Contents
Manageability Commands on Cisco IOS XR Software
This chapter describes the Cisco IOS XR software commands used to enable the HTTP server, enable router management through Extensible Markup Language (XML) agent services, and support the Common Object Request Broker Architecture (CORBA) infrastructure.
The XML Parser Infrastructure provides parsing and generation of XML documents with Document Object Model (DOM), Simple API for XML (SAX), and Document Type Definition (DTD) validation capabilities:
http server
To enable the HTTP server on the router and enable access to the Craft Works Interface (CWI), use the http server command in global configuration mode. To disable the HTTP server, use the no form of this command.
Syntax Description
ssl (Optional) Enables Secure Socket Layer (SSL).
access-group name (Optional) Enables access to the CWI from IP addresses that meet the conditions of the access control list (ACL) specified for the name argument.
Command History
Release
Modification
Release 3.2
This command was introduced.
Release 3.3.0
No modification.
Release 3.4.0
No modification.
Release 3.5.0
No modification.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Release 3.8.0
No modification.
Release 3.9.0
No modification.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the http server command to enable the HTTP server on your router.
To display the home page of the router, use a Web browser pointed to http://x.x.x.x, where x.x.x.x is the router IP address. If a name has been set, use http://router-name.
Use the ssl keyword to run HTTP over a secure socket. This command enables the HTTP server to run SSL when accessing web pages or files provided by the HTTP server of the router and disables access through the regular HTTP port.
Enabling the HTTP server enables authentication by default. After the HTTP server has been enabled, you then are prompted to provide a username and password to access web pages on the HTTP server.
Note
The http server command enables the HTTP server process on Management Ethernet interfaces by default. For information about how to enable HTTP server on other inband interfaces, see the Implementing Management Plane Protection on Cisco IOS XR Software module in Cisco IOS XR System Security Configuration Guide for the Cisco XR 12000 Series Router.
Task ID
Examples
The following example shows how to enable the HTTP server on the router:
RP/0/0/CPU0:router(config)# http serverThe following example shows how to enable SSL to run HTTP over a secure socket:
RP/0/0/CPU0:router(config)# http server sslThe following example shows how to enable SSL to run HTTP over a secure socket and to enable access to the CWI from only IP addresses that meet the conditions of the access group named test:
RP/0/0/CPU0:router(config)# http server ssl access-group testThe following sample output from the show ipv4 access-lists commands displays the IPv4 access list named test:
RP/0/0/CPU0:router# show ipv4 access-lists test ipv4 access-list test 10 deny ip host 171.71.163.96 any 20 permit ip host 64.102.48.34 anyiteration
To configure the iteration size for large XML agent responses, use the iteration command in xml agent configuration mode. To revert to the default iteration settings, use the no form of this command.
Syntax Description
off Disables iteration, meaning that the entire XML response is returned, regardless of its size. Use of this option is not recommended.
on Enables iteration, meaning that large XML responses are broken into chunks according to the iteration chunk size.
size iteration-size Specifies the size of the iteration chunk, in Kbytes. Values can range from 1 to 100,000.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
When the XML agent returns a large response, it splits the response into chunks and returns one chunk at a time. External clients then need to send a GetNext request to obtain the next chunk. Use the iteration command to control the size of iteration chunks. A larger chunk value allows larger chunks to be received in a shorter period of time, possibly making the router system busier. A smaller chunk value allows smaller chunks to be received over a longer period of time, but does not make the router busy You can also specify to disable iteration completely using the iteration off command.
Note
It is not recommended to disable iteration, since this could result in large transient memory usage.
To specify the TTY or SSL iteration size specifically, use the iteration command from the appropriate command mode.
Task ID
Examples
The following example shows how to configure the iteration chunk size to 100 Kbytes.
RP/0/0/CPU0:router(config)# xml agent RP/0/0/CPU0:router(config-xml)# iteration on size 100The following example shows how to disable iteration:
RP/0/0/CPU0:router(config)# xml agent RP/0/0/CPU0:router(config-xml)# iteration offThe following example shows how to turn on iteration with the default iteration size:
RP/0/0/CPU0:router(config)# xml agent RP/0/0/CPU0:router(config-xml)# no iteration offThe following example shows how to change the iteration size to the default iteration size.
RP/0/0/CPU0:router(config)# xml agent RP/0/0/CPU0:router(config-xml)# no iteration on size 100The following example shows how to change the iteration size of the TTY agent to 3 Kbytes:
RP/0/0/CPU0:router(config)# xml agent tty RP/0/0/CPU0:router(config-xml-tty)# iteration on size 3The following example shows how to turn off the iteration of the SSL agent:
RP/0/0/CPU0:router(config)# xml agent ssl RP/0/0/CPU0:router(config-xml-ssl)# iteration offRelated Commands
Command
Description
Enables Extensible Markup Language (XML) requests over a dedicated TCP connection and enters XML agent configuration mode.
Enables Extensible Markup Language (XML) requests over Secure Shell (SSH) and Telnet and enters TTY XML agent configuration mode.
Enables Extensible Markup Language (XML) requests over Secure Socket Layer (SSL) and enters SSL XML agent configuration mode.
show xml schema
Command History
Release
Modification
Release 3.6.0
This command was introduced.
Release 3.7.0
No modification.
Release 3.8.0
No modification.
Release 3.9.0
No modification.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The command runs the XML schema browser so that you can browse the XML schema and data.
Task ID
Examples
The following example shows how to enter the XML schema browser and the available commands:
RP/0/0/CPU0:router# show xml schema Username: xxxx Password: Enter 'help' or '?' for help xml-schema[config]:> ? config oper action adminoper adminaction cd pwd classinfo list ls datalist walk walkdata get hierarchy quit exit help xml-schema[config]:>throttle
To configure the XML agent processing capabilities, use the throttle command in XML agent configuration mode.
Syntax Description
memory
Specifies the XML agent memory size.
size
Size of the XML agent memory in MB. Values can range from 100 to 600. The default is 300.
process-rate
Specifies the XML agent processing rate.
tags
Number of tags that the XML agent can process per second. Values can range from 1000 to 30000.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the throttle command to control CPU time used by the XML agent when it handles large data.
Task ID
xml agent
To enable Extensible Markup Language (XML) requests over a dedicated TCP connection and enter XML agent configuration mode, use the xml agent command in global configuration mode. To disable XML requests over the dedicated TCP connection, use the no form of this command.
Note
This command enables a new, enhanced-performance XML agent. The xml agent tty command enables the legacy XML agent and is supported for backward compatibility.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
There are two XML agents: a legacy XML agent and an enhanced-performance XML agent. We recommend that you use the enhanced-performance agent. The legacy agent is supported for backward compatibility. Use the command to enable the enhanced-performance XML agent. Use the xml agent tty command to enable the legacy XML agent.
Use the no form of the command to disable the enhanced-performance XML agent.
Task ID
xml agent ssl
To enable Extensible Markup Language (XML) requests over Secure Socket Layer (SSL) and enter SSL XML agent configuration mode, use the xml agent ssl command in global configuration mode. To disable XML requests over SSL, use the no form of this command.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The k9sec package is required to use the SSL agent. The configuration is rejected during commit when the security software package is not active on the system. When the security software package is deactivated after configuring SSL agent, the following syslog message is displayed to report that the SSL agent is no longer available.
xml_dedicated_ssl_agent[420]: %MGBL-XML_TTY-7-SSLINIT : K9sec pie is not active, XML service over SSL is not available.Task ID
xml agent tty
To enable Extensible Markup Language (XML) requests over Secure Shell (SSH) and Telnet and enter TTY XML agent configuration mode, use the xml agent tty command in global configuration mode. To disable XML requests over SSH and Telnet, use the no form of this command.
Note
This command enables a legacy XML agent that has been superceded by an enhanced performance XML agent and is supported only for backward compatibility. To enable the enhanced-performance XML agent, use the xml agent command.
Command History
Release
Modification
Release 3.2
This command was introduced.
Release 3.3.0
No modification.
Release 3.4.0
No modification.
Release 3.5.0
No modification.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Release 3.8.0
No modification.
Release 3.9.0
No modification.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
There are two XML agents: a legacy XML agent and an enhanced-performance XML agent. We recommend that you use the enhanced-performance agent. The legacy agent is supported for backward compatibility. The command enables the legacy XML agent. Use the xml agent command to enable the enhanced-performance XML agent.
Use the no form of the command to disable the legacy XML agent.
Task ID
