ROUTER/
|
|
|
IOS.
|
serviceBladeClass
|
com.cisco.vpnsc.prov.vpls.VplsServiceBlade
|
string
|
ServiceBladeClass location.
|
dataFileSchema
|
vplsData.xsd
|
string
|
Specifies the schema for the data XML file for VPLS.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
parseConfigAfterProvisioning
|
false
|
The valid values are true and false.
|
This property controls the parsing of the configuration file after the provisioning is completed to make sure that device inventory is in sync with network.
|
saveDebugData
|
true
|
The valid values are true and false.
|
If this property is set to true, whenever an SR is provisioned, the uploaded config files and input XML data are saved to a temporary directory for debugging purposes.
|
sendAuditEvent
|
true
|
The valid values are true and false.
|
Set true to enable sending audit event for this service.
|
serviceFile
|
vplsService.xml
|
string
|
Specifies the XML file containing the service definition for VPLS. The schema for this file is specified by Provisioning.Engime.serviceSchema.
|
logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
SLA Properties:
|
|
|
Service Level Agreement. This component deals with creating SAA probes between different devices and to collect/aggregate the data corresponding to those probes, in order to provide different SLA reports.
|
/SLA/copyRunningToStartup
|
true
|
The valid values are true and false.
|
If true and if showInRunningConfig is true - the running configuration will be copied to startup after the router SA Agent configuration has been changed.
|
/SLA/daysToKeepDailyStats
|
365
|
integer
|
Specifies how many days should the SLA database keep the daily stats. Specifying a low number keeps the database small but you will not be able to access daily reports beyond this period.
|
/SLA/daysToKeepHourlyStats
|
60
|
integer
|
Specifies how many days should the SLA database keep the hourly stats. Specifying a low number keeps the database small but you will not be able to access hourly reports beyond this period.
|
/SLA/logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/SLA/rowAgeOut
|
3600
|
integer
|
The time after which a probe is completely removed after its life is over. In seconds.
|
/SLA/showInRunningConfig
|
true
|
The valid values are true and false.
|
If true the configured SLAs appear in the router's running configuration.
|
SYSTEM Properties:
|
|
|
The properties common to all sub-systems in ISC can be found under this component. Most of the values here are set at the time of installation.
|
/SYSTEM/email/
|
|
|
Properties related to e-mails sent out by ISC.
|
from
|
<mailfrom>
|
string
|
The from field in the e-mail header of the mails sent out by ISC.
|
smtpHost
|
<mailhost>
|
string
|
The server using which e-mail messages from ISC should be sent out.
|
/SYSTEM/fullyManaged/
|
|
|
Properties related to e-mails sent out by ISC in case of fully managed devices.
|
enforcementAuditScript
|
|
string
|
Script to be invoked when failure of enforcement audit is detected.
|
externalEventsEmailRecipients
|
<mailto>
|
string
|
List of email recipients when receiving a config-change event originated outside ISC.
|
/SYSTEM/license/
|
|
|
Properties related to ISC Licensing.
|
emailRecipients
|
<mailto>
|
string
|
The comma separated list of e-mail addresses to which the License Threshold e-mails should be sent out.
|
refreshInterval
|
1
|
integer
|
License refresh interval in hours.
|
threshold
|
90
|
integer
|
VPN and ACTIVATION Threshold in percent for e-mail notification.
|
/SYSTEM/tibco/
|
|
|
TIBCO related properties.
|
port
|
<tibco_port>
|
integer
|
The port on which TBBCO rendezvous listens for events.
|
prefix
|
cisco.vpnsc.
|
string
|
Prefix for all tibco messages originating from ISC.
|
rva-http-port
|
<rva_http_port>
|
integer
|
The http port for TIBCO rendezvous agent web interface.
|
rva-port
|
<rva_port>
|
integer
|
The port on which TIBCO rendezvous agent listens for events.
|
/SYSTEM/app_dir
|
<vpnsc_home>
|
string
|
Location of the ISC installation.
|
/SYSTEM/ciscoURL
|
http://www.cisco.com
|
string
|
The Cisco URL.
|
/SYSTEM/databaseServer
|
<db_server>
|
string
|
The database server fully qualified name.
|
/SYSTEM/masterServer
|
<master_server>
|
string
|
The master server fully qualified name.
|
/SYSTEM/maxTaskLimit
|
500
|
integer
|
maxTaskLimit.
|
/SYSTEM/role
|
master
|
string
|
Identifies the role in the distribution system. Possible values are: master ps (processing server) cs (collection server) is (interface server).
|
/SYSTEM/tmpdir
|
<vpnsc_tmp>
|
string
|
Location for temporary files.
|
Scheduler Properties:
|
|
|
Scheduler reads the task repository and schedules tasks on every minute boundary. Each scheduled task is passed to Task manager for execution.
|
/Scheduler/logLevel
|
CONFIG
|
string
|
The logLevel indicates the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/Scheduler/syncInterval
|
5
|
integer
|
When scheduler starts up for the first time, it reads all the scheduling information from the task repository. After that, it depends on the events generated by task repository for receiving changes to the scheduling information. It can also periodically synchronize with the task repository by re-reading it at regular intervals. This property specifies, in minutes, that interval. If the value for the interval is 0, scheduler will not synchronize with the task repository and only depends on the events.
|
SnmpService Properties:
|
|
|
The Snmp Service package provides APIs to perform SNMP get() and set() operations.
|
/SnmpService/defaultSNMPVersion
|
1
|
integer
|
The default SNMP version used to connect to Cisco router. Used if the SNMP version is not specified per router. Valid Values: SNMPv1/SNMPv2c - 1 SNMPv3 - 2.
|
/SnmpService/defaultSecurityLevel
|
3
|
integer
|
The default security level used to connect to Cisco router. Used if the security level is not specified per router. Values: authentication no encryption - 1 authentication encryption - 2 no authentication no encryption - 3.
|
/SnmpService/logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/SnmpService/retries
|
3
|
integer
|
The number of retries to be used by the SNMP protocol.
|
/SnmpService/timeout
|
5
|
integer
|
Timeout value to be used by the SNMP protocol. Unit: seconds
|
TaskManager properties:
|
|
|
Task manager executes tasks that are scheduled by scheduler. Task execution consists of executing different actions that comprise the task. Task manager manages the dependencies between these actions.
|
/TaskManager/logLevel
|
CONFIG
|
string
|
The logLevel indicates the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
VpnInvServer Properties:
|
|
|
Corba Server for VpnInvServer IDL backward compatibility.
|
/VpnInvServer/logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
aagent Properties:
|
|
|
AAgent component related defines.
|
/aagent/directories/
|
|
|
Various directories for aagent.
|
dmd
|
<vpnsc_home>/resources/AAgent/DMDFiles
|
string
|
File path and name.
|
input
|
<vpnsc_home>/
resources/java/
classes/common/AAgent/com/
cisco/vpn3000/
vpnscagent
|
string
|
File path and name.
|
working
|
<vpnsc_home>/resources/java/archives
|
string
|
File path and name.
|
/aagent/defaultVersion
|
3.6.3
|
string
|
The default 3k firmware version for AAgent.
|
dtd Properties:
|
|
|
The component for XML-based properties.
|
/dtd/ipsecl2l/
|
|
|
Path to the ipsec l2l dtd.
|
filepath
|
<vpnsc_home>/
resources/dtd/
servicemodel/
Lan2LanSm.dtd
|
string
|
DTD file path and name.
|
/dtd/ipsecra/
|
|
|
Path to the ipsec l2l dtd.
|
filepath
|
<vpnsc_home>/
resources/dtd/
servicemodel/
RaSm.dtd
|
string
|
DTD file path and name.
|
lockmanager Properties:
|
|
|
Component that handles device locking. When different jobs (such as provisioning) try to update the config on the device, they obtain software locks so that two different jobs do not update the config at the same time. LockManager provides a way to obtain and later release such software locks.
|
/lockmanager/lockTimeoutInHours
|
8
|
integer
|
Timeout in hours for a lock held by a lock holder. If the lock holder does not free a lock within this time the lockmanager will automatically release the device lock.
|
/lockmanager/logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
nbi Properties:
|
|
|
Nbi component.
|
/nbi/Writer/
|
|
|
|
SoapEncapsulation
|
false
|
The valid values are true and false.
|
SoapEncapsulation.
|
/nbi/CompositeDir
|
<vpnsc_home>/
resources/java/
xml/com/cisco/
vpnsc/repository/meta/xml/
composite
|
string
|
Path to composite XML files.
|
/nbi/Formatter
|
com.cisco.vpnsc.nbi.io.NbiSimpleFormatter
|
string
|
File path and name.
|
/nbi/Logger
|
com.cisco.vpnsc.nbi.util.NbiVpnscLogger
|
string
|
File path and name.
|
/nbi/MetaDir
|
<vpnsc_home>/
resources/java/
xml/com/cisco/
vpnsc/repository/meta/xml
|
string
|
Path to meta XML files.
|
/nbi/Reader
|
com.cisco.vpnsc.nbi.io.NbiSoapReader
|
string
|
File path and name.
|
/nbi/RequestParserMgr
|
com.cisco.vpnsc.nbi.parser.NbiRequestParserMgr
|
string
|
File path and name.
|
/nbi/SRWaitTimeout
|
1200
|
string
|
time (seconds) to wait for SR to deploy.
|
/nbi/SSLfilepath
|
<vpnsc_home>/
bin/client.
keystore
|
string
|
Path to client.keystore file for NBI SSL connections.
|
/nbi/SessionTimeout
|
1200000
|
string
|
Amount of time the session is valid.
|
/nbi/TransactionParser
|
com.cisco.vpnsc.nbi.parser.NbiWsdlParser
|
string
|
File path and name.
|
/nbi/Validation
|
true
|
The valid values are true and false.
|
Variable to enable validation of incoming Nbi API XML attributes.
|
/nbi/Writer
|
com.cisco.vpnsc.nbi.io.NbiSoapWriter
|
string
|
File path and name.
|
/nbi/logHandler
|
com.cisco.vpnsc.nbi.util.VpnscLogHandler
|
string
|
Custom log handler for nbi. This handler allows NBI to use alternate formatter from default one used by rest of ISC. In this case, NBI defaults to using SimpleFormatter which dumps simple output as opposed to XML output.
|
/nbi/logLevel
|
WARNING
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging pack age. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
notification Properties:
|
|
|
Event notification related defines.
|
/notification/Logger
|
com.cisco.vpnsc.nbi.util.NbiVpnscLogger
|
string
|
File path and name.
|
/notification/clientEnabled
|
false
|
The valid values are true and false.
|
variable to enable validation of incoming Nbi API XML attributes.
|
/notification/clientHost
|
<master_server>
|
string
|
Tibco event client host.
|
/notification/clientMethod
|
/notification/
servlet
eventListener
|
string
|
Tibco event client method.
|
/notification/clientPort
|
<http_port>
|
string
|
Tibco event client port.
|
/notification/clientRegFile
|
<vpnsc_home>/
resources/nbi
/notification
clientReg.txt
|
string
|
Client tibco event registration file name.
|
/notification/logFormatter
|
java.util.logging.SimpleFormatter
|
string
|
File path and name.
|
/notification/logLevel
|
WARNING
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/notification/password
|
cisco
|
string
|
Both user name and password are same as the ones used for GUI login.
|
/notification/username
|
admin
|
string
|
Both user name and password are s same as the ones used for GUI login.
|
repository Properties:
|
|
|
The component for Database related properties.
|
/repository/IPAddressPool/
|
|
|
IP Address Pool Constants.
|
AGE_TIME
|
0
|
integer
|
The Aging interval for released IP Address, in minutes. The default is 24 hours (1440 minutes).
|
/repository/deviceConfig/
|
|
null
|
|
maxVersions
|
10
|
integer
|
Maximum number of configuration files to be stored per device in the repository before older versions automatically get purged.
|
/repository/mlshare/
|
|
|
Share directory for both MPLS and L2VPN.
|
logLevel
|
SEVERE
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/repository/persistence/
|
|
|
Properties for db.
|
Versions
|
5
|
integer
|
The number of maximum versions for a Versioning Persistent Objects.
|
catalog
|
directory
|
string
|
Catalog.
|
driver
|
<db_driver>
|
string
|
The class name for the driver
|
initialConnections
|
1
|
integer
|
Number of initial connections.
|
location
|
<repository_
home>
|
string
|
The directory containing the repository.db and repository.log files.
|
password
|
sql
|
string
|
Password for opening a DB connection.
|
schema
|
DBA
|
string
|
Schema.
|
slaurl
|
jdbc:sybase:Tds:<local_db_server>:<db_port_sla>/?JCONNECT_
VERSION=5&
serviceName=sla
|
string
|
The url for opening a JDBC connection to the SLA database.
|
url
|
<db_url>
|
string
|
The url for opening a JDBC connection.
|
username
|
dba
|
string
|
User id to open a db connection.
|
/repository/rbac/
|
|
|
The component for RBAC User Access Model, user Authentication.
|
checkCreatorPermissionEnabled
|
true
|
The valid values are true and false.
|
The creator of objects can give the permissions of Modify or Delete to others. If this flag is false, enable RBAC permission checkin.
|
checkPermissionEnabled
|
true
|
The valid values are true and false.
|
The creator of objects can give the permissions of Modify or Delete to others. If this flag is false, enable RBAC permission checkin.
|
enableAutologin
|
false
|
The valid values are true and false.
|
The property controls whether user may store login information in form of cookies on the computer from which the user connects. If enabled, automatic login, based on the cookie information is permitted. Also user is presented with a screen in which he or she can elect to store login information on the local user's computer. With this property set to false no autologin or options associated with it are available.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
partialQueryResultExpected
|
true
|
The valid values are true and false.
|
When checking Permission on a list of Persistent Objects, and the current user does not the specified permission to all the objects in the result list, partial results will be returned if this flag is true; Insufficient Permission exception will be generated if the flag is false.
|
webSessionTimeoutSec
|
1800
|
integer
|
Timeout of inactive web client session in seconds. Default is 30 minutes.
|
/repository/ual/
|
|
|
User Access/Audit Log
|
cleanUALogs
|
true
|
The valid values are true and false.
|
whether to let system automatically clean up UAL log entries based on ual.maxAgeInDays.
|
maxAgeInDays
|
30
|
integer
|
Maximum age of the User Access/Audit Logs in days after which the UALog Cleanup Service will delete them. if 0 then UALogs deletion is disabled even if cleanUALogs is set to true.
|
watchdog Properties:
|
|
|
All the servers in ISC are launched and managed by the Watchdog.
|
/watchdog/byRole/
|
|
|
This component contains the watchdog properties that based on the role of the host.
|
cs/
|
|
|
Watchdog properties for machine playing the role of a cs (Collection Server/Agent).
|
servers
|
httpd nspoller worker dbpoller
|
string
|
Names of the servers to be run.
|
db/
|
|
|
Watchdog properties for a machine playing the role of a db (DB server).
|
servers
|
dbpoller
|
string
|
The servers to be run on a installation with the role db.
|
is/
|
|
|
Watchdog properties for a machine playing the role of a Interface Server.
|
servers
|
httpd dbpoller
|
string
|
Names of servers to be run on an installation with role is.
|
master/
|
|
|
Watchdog properties of a machine playing the role of a master.
|
servers
|
httpd nspoller dbpoller dispatcher worker scheduler lockmanager cornerstonebridge cnsserver
|
string
|
The servers to be run.
|
ps/
|
|
|
Watchdog properties for a machine playing the role of a ps (Processing Server/Agent).
|
servers
|
httpd nspoller worker dbpoller
|
string
|
Names of servers to be run.
|
/watchdog/diskspace/
|
|
|
Contains properties related to disk space monitoring.
|
dirsToMonitor
|
|
string
|
The directories (and ultimately the disks that contain them) to be monitored.
|
disksToMonitor
|
|
string
|
The disks to be monitored for space constraints.
|
emailRecipients
|
<mailto>
|
string
|
The comma separated list of e-mail addresses to which the disk space related e-mails should be sent out.
|
highWatermark
|
<highwater>
|
string
|
High watermark for the directories (disks) being monitored. The value should be a number followed by a < (for percent) or m or M (for Mbytes). These values should correspond to the available/free space on the disk. If the available disk space stabilizes above this value (after falling below the low watermark), an e-mail is sent to the addresses specified in the property watchdog.diskspace.emailRecipients.
|
lowWatermark
|
<lowwater>
|
string
|
Low watermark for the directories (disks) being monitored. The value should be be a number followed by a % (for percent) or m or M (for Mbytes). These values should correspond to the available/free space on the disk. If the available disk space falls below this value, an e-mail is sent to the addresses specified in the property watchdog.diskspace.emailRecipients.
|
sleepInterval
|
60000
|
integer
|
Time between two status checks for disk space limits in milliseconds.
|
/watchdog/group/
|
|
|
Group.
|
database_users
|
scheduler httpd
|
string
|
The servers that access database.
|
/watchdog/heartbeat/
|
|
|
Properties related to watchdog heartbeat mechanism are specified here.
|
wds/
|
|
|
Heartbeat properties for intra-watchdog communication.
|
delay
|
5000
|
integer
|
The period in between heartbeats. (from master watchdog to slave watchdog and vice-versa) in milliseconds.
|
initDelay
|
1000
|
integer
|
The initial period of time for which the heartbeat thread waits before trying for a heartbeat after a watchdog registers with the MasterWatchdog, in milliseconds.
|
masterReconnectAttemptDelay
|
2000
|
integer
|
The sleep time between two successive attempts by a slave watchdog to reconnect to master watchdog, in milliseconds.
|
maxAllowedMisses
|
3
|
integer
|
The maximum number of consecutive misses that a watchdog should miss for the master to consider it inactive or unregistered.
|
maxAttemptsForMasterReconnect
|
500
|
integer
|
Once the slave watchdog loses connection with the master, it will try this many times to try and establish the connection. If it cannot re-establish a connection with the master even after making these many attempts, it shuts itself down. Between attempts, it sleeps watchdog.heartbeat.wds.masterReconnectAttemptDelay time. The value for this property should be specified in milliseconds. A value of 0 indicates that the slave watchdog has no upper limit on the number of reconnect attempts.
|
period
|
120000
|
integer
|
The minimum time between each heartbeat request in milliseconds.
|
sendEvents
|
false
|
The valid values are true and false.
|
If set to true, watchdog sends out tibco events everytime a heartbeat succeeds or fails. If set to false, no such events will be sent.
|
startDelay
|
5000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
3000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
/watchdog/java/
|
|
|
Java.
|
flags
|
-XX:+UseAltSigs
|
string
|
Any other flags to be passed on to java.
|
vmtype
|
-server
|
string
|
The flag to be passed on to java (-server or -client).
|
/watchdog/server/
|
httpd nspoller dbpoller dispatcher worker scheduler lockmanager cornerstonebridge
|
string
|
Server.
|
cnsserver/
|
|
|
Monitors CNS events from IE2100 boxes. Communication between client and server is completely handled using Tibco events.
|
heartbeat/
|
|
|
Heartbeat related properties.
|
startDelay
|
10000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
3000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
java/
|
|
|
Java attributes for this server.
|
flags
|
|
string
|
Any additional java flags specific to this server. If the value is changed, watchdog restart is required for the new value to take effect.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDCnsServer
|
string
|
Heartbeat Handler - Checks for valid Tibco Connection.
|
cmd
|
java com.cisco.vpnsc.cns.CnsServer
|
string
|
Implementation to monitor CNS events from IE2100 boxes.
|
dependencies
|
dbpoller
|
string
|
Dependencies.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
cornerstonebridge/
|
|
|
Acts as a gateway for remote application access to Auto Discovery. Communication between client and server is completely handled using Tibco events.
|
heartbeat/
|
|
|
Heartbeat related properties.
|
startDelay
|
10000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
3000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
java/
|
|
|
Java attributes for this server.
|
flags
|
|
string
|
Any additional java flags specific to this server. If the value is changed, watchdog restart is required for the new value to take effect.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDCornerstoneBridge
|
string
|
Heartbeat Handler - Checks for valid Tibco Connection.
|
cmd
|
java com.cisco.vpnsc.apps.cornerstone.CornerstoneBridge
|
string
|
Implementation to communicate with Auto Discovery.
|
dependencies
|
dbpoller
|
string
|
Dependencies.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
dbpoller/
|
|
|
This server keeps polling the database to see if it is functional.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDDatabase
|
string
|
Name of class responsible for getting heartbeats.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
dispatcher/
|
|
|
Dispatcher service of the Distribution framework.
|
heartbeat/
|
|
|
|
startDelay
|
45000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
3000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
java/
|
|
|
Java attributes for this server
|
flags
|
|
string
|
Any additional java flags specific to this server. If the value is changed, watchdog restart is required for the new value to take effect.
|
app_args
|
Dispatcher com.cisco.vpnsc.dist.vpnsc.VpnscDispatcherImpl
|
string
|
Args to the class that starts this service.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDDispatcher
|
string
|
The class that proxies this service for the watchdog.
|
cmd
|
java com.cisco.vpnsc.watchdog.ext.ServiceLauncherImpl
|
string
|
Command to start the server.
|
dependencies
|
dbpoller nspoller
|
string
|
The other services that this service depends on Heartbeat related properties.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
httpd/
|
|
httpd
|
|
heartbeat/
|
|
|
Heartbeat.
|
port
|
<http_port>
|
integer
|
The port on which httpd should run.
|
startDelay
|
45000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
10000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
url
|
http://localhost:
<http_port>/isc/
about.htm
|
string
|
url
|
class
|
com.cisco.vpnsc.watchdog.servers.WDHttpd
|
string
|
Class.
|
cmd
|
<vpnsc_home>/
bin/tomcat.
sh start fg
|
string
|
The command to start httpd on this host.
|
dependencies
|
dbpoller
|
string
|
Dependencies.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
lockmanager/
|
|
|
Component that handles locking.
|
heartbeat/
|
|
|
Heartbeat related properties.
|
startDelay
|
10000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
3000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
java/
|
|
|
Java attributes for this server.
|
flags
|
|
string
|
Any additional java flags specific to this server. If the value is changed, watchdog restart is required for the new value to take effect.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDLockManager
|
string
|
Class that keeps track of lockmanager heartbeats.
|
cmd
|
java com.cisco.vpnsc.lockmanager.LockManagerImpl
|
string
|
Command that starts up the lockmanager.
|
dependencies
|
nspoller
|
string
|
Lock Manager depends on the NS.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
nspoller/
|
|
|
This server polls the NameServer to see if it is running.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDNameServer
|
string
|
Class.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
scheduler/
|
|
|
Scheduler.
|
heartbeat/
|
|
|
Heartbeat related properties.
|
startDelay
|
30000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
3000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
java/
|
|
|
Java attributes for this server.
|
flags
|
|
string
|
Any additional java flags specific to this server. If the value is changed, watchdog restart is required for the new value to take effect.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDScheduler
|
string
|
Class.
|
cmd
|
java com.cisco.vpnsc.scheduler.Scheduler
|
string
|
Command to start the scheduler.
|
dependencies
|
dbpoller worker
|
string
|
Dependencies.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
worker/
|
|
|
Worker service of the distribution framework.
|
heartbeat/
|
|
|
Heartbeat related properties.
|
startDelay
|
45000
|
integer
|
Time to wait before making the first heartbeat request in milliseconds.
|
timeout
|
3000
|
integer
|
The period of time before which response for heartbeat request should be received by the watchdog, in milliseconds.
|
java/
|
|
|
Java attributes for this server.
|
flags
|
-Xmx512m -Xbootclasspath/p:<vpnsc_home>/thirdparty/jar/
AdventNetSnmp3_3.2.jar:
<vpnsc_home>/
thirdparty/jar/
cryptix32.jar -Dcom.cisco.
insmbu.templatemgr.backend.
PropFile=
<vpnsc_home>/
resources/
templatesystem/Template.
properties
|
string
|
Any additional java flags specific to this server. If the value is changed, watchdog restart is required for the new value to take effect.
|
app_args
|
Worker com.cisco.vpnsc.dist.WorkerImpl, com.cisco.vpnsc.sla.sql.SlaMaintenanceService, com.cisco.vpnsc.repository.ual.UALCleanupServiceImpl, com.cisco.vpnsc.license.LicenseSynchronize, com.cisco.vpnsc.cleanup.TaskLogCleanupService, com.cisco.vpnsc.cleanup.TempFileCleanupService, com.cisco.vpnsc.cleanup.RuntimeTaskCleanupService"
|
string
|
Arguments to the class specified in the cmd property.
|
class
|
com.cisco.vpnsc.watchdog.servers.WDWorker
|
string
|
The server class that proxies Worker service for the watchdog.
|
cmd
|
java com.cisco.vpnsc.watchdog.ext.ServiceLauncherImpl
|
string
|
Command to start the worker.
|
dependencies
|
nspoller
|
string
|
Servers that have to be functioning for this server to function normally.
|
logLevel
|
CONFIG
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
maxQuickDieCount
|
3
|
integer
|
The maximum number of times a server can die consecutively without having a successful heartbeat. If this number is exceeded, the server is marked as disabled.
|
startTimeout
|
240000
|
integer
|
The timeout for the initial heartbeat response. The first heartbeat should happen within this time.
|
/watchdog/serverStatus/
|
|
|
The properties related to the server status monitoring function provided by the watchdog are specified here.
|
emailRecipients
|
<mailtoRestart>
|
string
|
Comma separated list of e-mail addresses to which notices about server state changes should be e-mailed
|
stableTime
|
60000
|
integer
|
Time in milliseconds that has to pass before a server's status can be considered stable (for the purpose of sending out a server status e-mail notification).
|
/watchdog/criticalServers
|
|
string
|
If any of these servers enters the disabled state, then it would mean that the system is NOT healthy. If this value is null/empty then every single server is critical.
|
/watchdog/groups
|
database_users
|
string
|
The space separated list of different groups in the system.
|
/watchdog/logLevel
|
FINEST
|
string
|
The logLevel is the level at which logging is done for this component. These levels are identical to the logging levels defined for JDK1.4 logging package. The levels in descending order are: SEVERE (highest value) WARNING INFO CONFIG FINE FINER FINEST (lowest value).
|
/watchdog/servers
|
httpd nspoller dbpoller dispatcher worker scheduler lockmanager cornerstonebridge
|
string
|
Server.
|
/watchdog/waitDelay
|
3000
|
integer
|
The time period for which the wait() calls in watchdog wait, before checking the wait condition, in milliseconds.
|
xml Properties:
|
|
|
The component for XML-based properties.
|
/xml/queries/
|
|
|
Properties for RepQueryLoader.
|
filepath
|
<vpnsc_home>/
resources/java/
xml/com/cisco/
vpnsc/repository/Queries.xml
|
string
|
File path and name.
|
