EXEC Commands
This section lists each EXEC command and each command page includes a brief description of its use, command syntax, any command defaults, command modes, usage guidelines, and an example of the command and any related commands.
application start
To start the application process, use the application start command in EXEC mode. There is no form of this command.
Note |
This command does not work in FIPS release. |
application start application-name
Syntax Description
application-name |
Name of the predefined application that you want to enable. Up to 255 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Enables an application.
You cannot use this command to start the Prime Infrastructure application. If you use this command to start the application, you can see that the Prime Infrastructure is already running.
Examples
pi-system-168/admin# application start NCS
Starting Prime Infrastructure...
This may take a while (10 minutes or more) ...
Prime Infrastructure started successfully.
Redirecting to /bin/systemctl restart rsyslog.service
Completed in 1029 seconds
application stop
To stop the PI process, use the application stop command in EXEC mode. There is no No form of this command.
application stop application-name
Syntax Description
application-name |
Name of the predefined application that you want to disable. Up to 255 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Disables an application.
Examples
pi-system-117/admin# application stop NCS
pi-system/admin# application stop NCS
Stopping Prime Infrastructure...
This may take a few minutes...
Prime Infrastructure successfully shutdown.
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Completed shutdown of all services
application upgrade
To upgrade lower version to higher version (supported version), use the application upgrade command in EXEC mode.
application upgrade application-bundle repository-name
Syntax Description
application-bundle |
Enter the upgrade bundle name. |
remote-repository-name |
Remote repository name (up to 80 alphanumeric characters). |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Upgrades an application bundle, and preserves any application configuration data.
If you enter the application upgrade command when another application upgrade operation is in progress, you will see the following warning message:
An existing application install, remove, or upgrade is in progress. Try again shortly.
Caution |
Do not enter the backup or restore commands when the upgrade is in progress. This action might cause the database to be corrupted. |
Examples
pi-system-196/admin# application upgrade
PI-Upgrade-36x_37x_to_3.8.0.0.310.tar.gz defaultRepo
backup
Appliance Backup: To perform a backup (including the Prime Infrastructure and Cisco ADE OS data) and place the backup in a repository, use the backup command in EXEC mode.
Application Backup: To perform a backup of only the Prime Infrastructure application data without the Cisco ADE OS data, use the application keyword command.
Command for Appliance Backup:
backup backup-name repository repository-name
Command for Application Backup
backup backup-name repository repository-name application application-name
Syntax Description
backup-name |
Name of the backup file. Up to 26 alphanumeric characters is recommended. |
||
repository-name |
Name of the location where the files should be backed up to. Up to 80 alphanumeric characters. |
||
application-name |
Application name. Up to 255 alphanumeric characters.
|
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Performs a backup of the Prime Infrastructure and Cisco ADE OS data and places the backup in a repository.
To perform a backup of only the Prime Infrastructure application data without the Cisco ADE OS data, use the application command.
Examples
pi-system/admin# backup Appliancebkp repository test
DO NOT press ^C while the backup is in progress
Aborting backup with a ^C may terminate the backup operation or the backup file may be corrupted
To restore this backup you will have to enter this password
Password :
Password Again :
Backup Started at : 11/27/18 19:08:57
Stage 1 of 7: Database backup ...
Database size: 7.1G
-- completed at 11/27/18 19:10:20
Stage 2 of 7: Database copy ...
-- completed at 11/27/18 19:10:20
Stage 3 of 7: Backing up support files ...
-- completed at 11/27/18 19:10:24
Stage 4 of 7: Compressing Backup ...
-- completed at 11/27/18 19:10:46
Stage 5 of 7: Building backup file ...
-- completed at 11/27/18 19:11:03
Stage 6 of 7: Encrypting backup file ...
-- completed at 11/27/18 19:11:09
Stage 7 of 7: Transferring backup file ...
-- completed at 11/27/18 19:11:11
% Backup file created is: Appliancebkp-181127-1908__VER3.8.0.0.310_BKSZ5G_CPU4_MEM3G_RAM11G_SWAP15G_SYS_CK525526487.tar.gpg
Total Backup duration is: 0h:2m:18s
pi-system/admin#
************************************************************************************************************************
Examples
pi-system/admin# backup Applicationbkp repository test application NCS
DO NOT press ^C while the backup is in progress
Aborting backup with a ^C may terminate the backup operation or the backup file may be corrupted
To restore this backup you will have to enter this password
Password :
Password Again :
Backup Started at : 11/27/18 19:13:33
Stage 1 of 7: Database backup ...
Database size: 7.1G
-- completed at 11/27/18 19:14:17
Stage 2 of 7: Database copy ...
-- completed at 11/27/18 19:14:17
Stage 3 of 7: Backing up support files ...
-- completed at 11/27/18 19:14:19
Stage 4 of 7: Compressing Backup ...
-- completed at 11/27/18 19:14:34
Stage 5 of 7: Building backup file ...
-- completed at 11/27/18 19:14:50
Stage 6 of 7: Encrypting backup file ...
-- completed at 11/27/18 19:14:55
Stage 7 of 7: Transferring backup file ...
-- completed at 11/27/18 19:14:56
% Backup file created is: Applicationbkp-181127-1913__VER3.8.0.0.310_BKSZ5G_CPU4_MEM3G_RAM11G_SWAP15G_APP_CK3453119464.tar.gpg
Total Backup duration is: 0h:1m:26s
pi-system/admin#
***************************************************************************************************************************************
backup-logs
To back up system logs, use the backup-logs command in EXEC mode. There is no no form of this command.
backup-logs backup-name repository repository-name
Syntax Description
backup-name |
Name of one or more files to back up. Up to 100 alphanumeric characters. |
repository-name |
Location where files should be backed up to. Up to 80 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Backs up system logs.
Examples
pi-admin/admin# backup-logs log-backup repository defaultRepo
% Creating log backup with timestamped filename: log-backup-150621-1618.tar.gz
Transferring file ...
-- complete.
pi-system/admin#
banner
To set up messages while logging (pre-login) in to CLI, use the banner install pre-login command.
banner install pre-login banner-text-filename repository Repository-name
Syntax Description
banner-text-filename |
Banner text file name. |
repository-name |
Repository name. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
admin# banner install pre-login test.txt repository defaultRepo
change-password
To change the password you use to log in to CLI interface, use the change-password command.
change-password password
Syntax Description
password |
New password |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system/admin# change-password
Changing password for user admin.
Changing password for admin.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
clock
To set the system clock, use the clock command in EXEC mode. You cannot remove this function but reset the clock.
clock set [mmm dd hh:mm:ss yyyy]
Syntax Description
mmm |
Current month of the year by name. Up to three alphabetic characters. For example, Jan for January. |
dd |
Current day (by date) of the month. Value = 0 to 31. Up to two numbers. |
hh:mm:ss |
Current time in hours (24-hour format), minutes, and seconds. |
yyyy |
Current year (no abbreviation). |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Sets the system clock. You must restart the Prime Infrastructure server after you reset the clock for the change to take effect.
Examples
pi-system-196/admin# clock set Jan 28 04:11:35 2020
pi-system-196/admin# show clock
Tue Jan 28 04:11:38 IST 2020
pi-system-196/admin#
configure
To enter configuration mode, use the configure command in EXEC mode. If the replace option is used with this command, copies a remote configuration to the system which overwrites the existing configuration.
configure terminal
Syntax Description
terminal |
Executes configuration commands from the terminal. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use this command to enter configuration mode. Note that commands in this mode write to the running configuration file as soon as you enter them (press Enter ).
To exit configuration mode and return to EXEC mode, enter end , exit , or pressCtrl-z .
To view the changes that you have made to the configuration, use the show running-config command in EXEC mode.
Examples
ncs/admin# configure
Enter configuration commands, one per line. End with CNTL/Z.
ncs/admin(config)#
ncs/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ncs/admin(config)#
copy
To copy any file from a source to a destination, use the copy command in EXEC mode.
Syntax Description
running-config |
Represents the current running configuration file. |
startup-config |
Represents the configuration file used during initialization (startup). |
protocol |
See Table A-5 for protocol keyword options. |
hostname |
Hostname of destination. |
location |
Location of disk:/<dirpath>. |
logs |
The system log files. |
all |
Copies all Prime Infrastructure log files from the system to another location. All logs are packaged as ncslogs.tar.gz and transferred to the specified directory on the remote host. |
filename |
Allows you to copy a single Prime Infrastructure log file and transfer it to the specified directory on the remote host, with its original name. |
log_filename |
Name of the Prime Infrastructure log file, as displayed by the show logs command (up to 255 characters). |
mgmt |
Copies the Prime Infrastructure management debug logs and Tomcat logs from the system, bundles them as mgmtlogs.tar.gz, and transfers them to the specified directory on the remote host. |
runtime |
Copies the Prime Infrastructure runtime debug logs from the system, bundles them as runtimelogs.tar.gz, and transfers them to the specified directory on the remote host. |
Command Default
No default behavior or values.
Command Modes
EXEC
Running Configuration
The fundamental function of the copy command allows you to copy a file (such as a system image or configuration file) from one location to another location. The source and destination for the file specified uses the file system, through which you can specify any supported local or remote file location. The file system being used (a local memory source or a remote system) dictates the syntax used in the command.
You can enter on the command line all of the necessary source and destination information and the username and password to use; or, you can enter the copy command and have the server prompt you for any missing information. You can enter up to a maximum of 2048 characters of source and destination URL information on the command line.
The copy command in the copies a configuration (running or startup).
The active configuration stores itself in the RAM. Every configuration command you enter resides in the running configuration. If you reboot your server, you lose the running configuration. If you make changes that you want to save, you must copy the running configuration to a safe location, such as a network server, or save it as the server startup configuration.
You cannot edit a startup configuration directly. All commands that you enter store themselves in the running configuration, which you can copy into the startup configuration.
In other words, when you boot a server, the startup configuration becomes the initial running configuration. As you modify the configuration, the two diverge: the startup configuration remains the same; the running configuration reflects the changes that you have made. If you want to make your changes permanent, you must save the running configuration to the startup configuration using the write memory command. The write memory command makes the current running configuration permanent.
Note |
If you do not save the running configuration, you will lose all your configuration changes during the next reboot of the server. You can also save a copy of the running and startup configurations using the following commands, to recover in case of loss of configuration: copy startup-config location copy running-config location |
Note |
The copy command is supported only for the local disk and not for a repository. |
Tip |
Aliases reduce the amount of typing that you need to do. For example, type copy run start (the abbreviated form of the copy running-config startup-config command). |
The entire copying process might take several minutes and differs from protocol to protocol and from network to network.
Use the filename relative to the directory for file transfers.
Possible error is the standard FTP error message.
Keyword |
Destination |
||
---|---|---|---|
ftp |
URL for FTP network server. The syntax for this alias: ftp:// location/ directory |
||
sftp |
URL for an SFTP network server. The syntax for this alias: sftp://location/directory SFTP Repositories may require the // between the IP address/FQDN and the physical path on the SFTP store. If you find that you cannot access the SFTP repository with single slashes, add the additional slash and try the operation again. For example: url sftp://server//path
Depending on the SFTP software used with the remote server, you may need to enable "password authentication” instead of "keyboard-interactive mode”. Enabling “password authentication” is required; copy to remote SFTP servers will not work unless it is enabled. For example: With OpenSSH 6.6x, “keyboard-interactive mode” is the default. To enable “password authentication”, edit the OpenSSH sshd_config file to set the PasswordAuthentication parameter to “yes”, as follows: PasswordAuthentication yes. |
||
tftp |
URL for a TFTP network server. The syntax for this alias: tftp:// location/ directory |
Examples
ncs/admin# copy run start
Generating configuration...
ncs/admin#
ncs/admin# copy running-config startup-config
Generating configuration...
ncs/admin#
ncs/admin# copy start run
ncs/admin#
ncs/admin# copy startup-config running-config
ncs/admin#
ncs/admin# copy logs disk:/
Collecting logs...
ncs/admin#
This command is used to copy the certificate from tftp to pnp.
copy tftp://<PI Server IP Address>/server.key disk:/
copy tftp://<PI Server IP Address>/server.crt disk:/
copy tftp://<PI Server IP Address>/ncs_server_certificate.crt disk:/
debug
To display errors or events for command situations, use the debug command in EXEC mode.
debug{all | application | backup-restore | cdp | config | icmp | copy | locks | logging | snmp | system | transfer | user | utils}
Syntax Description
all |
Enables all debugging. |
application |
Application files.
|
backup-restore |
Backs up and restores files.
|
cdp |
Cisco Discovery Protocol configuration files.
|
config |
Configuration files.
|
icmp |
Internet Control Message Protocol (ICMP) echo response configuration. all—Enable all debug output for ICMP echo response configuration. Set level between 0 and 7, with 0 being severe and 7 being all. |
copy |
Copy commands. Set level between 0 and 7, with 0 being severe and 7 being all. |
locks |
Resource locking.
|
logging |
Logging configuration files. all—Enables all logging configuration debug output. Set level between 0 and 7, with 0 being severe and 7 being all. |
snmp |
SNMP configuration files. all—Enables all SNMP configuration debug output. Set level between 0 and 7, with 0 being severe and 7 being all. |
system |
System files.
|
transfer |
File transfer. Set level between 0 and 7, with 0 being severe and 7 being all. |
user |
User management.
|
utils |
Utilities configuration files. all—Enables all utilities configuration debug output. Set level between 0 and 7, with 0 being severe and 7 being all. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use the debug command to identify various failures within the Prime Infrastructure server; for example, setup failures or configuration failures.
Examples
ncs/admin# debug all
ncs/admin# mkdir disk:/1
ncs/admin# 6 [15347]: utils: vsh_root_stubs.c[2742] [admin]: mkdir operation success
ncs/admin# rmdir disk:/1
6 [15351]: utils: vsh_root_stubs.c[2601] [admin]: Invoked Remove Directory disk:/1 command
6 [15351]: utils: vsh_root_stubs.c[2663] [admin]: Remove Directory operation success
ncs/admin#
ncs/admin# undebug all
ncs/admin#
delete
To delete a file from the Prime Infrastructure server, use the delete command in EXEC mode. There is no no form of this command.
delete filename [disk:/path]
Syntax Description
filename |
Filename. |
disk:/path |
Location. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
If you attempt to delete the configuration file or image, the system prompts you to confirm the deletion. Also, if you attempt to delete the last valid system image, the system prompts you to confirm the deletion.
Examples
ncs/admin# delete disk:/hs_err_pid19962.log
ncs/admin#
dir
To list a file from the Prime Infrastructure server, use the dir command in EXEC mode. To remove this function, use the no form of this command.
dir [word][recursive]
Syntax Description
word |
Directory name. Up to 80 alphanumeric characters. Requires disk:/ preceding the directory name. |
recursive |
Lists a local directory or filename recursively. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system/admin# dir
Directory of disk:/
8957994151 Jan 28 04:11:35 2020 \
pi-system-284-200126-0334__VER3.8.0.0.284_BKSZ24G_CPU4_MEM3G_RAM11G_SWAP15G_APP_CK4209384478.tar.gpg
2624272 Nov 13 2018 19:02:22 ADElogs.tar.gz
20 Nov 09 2018 12:37:50 crash
4096 Nov 14 2018 03:44:47 defaultRepo/
4096 Nov 09 2018 18:40:04 ftp/
16384 Nov 09 2018 05:28:27 lost+found/
4096 Nov 10 2018 02:15:10 sftp/
4096 Nov 09 2018 12:36:08 ssh/
4096 Nov 09 2018 12:36:08 telnet/
4096 Nov 13 2018 21:00:47 tftp/
Usage for disk: filesystem
15534272512 bytes total used
28416839680 bytes free
46310408192 bytes available
exit
To close an active terminal session by logging out of the Prime Infrastructure server or to move up one mode level from configuration mode, use the exit command in EXEC mode.
exit
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use the exit command in EXEC mode to exit an active session (log out of the Prime Infrastructure server) or to move up from configuration mode.
Examples
pi-system/admin# exit
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(10.197.71.160:22) at 10:51:43.
forceout
To force users out of an active terminal session by logging them out of the Prime Infrastructure server, use the forceout command in EXEC mode.
forceout username
Syntax Description
username |
The name of the user. Up to 31 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# forceout user1
ncs/admin#
halt
To shut down and power off the system, use the halt command in EXEC mode.
halt
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Before you enter the halt command, ensure that the Prime Infrastructure is not performing any backup, restore, installation, upgrade, or remove operation. If you enter the halt command while the Prime Infrastructure is performing any of these operations, you will get one of the following warning messages:
WARNING: A backup or restore is currently in progress! Continue with halt?
WARNING: An install/upgrade/remove is currently in progress! Continue with halt?
If you get any of these warnings, enter YEs to halt the operation, or enter NO to cancel the halt.
If no processes are running when you use the halt command or if you enter Yes in response to the warning message displayed, the Prime Infrastructure asks you to respond to the following option:
Do you want to save the current configuration ?
Enter YES to save the existing Prime Infrastructure configuration. The Prime Infrastructure displays the following message:
Saved the running configuration to startup successfully
Examples
pi-system/admin# halt
Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Continue with shutdown? [y/n] y
Broadcast message from root (pts/0) (Wed May 5 18:37:02 2010):
The system is going down for system halt NOW!
Server is shutting down...
lms
To migrate data from lms server to PI server, use lms command in EXEC mode.
lms migrate repository repository-name
Syntax Description
repository-name |
Name of the PI repository. |
Command Default
No default values or behaviour.
Command Modes
EXEC
Examples
pi-cluster-160/admin# lms migrate repository test
Repository name : test
Initiating LMS data restore . Please wait...
INFO: no staging url defined, using local space.
LMS Migration Normal Flow Started : == true
INFO: Backup Status : SUCCESS
Enter the password to unlock the zip file : *********
INFO: Password validation successful.
Enter the Cisco Prime Infrastructure Login Username : root
Enter the Cisco Prime Infrastructure Login Password : ********* (here roZes123)
HTTPS port used is 443
Connecting to The Server...
Login success.
Updating the credentials...
The following data types are available in the given exported data.
Choose an option using comma separated values to migrate.
1 network
2 settings
3 All of the above
Enter an option or comma-separated options :3
3
Checking for all option ...
Updating the downloading files list ...
Started downloading the files to import from repository ...
mkdir
To create a new directory on the Prime Infrastructure server, use the mkdir command in EXEC mode.
mkdir directory-name [disk:/path]
Syntax Description
directory-name |
The name of the directory to create. Up to 80 alphanumeric characters. |
disk:/path |
Use disk:/path with the directory name. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use disk :/path with the directory name; otherwise, an error appears that indicates that the disk :/path must be included.
Examples
ncs/admin# mkdir disk:/test
ncs/admin# dir
Directory of disk:/
4096 May 06 2010 13:34:49 activemq-data/
4096 May 06 2010 13:40:59 logs/
16384 Mar 01 2010 16:07:27 lost+found/
4096 May 06 2010 13:42:53 target/
4096 May 07 2010 12:26:04 test/
Usage for disk: filesystem
181067776 bytes total used
19084521472 bytes free
20314165248 bytes available
ncs/admin#
ncs run client-auth
You can enable client certificate authentication on your Prime Infrastructure application using ncs run client-auth command.
ncs run client-auth enable
ncs run client-auth disable
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system-117/admin# ncs run client-auth enable
WARNING :
This feature requires the CA certificate to be installed on the system.
Please use the command 'ncs key importcacert ..." to
import the certificate of the CA used to sign the client certificates.
Ignore this warning if the CA certificate is already installed.
Use the 'disable' option of this command, to disable client authentication,
if not required.
client_auth status : enabled
pi-system-117/admin#
pi-system-117/admin# ncs run client-auth disable
client_auth status : disabled
pi-system-117/admin#
ncs run list
To display the list of commands associated with NCS, use ncs run list command in EXEC mode.
ncs run list
Command Default
No default behavior or arguments
Command Modes
EXEC
Examples
pi-system/admin# ncs run list
commands :
list - prints this list
test iops - tests the disk write performance
reset [db|keys] - reset database and keys to default factory settings
csrf [disable|enable] - enable or disable CSRF protection
client-auth [disable|enable] - enable or disable client certificate based authentication
jms [disable|enable] - enable or disable message bus connectivity (port 61617)
sshclient-nonfips-ciphers [disable|enable] - enable or disable non fips compliant ciphers for outgoing ssh client connections to devices
ssh-server-legacy-algorithms [disable|enable] - enable or disable legacy algorithms for SSH service.
tls-server-versions <tls_versions> - set the TLS versions to be enabled for TLS service - TLSv1.2 TLSv1.1 TLSv1
tls-server-ciphers <tls_cipher_groups> - set the TLS cipher group to be enabled for TLS service - tls-ecdhe-sha2 tls-ecdhe-sha1 tls-dhe-sha2 tls-dhe-sha1 tls-static-sha2 tls-static-sha1
livelogs [all|secure|ade|messages] - view live audit logs
loghistory [all|secure|ade|messages] - view audit logs
firewall [-block|-unblock|-list] - block and unblock source ip address
ncs run test iops
To test and view details of the input output operations on your Prime Infrastructure, use ncs run test iops command in EXEC mode.
ncs run test iops
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-242/admin# ncs run test iops
Testing disk write speed ...
8388608+0 records in
8388608+0 records out
8589934592 bytes (8.6 GB) copied, 33.4561 s, 257 MB/s
ncs run reset
You can use ncs run reset command to delete all private keys from your Prime Infrastructure server and to clean a corrupted Database. Resetting the DB clears all existing data and replaces it with empty data.
ncs run reset { db | keys }
Syntax Description
db |
Resets DB wth empty data. |
keys |
Deletes all private keys from Prime Infrastructure server. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system-160/admin# ncs run reset db
********************* Warning *********************
This script will delete the existing data in database (network data) and reset
database to default factory settings.
Do you want to proceed [yes/no] [no]? yes
Stopping Prime Infrastructure...
This may take a few minutes...
Prime Infrastructure successfully shutdown.
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Completed shutdown of all services
Listener wcstns is down.
Listener already stopped.
Database is already stopped. Cannot stop again.
This script is intended to run database configuration utilities
to provision and create the embedded database
Running database network config assistant tool (netca)...
Running oracle ZIP DB creation script...
configuring Oracle memory size
Running standby database creation script...
currentState is ...
sid being set wcs
SQL*Plus: Release 12.1.0.2.0 Production on Wed Nov 14 11:25:18 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to an idle instance.
SQL> ORACLE instance started.
Total System Global Area 2147483648 bytes
Fixed Size 2926472 bytes
Variable Size 1023412344 bytes
Database Buffers 1107296256 bytes
Redo Buffers 13848576 bytes
Database mounted.
Database opened.
SQL>
User altered.
SQL> Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - \
64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL*Plus: Release 12.1.0.2.0 Production on Wed Nov 14 11:25:52 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to an idle instance.
SQL> ORACLE instance started.
Total System Global Area 1287651328 bytes
Fixed Size 2934984 bytes
Variable Size 331351864 bytes
Database Buffers 947912704 bytes
Redo Buffers 5451776 bytes
Database mounted.
Database opened.
SQL>
User altered.
SQL> Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - \
64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
Listener wcstns is up
Database is already stopped. Cannot stop again.
INFO: reset db command executed successfully. Please restore the system data from a \
backup file
Examples
This example shows how to delete all private keys in Prime Infrastructure server:
pi-system-61/admin# ncs run reset keys
This will delete all the private keys and may impact webserver, SSH service etc.
Do you want to proceed [yes/no] [no]? yes
ncs run csrf
The cross-site request forgery check can be disabled (not recommended). The CLI provided only for backward compatibility with API clients which are not programmed for CSRF protection. For CSRF protection, this option should be enabled using the following command.
ncs run csrf enable
To disable, use the following command:
ncs run csrf disable
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-cluster-93/admin# ncs run csrf enable
pi-cluster-93/admin# ncs run csrf disable
ncs run livelogs
You can run ncs run livelogs command to view live audit logs.
ncs run livelogs { all | secure | ade | messages }
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system-120/admin# ncs run livelogs
***Available filter options to limit logs - all secure ade messages***
************Press Ctrl+C for stop logging*****************
2018-02-28T01:48:39.407787+05:30 pi-system-120 sshd[10309]: pam_unix(sshd:session): \
session closed for user admin
2018-02-28T01:50:14.109435+05:30 pi-system-120 sshd[32038]: \
pam_tally2(sshd:account): option unlock_time=60 allowed in auth phase only
2018-02-28T01:50:14.109456+05:30 pi-system-120 sshd[32038]: \
pam_tally2(sshd:account): unknown option: no_reset
2018-02-28T01:50:14.112152+05:30 pi-system-120 sshd[32038]: pam_unix(sshd:session): \
session opened for user admin by (uid=0)
2018-02-28T02:00:57.499844+05:30 pi-system-120 sshd[32038]: pam_unix(sshd:session): \
session closed for user admin
2018-02-28T02:04:28.870085+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-28T02:04:28.976462+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-28T02:21:30.485537+05:30 pi-system-120 sshd[6381]: \
pam_tally2(sshd:account): option unlock_time=60 allowed in auth phase only
2018-02-28T02:21:30.485556+05:30 pi-system-120 sshd[6381]: \
pam_tally2(sshd:account): unknown option: no_reset
2018-02-28T02:21:30.488589+05:30 pi-system-120 sshd[6381]: pam_unix(sshd:session): \
session opened for user admin by (uid=0)
2018-02-28T02:25:04.370446+05:30 pi-system-120 debugd[3229]: [7471]: \
config:network: sysconfig.c[1116] [admin]: Getting ipaddress for eth1
2018-02-28T02:25:04.377607+05:30 pi-system-120 debugd[3229]: [7471]: \
config:network: syscfg_cli.c[1098] [admin]: No ipaddress for interface eth1
2018-02-28T02:25:04.384642+05:30 pi-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetIfState::root:/opt/system/bin/carssh:NotFromTerminal:5:
2018-02-28T02:25:04.384720+05:30 pi-system-120 debugd[3229]: [7471]: \
config:network: syscfg_cli.c[1105] [admin]: Interface eth1 is down
2018-02-28T02:25:04.384777+05:30 pi-system-120 debugd[3229]: [7471]: \
config:network: syscfg_cli.c[1011] [admin]: Getting dhcpv6 enabled for eth1
2018-02-28T02:25:04.405866+05:30 pi-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetNameserver::root:/opt/system/bin/carssh:NotFromTerminal:6:
2018-02-28T02:25:04.412912+05:30 pi-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetNameserver::root:/opt/system/bin/carssh:NotFromTerminal:7:
2018-02-28T02:25:04.420049+05:30 pi-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetNameserver::root:/opt/system/bin/carssh:NotFromTerminal:8:
2018-02-28T02:25:04.427224+05:30 pi-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetGateway::root:/opt/system/bin/carssh:NotFromTerminal:9:
2018-02-28T02:28:16.411167+05:30 pi-system-120 ADEOSShell[8312]: Change Audit \
Details:SUCCESS:CARS CLI:run_command::root:/opt/system/bin/carssh:/dev/pts/1:1:
2018-02-28T02:21:25.649026+05:30 pi-system-120 sshd[6381]: Operating in CiscoSSL \
Common Criteria mode
2018-02-28T02:21:25.654950+05:30 pi-system-120 sshd[6381]: FIPS mode initialized
2018-02-28T02:21:25.806409+05:30 pi-system-120 sshd[6381]: Outbound-ReKey for \
10.77.144.125:16285 [preauth]
2018-02-28T02:21:25.889051+05:30 pi-system-120 sshd[6381]: Inbound-ReKey for \
10.77.144.125:16285 [preauth]
2018-02-28T02:21:30.487757+05:30 pi-system-120 sshd[6381]: Accepted password for \
admin from 10.77.144.125 port 16285 ssh2
2018-02-28T02:21:30.490420+05:30 pi-system-120 sshd[6390]: Inbound-ReKey for \
10.77.144.125:16285
2018-02-28T02:21:30.490437+05:30 pi-system-120 sshd[6390]: Outbound-ReKey for \
10.77.144.125:16285
2018-02-28T02:21:32.124237+05:30 pi-system-120 rsyslogd: [origin \
software="rsyslogd" swVersion="5.8.10" x-pid="3216" \
x-info="http://www.rsyslog.com ] rsyslogd was HUPed
2018-02-28T02:25:04.601075+05:30 pi-system-120 rsyslogd-2177: imuxsock begins to \
drop messages from pid 3229 due to rate-limiting
2018-02-28T02:25:30.938945+05:30 pi-system-120 rsyslogd-2177: imuxsock lost 463 \
messages from pid 3229 due to rate-limiting
^CERROR: cmd '/opt/CSCOlumos/bin/run_command.sh livelogs' failed
pi-system-120/admin#
ncs run loghistory
You can run ncs run loghistory command to view a list of audit logs.
ncs run loghistory { all | secure | ade | messages }
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system-120/admin# ncs run loghistory
***Available filter options to limit logs - all secure ade messages***
::::::::::::::
/var/log/secure
::::::::::::::
2018-02-25T04:22:03.091312+05:30 pi-system-120 passwd: pam_unix(passwd:chauthtok): \
password changed for scpuser
2018-02-25T05:47:52.693460+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T05:47:52.746896+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T07:48:08.551061+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T07:48:08.607276+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T09:48:29.616066+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T09:48:29.675890+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T11:48:49.792055+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T11:48:49.845594+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T13:49:13.712070+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T13:49:13.764692+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T15:49:28.165108+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T15:49:28.231362+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T17:49:46.089296+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T17:49:46.143475+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T19:50:06.775083+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T19:50:06.828332+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T21:50:33.338183+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T21:50:33.393056+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T23:50:59.225069+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T23:50:59.278849+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-26T01:51:23.433628+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T01:52:00.541797+05:30 pi-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T01:52:00.582068+05:30 pi-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-26T01:52:00.635314+05:30 pi-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-26T03:30:00.737839+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:01.308384+05:30 pi-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:01.318405+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:01.373111+05:30 pi-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:01.411957+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:03.176254+05:30 pi-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:03.196829+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:03.252549+05:30 pi-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:06.105604+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:07.126919+05:30 pi-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:07.131747+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:14.916295+05:30 pi-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:14.923602+05:30 pi-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
pi-system-120/admin#
ncs run ssh-server-legacy-algorithms
You can enable or disable ssh server legacy algorithms using ncs run ssh-server-legacy-algorithms command in EXEC mode.
ncs run ssh-server-legacy-algorithms { enable | disable }
Syntax Description
enable |
Enables ssh server legacy algorithms. |
disable |
Disables ssh server legacy algorithms. |
Command Default
Default mode is enable
.
EXEC
Examples
pi-system-90/admin# ncs run ssh-server-legacy-algorithms enable
Enabling legacy algorithms for SSH service...
KexAlgorithms : diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
MACs : hmac-sha2-512,hmac-sha2-256,hmac-sha1
Ciphers : aes128-gcm@openssh.com,aes128-ctr,chacha20-poly1305@openssh.com,aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,3des-cbc,aes128-cbc,aes256-cbc
Restarting sshd (via systemctl):
ncs run tls-server-versions
To set the TLS (Transport Layer Security) version, use ncs run tls-server-versions command in EXEC mode.
ncs run tls-server-version <TLS version>
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
The following example illustrates the use of the ncs run set-tls-versionscommand:
pi-system-168/admin# ncs run tls-server-versions TLSv1 TLSv1.1 TLSv1.2
Enabled TLS version are - TLSv1,TLSv1.1,TLSv1.2
Restart is required for the changes to take effect
pi-system-168/admin#
Warning |
Running this command requires an immediate software restart. It is suggested you perform a failover and failback so that changes are reflected in both primary and secondary servers. |
ncs start
To start the Prime Infrastructure server, use the ncs start command.
ncs start [verbose]
Syntax Description
verbose |
Displays the detailed messages during the start process. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
To see the messages in the console, use the ncs start verbose command.
Examples
This example shows how to start the server:
Examples
pi-common-133/admin# ncs start verbose
Starting Prime Infrastructure...
Reporting Server Heap size = 4096m
XMP Server Heap size = 6656m
Starting Health Monitor
Starting Health Monitor as a primary
Checking for Port 8082 availability... OK
CERT MATCHED :
Updating web server configuration file ...
Starting Health Montior Web Server...
Health Monitor Web Server Started.
Setting UID to 499:110
UID set to 499:110
Starting Health Monitor Server...
Health Monitor Server Started.
Database server started for instance : wcs
Processing Service Name: Database
Database is already running.
Processing Service Name: FTP Service
Processing Service Name: TFTP Service
Processing Service Name: Matlab
FTP Service is disabled.
Processing Service Name: Matlab1
Starting Remoting Service: Matlab Server
Processing Service Name: Matlab2
Processing Service Name: NMS Server
Starting Remoting Service: Matlab Server Instance 1
Starting Remoting Service: Matlab Server Instance 2
Checking /tmp/remoting_launchout_Matlab1.lock...
Checking /tmp/remoting_launchout_Matlab.lock...
Checking /tmp/remoting_launchout_Matlab2.lock...
Executing startRemoting for Matlab2 ...
Executing startRemoting for Matlab1 ...
Executing startRemoting for Matlab ...
DEPENDENCY CHECK: Database
DB scheme update process starting..
DB scheme update process finished.
Starting NMS Server
Started TFTP Service
/opt/CSCOlumos/classloader-conf:/opt/CSCOlumos/lib/xmp/XMPClassLoader-11.0.1.jar
Checking for running servers.
Checking if DECAP is running.
00:00 DECAP is not running.
00:00 Check complete. No servers running.
Unable to initialize com.mathworks.mwswing.MJStartup
Matlab pid = 9696
system property before init instance: null
Starting Remoting Instance: Matlab Server
Checking for Port 10555 availability... OK
Starting Remoting Service Web Server Matlab Server...
Warning: MATLAB does not support bit depths less than or equal to 8.
Figure windows may not be usable
Warning: latest version of matlab app-defaults file not found.
Contact your system administrator to have this file installed
Warning: Duplicate directory name: /opt/CSCOlumos/matlab/toolbox/compiler.
Remoting Service Web Server Matlab Server Started.
Starting Remoting Service Matlab Server...
Remoting 'Matlab Server' started successfully.
Unable to initialize com.mathworks.mwswing.MJStartup
Matlab1 pid = 9692
system property before init instance: null
Starting Remoting Instance: Matlab Server Instance 1
Checking for Port 10755 availability... OK
Starting Remoting Service Web Server Matlab Server Instance 1...
Warning: MATLAB does not support bit depths less than or equal to 8.
Figure windows may not be usable
Warning: latest version of matlab app-defaults file not found.
Contact your system administrator to have this file installed
Warning: Duplicate directory name: /opt/CSCOlumos/matlab/toolbox/compiler.
Remoting Service Web Server Matlab Server Instance 1 Started.
Starting Remoting Service Matlab Server Instance 1...
00:09 DECAP setup complete.
Started executing compliance_db_set_up.sh Input = checkAndCreatePariTableOnSID
Remoting 'Matlab Server Instance 1' started successfully.
No Pari table creation needed on SID wcs
Setting/Clearing remote database parameters
Done waiting DB initialization
_outputHdlr check:log4j:WARN No appenders could be found for logger \
(com.cisco.ciscossl.provider.ciscojce.CiscoJCENativeCrypto).
Starting SAM daemon...
Done.
Done. Setting/Clearing remote database parameters
Starting DA daemon...
Starting Server ...
DASH_HOME = /opt/CSCOlumos/compliance
NCCMHOME = /opt/CSCOlumos/compliance
Asia/Kolkata
Starting NCCM server with Java memory 1024
Unable to initialize com.mathworks.mwswing.MJStartup
Matlab2 pid = 9693
system property before init instance: null
Starting Remoting Instance: Matlab Server Instance 2
Checking for Port 10756 availability... OK
Starting Remoting Service Web Server Matlab Server Instance 2...
Warning: MATLAB does not support bit depths less than or equal to 8.
Figure windows may not be usable
Warning: latest version of matlab app-defaults file not found.
Contact your system administrator to have this file installed
Warning: Duplicate directory name: /opt/CSCOlumos/matlab/toolbox/compiler.
Remoting Service Web Server Matlab Server Instance 2 Started.
Starting Remoting Service Matlab Server Instance 2...
Remoting 'Matlab Server Instance 2' started successfully.
Creating Application Context
Attempt 1: checking /opt/CSCOlumos/logs/remotingMatlab1-0-0.log and \
/opt/CSCOlumos/logs/remoting_launchout_Matlab1.log whether Remoting Service Web \
Server Matlab.* Started.
Detected: /opt/CSCOlumos/logs/remotingMatlab1-0-0.log:02/28/18 01:21:27.147 INFO \
[system] [main] Remoting Service Web Server Matlab Server Instance 1 Started.
/opt/CSCOlumos/logs/remoting_launchout_Matlab1.log:Remoting Service Web Server \
Matlab Server Instance 1 Started.
Completed launchout Matlab1 as 9692
Attempt 1: checking /opt/CSCOlumos/logs/remotingMatlab-0-0.log and \
/opt/CSCOlumos/logs/remoting_launchout_Matlab.log whether Remoting Service Web \
Server Matlab.* Started.
Detected: /opt/CSCOlumos/logs/remotingMatlab-0-0.log:02/28/18 01:21:21.247 INFO \
[system] [main] Remoting Service Web Server Matlab Server Started.
/opt/CSCOlumos/logs/remoting_launchout_Matlab.log:Remoting Service Web Server \
Matlab Server Started.
Completed launchout Matlab as 9696
Attempt 1: checking /opt/CSCOlumos/logs/remotingMatlab2-0-0.log and \
/opt/CSCOlumos/logs/remoting_launchout_Matlab2.log whether Remoting Service Web \
Server Matlab.* Started.
Detected: /opt/CSCOlumos/logs/remotingMatlab2-0-0.log:02/28/18 01:21:37.344 INFO \
[system] [main] Remoting Service Web Server Matlab Server Instance 2 Started.
/opt/CSCOlumos/logs/remoting_launchout_Matlab2.log:Remoting Service Web Server \
Matlab Server Instance 2 Started.
Completed launchout Matlab2 as 9693
Starting servlet container.
NMS Server started successfully
Processing Service Name: Compliance engine
Compliance Engine is enabled in this server
Compliance engine is already running.
Invoked post init hook - com.cisco.ifm.telemetry.config.UpdateProxyInitHook@5d67dec7
Prime Infrastructure started successfully.
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
Completed in 577 seconds
pi-common-133/admin#
Examples
pi-system-120/admin# ncs start
Starting Prime Infrastructure...
This may take a while (10 minutes or more) ...
_outputHdlr check:log4j:WARN No appenders could be found for logger \
(com.cisco.ciscossl.provider.ciscojce.CiscoJCENativeCrypto).
Prime Infrastructure started successfully.
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
Completed in 490 seconds
pi-system-120/admin#
ncs status
To display the Prime Infrastructure server status, use the ncs status command in EXEC mode.
ncs status
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to display the status of the server:
pi-system-117/admin# ncs status
Health Monitor Server is running. ( [Role] Primary [State] HA not Configured )
Database server is running
FTP Service is running
TFTP Service is running
Matlab Server is running
Matlab Server Instance 1 is running
NMS Server is running.
Coral Service is running.
WSA Service is running.
SAM Daemon is running ...
DA Daemon is running ...
ncs stop
To stop the Prime Infrastructure server, use the ncs stop command in EXEC mode. To see the detailed messages, use the ncs stop verbose command.
ncs stop [verbose]
Syntax Description
verbose |
Displays the detailed messages during the stop process. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
To see the detailed messages, use the ncs stop verbose command.
Examples
This example shows how to stop the Prime Infrastructure server:
pi-system-120/admin# ncs stop
Stopping Prime Infrastructure...
This may take a few minutes...
Database is not running.
FTP Service is not running.
TFTP Service is not running.
Matlab is not running.
Matlab1 is not running.
Matlab2 is not running.
Matlab3 is not running.
NMS Server is not running!.
Compliance engine is not running!.
Prime Infrastructure successfully shutdown.
log4j:WARN No appenders could be found for logger \
(com.cisco.ciscossl.provider.ciscojce.CiscoJCENativeCrypto).
log4j:WARN Please initialize the log4j system properly.
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Compliance engine stopped
Completed shutdown of all services
pi-system-120/admin#
Examples
pi-common-133/admin# ncs stop verbose
Stopping Prime Infrastructure...
Status:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
ServerStartupStatus:Creating
Starting servlet container.
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
ServerStartupStatus:Starting
NMS Server started successfully
Processing Service Name: Compliance engine
In startService - serviceType:
In startService - serviceName:Compliance engine
Processing Service Name: WSA Service
In startService - serviceType:processScript
In startService - serviceName:WSA Service
Starting the script....wsa_admin.sh
Completed the script....wsa_admin.sh start & Exit value : 0
Invoked post init hook - com.cisco.ifm.telemetry.config.UpdateProxyInitHook@5db6148e
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
ServerStartupStatus:Invoked
Processing post upgrade hook - \
com.cisco.xmp.data.contributions.SecurityContributionsPostUpgradeHook@2a85fe24
ServerStartupStatus:Processing
Processing post upgrade hook - \
com.cisco.ifm.grouping.service.portgrouping.PortGroupHierarchyChangeUpgradeHook@43f8\
0236
ServerStartupStatus:Processing
Started
ServerStartupStatus:Started
19:45 Server started.
Done
Stopping NMS Server
Stopping XMP .Stopping SAM daemon...
Checking for SAM daemon again ...
Found SAM daemon ...
Stopping SAM daemon ...
Stopping DA daemon ...
Checking for DA daemon again ...
Found DA daemon ...
Stopping DA daemon ...
NMS Server successfully shutdown.
Shutting down database server ...
Database Instance Name = wcs
Database 'wcs' Role = PRIMARY
Listener is not running.
Database server is not running.
Stopped FTP Service
Stopped TFTP Service
Stopping remoting: Matlab Server
Remoting 'Matlab Server' stopped successfully.
Stopping remoting: Matlab Server Instance 1
Remoting 'Matlab Server Instance 1' stopped successfully.
NMS Server is not running!.
Stopping Tomcat...
Tomcat Stopped.
Prime Infrastructure successfully shutdown.
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Completed shutdown of all services
ncs run tls-server-ciphers
You can enable a TLS cipher group using ncs run tls-server-ciphers command in EXEC mode.
ncs run tls-server-ciphers { tls-ecdhe-sha2 | tls-ecdhe-sha1 | tls-dhe-sha2 | tls-dhe-sha1 | tls-static-sha2 | tls-static-sha1}
Syntax Description
tls-ecdhe-sha2 |
Refers to tls cipher group, ecdhe sha2 |
tls-ecdhe-sha1 |
Refers to tls cipher group, ecdhe sha1 |
tls-dhe-sha2 |
Refers to tls cipher group, dhe sha2 |
tls-dhe-sha1 |
Refers to tls cipher group, dhe sha1 |
tls-static-sha2 |
Refers to tls cipher group, static sha2 |
tls-static-sha1 |
Refers to tls cipher group, static sha1 |
Command Default
The default cipher group is tls-ecdhe-sha2
EXEC
Examples
pi/admin# ncs run tls-server-ciphers tls-ecdhe-sha1
Enabled TLS cipher groups are - tls-ecdhe-sha1
Restart is required for the changes to take effect
ncs password ftpuser
To change the FTP username and password, use the ncs password ftpuser command in EXEC mode.
Note |
The value for ftpuser in the above command should always be set to ftp-user. |
After you enable the ftp-user, you can FTP files to and from the /localdisk/ftp folder on standalone or, if configured, High Availability primary servers only. You cannot use change directory (cd) or list directory (ls) functionality with ftp-user.
ncs passwod ftpuser ftp-user password password
Syntax Description
ftp-user |
The FTP user name |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to change the FTP username and password:
pi-system-65/admin# ncs password ftpuser ftp-user password Password123
Updating FTP password
Saving FTP account password in credential store
Synching FTP account passwd to database store - location-ftp-user
Synching FTP account password to system store
Completed FTP password update
pi-system-65/admin#
ncs password root password
To change the root password, use the ncs password root password command in EXEC mode.
ncs password root password userpassword
Syntax Description
userpassword |
Password for the root user. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
Prime InfrastructureThis example shows how to migrate archived files to server:
pi-systems/admin# ncs password root password Userpassword
Password updated for web root user
pi-systems/admin#
ncs ha authkey
To enter the authentication key for high availability (HA), use the ncs ha authkey command in EXEC mode.
ncs ha authkey authorization key
Syntax Description
authorization key |
The authorization key for high availability. Up to 81 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The ncs ha authkey command changes the authorization for the health monitor.
Examples
This example shows how to set up the authorization key for high availability:
pi-system/admin#ncs ha authkey cisco123
Going to update primary authentication key
Successfully updated primary authentication key
Successfully intimated Primary updated authentication key to Secondary Server
pi-system/admin#
ncs ha remove
To remove the high availability configuration settings from Prime Infrastructure, use the ncs ha remove command in EXEC mode.
ncs ha remove
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The ncs ha remove command removes the high availability configuration settings from Prime Infrastructure. If you enter this command, you will see the following confirmation message:
High availability configuration will be removed.
Do you wish to continue? (Y/N)
Examples
pi-system/admin# ncs ha remove
High availability configuration will be removed
Do you wish to continue? (y/N) y
Removing primary configuration will remove all database information
Primary is attempting to remove high availability configuration from both primary \
and secondary
Successfully removed high availability configuration
pi-system/admin#
ncs ha status
To display the current status of high availability (HA), use the ncs ha status command in EXEC mode.
ncs ha status
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Displays the current status of HA.
If you enter the ncs ha status command when HA is not configured, you will see the following response:
[State] Stand Alone
Examples
pi-system/admin# ncs ha status
[Role] Primary [State] HA not Configured
pi-systems/admin#
In Primary server:
pi-system/admin# ncs ha status
[Role] Primary [Secondary Server] 10.197.71.162(10.197.71.162) [State] Primary
Active [Failover Type] Automatic
pi-system/admin#
In Secondary server:
pi-system/admin# ncs ha status
[Role] Secondary [Primary Server] pi-system-161(10.197.71.161) [State] Secondary
Syncing [Failover Type] Automatic
pi-system/admin#
ncs key genkey
To generate a new RSA key and self-signed certificate, use the ncs key genkey command. You can use this command in the following ways:
ncs key genkey -newdn -csr csrfilename repository repositoryname
Syntax Description
genkey |
Generates a new RSA key and self-signed certificate. You can use the following options with this command: -csr: Generate Certificate Signing Request(CSR) file -newdn: Generate new RSA key and self-signed certificate with domain information <cr>: Carriage return. |
-newdn |
Generates a new RSA key and self-signed cert with domain information. You can use the following options with this command: -csr: Generate Certificate Signing Request(CSR) file <cr>: Carriage return. |
-csr |
Generates new CSR certificate file. You can use the following option with this command: <WORD>: Type in certificate file name (Max Size - 80) |
csrfilename |
CSR filename. |
repository |
Repository command. This option is available when you use the -csr option. |
repositoryname |
Location where the files should be backed up to. Up to 80 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to generate new rsa key and certificate files in the Prime Infrastructure server:
pi-cluster-88/admin# ncs key genkey -newdn -csr test.csr repository defaultRepo
Changes will take affect on the next server restart
Enter the fully qualified domain name of the server !!!!: pi-cluster-88.cisco.com
Enter the name of your organization unit !!!!!!!!!!!!!!!: cisco
Enter the name of your organization !!!!!!!!!!!!!!!!!!!!: hcl
Enter the name of your city or locality !!!!!!!!!!!!!!!!: chennai
Enter the name of your state or province !!!!!!!!!!!!!!!: tn
Enter the two letter code for your country !!!!!!!!!!!!!: US
Specify subject alternate names.
If none specified, CN will be used.
Use comma seperated list - DNS:<name>,IP:<address> !!!!!: \
DNS:pi-cluster-88.cisco.com,IP:10.126.168.88
Specify the public key algorithm [rsa/ec] !!!!!!!!!!!!!!: rsa
Specify the RSA key size [2048/4096/8192] !!!!!!!!!!!!!!: 4096
Specify the signature algorithm [sha256/sha512] !!!!!!!!: sha256
Key and CSR/Certificate will be generated with following details
Subject : \
/C=US/ST=tn/L=chennai/O=hcl/OU=cisco/CN=pi-cluster-88.cisco.com
Subject Alternate Name : DNS:pi-cluster-88.cisco.com,IP:10.126.168.88
Public Key Alg : rsa, 4096
Signature Alg : sha256
Continue [yes] : yes
Generating...
Completed generating new key...Changes will take affect on the next server restart
Note: You can provide comma separated list of FQDN and IP of PI servers where you want to import the same certificate received from CA.
To import same CA in other server, you need to import the key from the server where you generate CSR and them import the CA certiifcates.
Note |
You will get csr file generated in location where repository is pointing. Use that csr file get CA certificate or signed certificate from any CA agent. |
ncs key importkey
To apply an RSA key and signed certificate to the Prime Infrastructure, use the ncs key importkey command in EXEC mode.
ncs key exportkey key-filename cert-filename repository repositoryname
ncs key importkey key-filename cert-filename repository repositoryname
Syntax Description
key-filename |
RSA private key file name. |
cert-filename |
Certificate file name. |
repository |
Repository command |
repositoryname |
The repository name configured in the Prime Infrastructure where the key-file and cert-file is hosted. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to apply the new RSA key and certificate files to the server.
ncs key exportkey private.key server.cer repository defaultRepo
ncs key importkey keyfile certfile repository ncs-sftp-repo
Note |
After applying this command, enter the ncs stop and ncs start command to restart the server to make the changes take effect. |
ncs key importsignedcert
To apply an RSA key and signed certificate, use the ncs key importsignedcert command EXEC mode.
ncs key importsignedcert signed-cert-filename repository repositoryname
Syntax Description
signed-cert-filename |
Signed certificate filename. |
repository |
Repository command |
repositoryname |
The repository name configured in Prime Infrastructure where the key-file and cert-file is hosted. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to apply signed certificate files to the Prime Infrastructure server:
> ncs key importsingedcert signed-certfile repository ncs-sftp-repo
Note |
After applying this command, enter the ncs stop and the ncs start command to restart the Prime Infrastructure server to make changes take effect. |
ncs certvalidation certificate-check
To enable or disable certificate validation, use ncs certvalidation certificate-check command in EXEC mode.
ncs certvalidation certificate-check { disable | enable | trust-on-first-use } trustzone trustzone_name
Syntax Description
disable |
Disable certificate validation |
enable |
Enable certificate validation |
trust-on-first-use |
Trust and pin the host certificate on first use |
trustzone_name |
Name of the trustzone |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system/admin# ncs certvalidation certificate-check trust-on-first-use trustzone system
ncs certvalidation certificate-check enable trustzone system
ncs certvalidation custom-ocsp-responder
To configure a custom OCSP responder, use ncs certvalidation custom-ocsp-responder command in EXEC mode.
ncs certvalidation custom-ocsp-responder { clear url | disable | enable | set url }
Syntax Description
clear |
Clear OCSP responder URL |
disable |
Disable custom OCSP responder |
enable |
Enable custom OCSP responder |
set |
Set OCSP responder URL |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system/admin# ncs certvalidation custom-ocsp-responder enable
pi-system/admin# ncs certvalidation custom-ocsp-responder set url1 http://10.104.119.201
pi-system/admin# ncs certvalidation custom-ocsp-responder clear url1
pi-system/admin# ncs certvalidation custom-ocsp-responder disable
ncs certvalidation revocation-check
To enable or disable revocation check using OCSP or CRL, use ncs certvalidation revocation-check command in EXEC mode.
ncs certvalidation revocation-check { disable | enable } trustzone { devicemgmt | pubnet | system | user }
Syntax Description
disable |
Disable certificate revocation |
enable |
Enable certificate revocation |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
pi-system/admin# ncs certvalidation revocation-check enable trustzone system
pi-system/admin#
ncs certvalidation tofu-certs
To view and delete certificates trusted on first use, use ncs certvalidation tofu-certs command in EXEC mode.
ncs certvalidation tofu-certs { listcerts | deletecert host host_name }
Syntax Description
deletecert |
Delete a trust-on-first-use cert for a host |
listcerts |
List certificates trusted on first use |
trust-on-first-use |
Trust and pin the host certificate on first use |
trustzone_name |
Name of the trustzone |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
Example 1: listcert
pi-system/admin# ncs certvalidation tofu-certs listcerts
Host certificate are automatically added to this list on first connection, if
trust-on-first-use is configured - ncs certvalidation certificate-check ...
host=10.197.71.121_8082; subject= /C=US/ST=CA/L=SJ/O=Cisco Systems/OU=Prime Infra/CN=pi-system-121
pi-system/admin#
Example 2: deletecerts
pi-system/admin# ncs certvalidation tofu-certs deletecert host 10.197.71.121_8082
Deleted entry for 10.197.71.121_8082
pi-system/admin#
ncs certvalidation trusted-ca-store
To configure a trusted CA certificate store, use ncs certvalidation trusted-ca-store command in EXEC mode.
ncs certvalidation trusted-ca-store { auto-ca-update { enable | disable truststore truststore_name } | deletecacert alias { alias_name truststore truststore_name { devicemgmt | pubnet | system | user } } | importcacert alias alias_name repository repository_name truststore truststore_name | listcacerts truststore trustsore_name }
Syntax Description
auto-ca-update |
Auto update list of trusted CA certs during software update |
deletecacert |
Enable certificate validation |
importcacert |
Import a certificate to the trust store |
listcacerts |
List all trusted CA certificates |
truststore_name |
Name of the truststore |
devicemgmt |
Trust store used for validating cert from managed devices |
pubnet |
Trust store used for validating cert from public internet |
system |
Trust store used for validating cert from other peer systems |
user |
Trust store used for validating cert for user login |
Command Default
No default behavior or values.
Command Modes
Configuration
Examples
Example 1: auto-ca-upadate
pi-system/admin# ncs certvalidation trusted-ca-store auto-ca-update enable truststore system
pi-system/admin# ncs certvalidation trusted-ca-store auto-ca-update disable truststore system
pi-system/admin#
Example 2: deletecacert
pi-system/admin# ncs certvalidation trusted-ca-store deletecacert alias quovadisroot truststore system
Deleted CA certificate from trust store. Changes will take affect on the next server restart
pi-system/admin#
Example 3: importcacert
pi-system/admin# ncs certvalidation trusted-ca-store importcacert alias ALIAS repository defaultRepo prime.cer truststore system
Imported CA certificate to trust store. Changes will take affect on the next server restart
pi-system/admin#
Example 3: listcacert
pi-system/admin# ncs certvalidation trusted-ca-store listcacerts truststore pubnet
ciscoeccrootca, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 52:EC:7D:BB:5C:65:11:DD:C1:C5:46:DB:BC:29:49:B5:AB:E9:D0:EE
ciscorootcam2, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 93:3D:63:3A:4E:84:0D:A4:C2:8E:89:5D:90:0F:D3:11:88:86:F7:A3
ciscorootca2048, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): DE:99:0C:ED:99:E0:43:1F:60:ED:C3:93:7E:7C:D5:BF:0E:D9:E5:FA
ciscorootcam1, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 45:AD:6B:B4:99:01:1B:B4:E8:4E:84:31:6A:81:C2:7D:89:EE:5C:E7
quovadisrootca2, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
ciscorootca2099, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): AC:1E:DE:2E:1C:97:0F:ED:3E:E8:5F:8C:3A:CF:E2:BA:C0:4A:13:76
ciscolicensingrootca, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 5C:A9:5F:B6:E2:98:0E:C1:5A:FB:68:1B:BB:7E:62:B5:AD:3F:A8:B8
verisignclass3publicprimarycertificationauthorityg5, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
ciscorxcr2, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 2C:8A:FF:CE:96:64:30:BA:04:C0:4F:81:DD:4B:49:C7:1B:5B:81:A0
digicertglobalrootca, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
pi-system/admin#
ncs cleanup
To clean up the following data,below datafree up and reclaim the disk space, use the ncs cleanup command in EXEC mode.
-
Files under /opt/backup
-
*.m-n.logs, *.n.logs, *.log.n log files under /opt/CSCOlumos/logs
-
Regular files under /localdisk
-
.hprof file under opt/CSCOlumos/crash
-
Matlab*.log under /opt/tmp/
-
.trm and .trc files under /opt/oracle/base/diag/rdbms/*/*/trace
-
Older expired Archive logs and backup set under /opt/oracle/base/fast_recovery_area/WCS
ncs cleanup
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Do you want to delete all the files in the local disk partition? (Y/N)
Examples
pi-system-117/admin# ncs cleanup
Starting Cleanup: Wed Feb 28 01:50:44 IST 2019
===================================================
{Wed Aug 12 01:50:47 IST 2019} Removing all files in backup staging directory
{Wed Aug 12 01:50:47 IST 2019} Removing all Matlab core related files
{Wed Aug 12 01:50:47 IST 2019} Removing all older log files
{Wed Aug 12 01:50:47 IST 2019} Cleaning older archive logs
{Wed Aug 12 01:51:03 IST 2019} Cleaning database backup and all archive logs
{Wed Aug 12 01:51:03 IST 2019} Cleaning older database trace files
{Wed Aug 12 01:51:03 IST 2019} Removing all user local disk files
{Wed Aug 12 01:51:03 IST 2019} Cleaning database
{Wed Aug 12 01:51:05 IST 2019} Stopping server
{Wed Aug 12 01:52:05 IST 2019} Not all server processes stop. Attempting to stop \ remaining
{Wed Aug 12 01:52:05 IST 2019} Stopping database
{Wed Aug 12 01:52:07 IST 2019} Starting database
{Wed Aug 12 01:52:20 IST 2019} Starting database clean
{Wed Aug 12 01:58:50 IST 2019} Completed database clean
{Wed Aug 12 01:58:50 IST 2019} Stopping database
{Wed Aug 12 01:59:14 IST 2019} Starting server
===================================================
Completed Cleanup
Start Time: Mon Aug 28 01:50:44 IST 2019
Completed Time: Mon Aug 28 02:07:07 IST 2019
pi-system-117/admin#
nslookup
To look up the hostname of a remote system on the Prime Infrastructure server, use the nslookup command in EXEC mode.
nslookup word
Syntax Description
word |
IPv4 address or hostname of a remote system. Up to 63 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# nslookup 209.165.200.225
Trying "209.165.200.225.in-addr.arpa"
Received 127 bytes from 172.16.168.183#53 in 1 ms
Trying "209.165.200.225.in-addr.arpa"
Host 209.165.200.225.in-addr.arpa. not found: 3(NXDOMAIN)
Received 127 bytes from 172.16.168.183#53 in 1 ms
ncs/admin#
ncs/admin# nslookup 209.165.200.225
Trying "225.200.165.209.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65283
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;225.200.165.209.in-addr.arpa. IN PTR
;; ANSWER SECTION:
225.200.165.209.in-addr.arpa. 86400 IN PTR 209-165-200-225.got.net.
;; AUTHORITY SECTION:
192.168.209.in-addr.arpa. 86400 IN NS ns1.got.net.
192.168.209.in-addr.arpa. 86400 IN NS ns2.got.net.
Received 119 bytes from 172.16.168.183#53 in 28 ms
ncs/admin#
ocsp
Online Certificate Status Protocol (OCSP) enables certificate-based authentication for web clients using OCSP responders. Typically, the OCSP responder’s URL is read from the certificate’s Authority Information Access (AIA). As a failover mechanism, you can configure the same URL on the Prime Infrastructure server as well. You can enable or disable a custom OCSP responder, and set or remove OCSP responder URLs, using ocsp responder command in EXEC mode.
ocsp responder { remove | set | show }
Syntax Description
clear |
Clear OCSP responder URL |
custom |
Enable or disable custom OCSP responder |
set |
Set OCSP responder URL. |
Command Default
No default behaviour.
Command Modes
EXEC
Examples
ncs/admin# ocsp responder
ncs/admin# ocsp responder custom enable
ncs/admin# ocsp responder set url1 <WORD>
<WORD> Enter ocsp url (Max Size - 1024)
ncs/admin# ocsp responder clear url1
ping
To diagnose the basic IPv4 network connectivity to a remote system, use the ping command in EXEC mode.
ping {ip-address | hostname} [Dfdf][packetsizepacketsize][pingcountpingcount]
Syntax Description
ip-address |
IP address of the system to ping. Up to 32 alphanumeric characters. |
hostname |
Hostname of the system to ping. Up to 32 alphanumeric characters. |
df |
Specification for packet fragmentation. |
df |
Specifies the value as 1 to prohibit packet fragmentation, or 2 to fragment the packets locally, or 3 to not set df. |
packetsize |
Size of the ping packet. |
packetsize |
Specifies the size of the ping packet; the value can be between 0 and 65507. |
pingcount |
Number of ping echo requests. |
pingcount |
Specifies the number of ping echo requests; the value can be between 1 and 10. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The ping command sends an echo request packet to an address, then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over the path, and whether you can reach a host.
Examples
ncs/admin# ping 172.16.0.1 df 2 packetsize 10 pingcount 2
PING 172.16.0.1 (172.16.0.1) 10(38) bytes of data.
18 bytes from 172.16.0.1: icmp_seq=0 ttl=40 time=306 ms
18 bytes from 172.16.0.1: icmp_seq=1 ttl=40 time=300 ms
--- 172.16.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 300.302/303.557/306.812/3.255 ms, pipe 2
ncs/admin#
ping6
To diagnose the basic IPv6 network connectivity to a remote system, use the ping6 command in EXEC mode.
ping6 {ip-address | hostname} [GigabitEthernetpacketsizepacketsize][pingcountpingcount]
Syntax Description
ip-address |
IP address of the system to ping. Up to 64 alphanumeric characters. |
hostname |
Hostname of the system to ping. Up to 64 alphanumeric characters. |
GigabitEthernet |
Selects the ethernet interface. |
packetsize |
Size of the ping packet. |
packetsize |
Specifies the size of the ping packet; the value can be between 0 and 65507. |
pingcount |
Number of ping echo requests. |
pingcount |
Specifies the number of ping echo requests; the value can be between 1 and 10. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The IPv6 ping6 command sends an echo request packet to an address, then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over the path, and whether you can reach a host.
The IPv6 ping6 command is similar to the existing IPv4 ping command that does not support the IPv4 ping fragmentation (df in IPv4) options, but allows an optional specification of an interface. The interface option is primarily useful for pinning with link-local addresses that are interface-specific. The packetsize and pingcount options work identically the same as they do with the IPv4 command.
Examples
ncs/admin# ping6 3ffe:302:11:2:20c:29ff:feaf:da05
PING 3ffe:302:11:2:20c:29ff:feaf:da05(3ffe:302:11:2:20c:29ff:feaf:da05) from 3ffe:302:11:2:20c:29ff:feaf:da05 eth0: 56 data bytes
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=0 ttl=64 time=0.599 ms
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=1 ttl=64 time=0.150 ms
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=2 ttl=64 time=0.070 ms
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=3 ttl=64 time=0.065 ms
--- 3ffe:302:11:2:20c:29ff:feaf:da05 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3118ms
rtt min/avg/max/mdev = 0.065/0.221/0.599/0.220 ms, pipe 2
ncs/admin#
ncs/admin# ping6 3ffe:302:11:2:20c:29ff:feaf:da05 GigabitEthernet 0 packetsize 10 pingcount 2
PING 3ffe:302:11:2:20c:29ff:feaf:da05(3ffe:302:11:2:20c:29ff:feaf:da05) from 3ffe:302:11:2:20c:29ff:feaf:da05 eth0: 10 data bytes
18 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=0 ttl=64 time=0.073 ms
18 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=1 ttl=64 time=0.073 ms
--- 3ffe:302:11:2:20c:29ff:feaf:da05 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1040ms
rtt min/avg/max/mdev = 0.073/0.073/0.073/0.000 ms, pipe 2
ncs/admin#
reload
To reload the Prime Infrastructure operating system, use the reload command in EXEC mode.
reload
Syntax Description
This command has no arguments or keywords.
Command Default
The command has no default behavior or values.
Command Modes
EXEC
Usage Guidelines
The reload command reboots the system. Use the reload command after you enter configuration information into a file and save the running-configuration to the persistent startup-configuration on the CLI and save any settings in the web Administration user interface session.
Before you enter the reload command, ensure that the Prime Infrastructure is not performing any backup, restore, installation, upgrade, or remove operation. If the Prime Infrastructure performs any of these operations and you enter the reload command, you will notice any of the following warning messages:
WARNING: A backup or restore is currently in progress! Continue with reload?
WARNING: An install/upgrade/remove is currently in progress! Continue with reload?
If you get any of these warnings, enter YES to halt the operation, or enter NO to cancel the halt.
If no processes are running when you use the reload command or you enter YES in response to the warning message displayed, the Prime Infrastructure asks you to respond to the following option:
Do you want to save the current configuration ?
Enter YES to save the existing Prime Infrastructure configuration. The Prime Infrastructure displays the following message:
Saved the running configuration to startup successfully
Examples
ncs/admin# reload
Do you want to save the current configuration ? (yes/no) [yes] ? yes
Generating configuration...
Saved the running configuration to startup successfully
Continue with reboot? [y/n] y
Broadcast message from root (pts/0) (Fri Aug 7 13:26:46 2010):
The system is going down for reboot NOW!
ncs/admin#
restore
To perform a restore of a previous backup, use the restore command in EXEC mode.
Application Backup Restore:
Use the following command to restore data related only to Prime Infrastructure application:
restore filename repository repository-name application application-name
Application Backup Restore
Use the following command to restore data related to the Prime Infrastructure application and Cisco ADE OS:
restore filename repository repository-name
Syntax Description
filename |
Name of the backed-up file that resides in the repository. Up to 120 alphanumeric characters.
|
||
repository |
The repository keyword. |
||
repository-name |
Name of the repository you want to restore from backup. |
||
application |
The application keyword. |
||
application-name |
The name of the application data to be restored. Up to 255 alphanumeric characters.
|
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
A restore operation restores data related to the Prime Infrastructure as well as the Cisco ADE OS. To perform a restore of a previous backup of the application data of the Prime Infrastructure only, add the application command to the restore command in EXEC mode.
When you use these two commands in the Prime Infrastructure, the Prime Infrastructure server restarts automatically.
Examples
pi-system-120/admin# restore pi-system-173-190908-0334__VER3.7.0.0.159_BKSZ26G_CPU4_MEM3G_RAM11G_SWAP15G_APP_CK218281319.tar.gpg repository defaultRepo application NCS
* NOTE *
If the system console is disconnected or got cleared on session timeout
run 'show restore log' to see the output of the last restore session.
Restore will restart the application services. Continue? (yes/no) [yes] ?
DO NOT press ^C while the restoration is in progress
Aborting restore with a ^C may leave the system in a unrecoverable state
Enter the backup password, if your backup is password protected. Otherwise, press Enter to continue the data restoration.
Password :
Initiating restore. Please wait...
Restore Started at 08/09/19 22:59:05
Stage 1 of 9: Transferring backup file ...
-- completed at 08/09/19 22:59:15
Stage 2 of 9: Decrypting backup file ...
-- completed at 08/09/19 23:02:24
Stage 3 of 9: Unpacking backup file ...
-- completed at 08/09/19 23:02:25
Stopping PI server ...
Stage 4 of 9: Decompressing backup ...
-- completed at 08/09/19 23:18:58
Stage 5 of 9: Restoring Support Files ...
-- completed at 08/09/19 23:19:07
Stage 6 of 9: Restoring Database Files ...
-- completed at 08/09/19 23:19:43
Stage 7 of 9: Recovering Database ...
-- completed at 08/09/19 23:28:42
Stage 8 of 9: Updating Database Schema ...
This could take long time based on the existing data size.
Stage 1 of 5: Pre Migration Schema Upgrade ...
-- completed at: 2019-08-09 23:32:46.091, Time Taken : 0 hr, 4 min, 1 sec
Stage 2 of 5: Schema Upgrade ...
-- completed at: 2019-08-09 23:53:56.668, Time Taken : 0 hr, 21 min, 9 sec
Stage 3 of 5: Post Migration Schema Upgrade ...
-- completed at: 2019-08-09 23:54:17.489, Time Taken : 0 hr, 0 min, 19 sec
Stage 4 of 5: Enabling DB Constraints ...
-- completed at: 2019-08-09 23:54:53.179, Time Taken : 0 hr, 0 min, 34 sec
Stage 5 of 5: Finishing Up ...
-- completed at: 2019-08-09 23:55:12.431, Time Taken : 0 hr, 0 min, 18 sec
-- completed at 08/09/19 23:55:43
Stage 9 of 9: Re-enabling Database Settings ...
-- completed at 08/10/19 00:24:32
Total Restore duration is: 01h:25m:27s
INFO: Restore completed successfully.
Starting Prime Infrastructure...
This may take a while (10 minutes or more) ...
Prime Infrastructure started successfully.
Redirecting to /bin/systemctl restart rsyslog.service
Completed in 1207 seconds
rmdir
To remove an existing directory, use the rmdir command in EXEC mode.
rmdir word
Syntax Description
word |
Directory name. Up to 80 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# mkdir disk:/test
ncs/admin# dir
Directory of disk:/
4096 May 06 2010 13:34:49 activemq-data/
4096 May 06 2010 13:40:59 logs/
16384 Mar 01 2010 16:07:27 lost+found/
4096 May 06 2010 13:42:53 target/
4096 May 07 2010 12:26:04 test/
Usage for disk: filesystem
181067776 bytes total used
19084521472 bytes free
20314165248 bytes available
ncs/admin#
ncs/admin# rmdir disk:/test
ncs/admin# dir
Directory of disk:/
4096 May 06 2010 13:34:49 activemq-data/
4096 May 06 2010 13:40:59 logs/
16384 Mar 01 2010 16:07:27 lost+found/
4096 May 06 2010 13:42:53 target/
Usage for disk: filesystem
181063680 bytes total used
19084525568 bytes free
20314165248 bytes available
ncs/admin#
rsakey
To display a configured RSA key or to set a new RSA public key for user authentication, use rsakey command in EXEC mode. You can also use it to remove a configured RSA key.
rsakey { remove | set | show }
Syntax Description
remove |
Remove RSA public key for user authentication. |
set |
Set RSA public key for user authentication. |
show |
Show RSA public key for user authentication. |
Command Default
No default behaviour.
Command Modes
EXEC
Examples
ncs/admin# rsakey
ncs/admin# rsakey show
No RSA key configured for user 'admin'
ncs/admin# rsakey remove
No RSA key configured for user 'admin
ncs/admin# rsakey set <WORD>
<WORD> Filename of RSA public key (Max Size - 256)
show
To show the running system information, use the show command in EXEC mode. The show commands are used to display the Prime Infrastructure settings and are among the most useful commands.
The commands in Table A-6 require the show command to be followed by a keyword; for example, show application status . Some show commands require an argument or variable after the keyword to function; for example, show application version .
For detailed information on all of the Prime Infrastructure show commands, see show Commands, page A-61.
show keyword
Syntax Description
Command(1) |
Description |
---|---|
application (requires keyword)(2) |
Displays information about the installed application; for example, status or version. |
backup (requires keyword) |
Displays information about the backup. |
cdp (requires keyword) |
Displays information about the enabled Cisco Discovery Protocol interfaces. |
clock |
Displays the day, date, time, time zone, and year of the system clock. |
cpu |
Displays CPU information. |
disks |
Displays file-system information of the disks. |
interface |
Displays statistics for all of the interfaces configured on the Cisco ADE OS. |
logging (requires keyword) |
Displays system logging information. |
logins (requires keyword) |
Displays login history. |
memory |
Displays memory usage by all running processes. |
ntp |
Displays the status of the Network Time Protocol (NTP). |
ports |
Displays all of the processes listening on the active ports. |
process |
Displays information about the active processes of the Prime Infrastructure server. |
repository (requires keyword) |
Displays the file contents of a specific repository. |
restore (requires keyword) |
Displays restore history on the Prime Infrastructure server. |
running-config |
Displays the contents of the currently running configuration file on the Prime Infrastructure server. |
startup-config |
Displays the contents of the startup configuration on the Prime Infrastructure server. |
tech-support |
Displays system and configuration information that you can provide to the TAC when you report a problem. |
terminal |
Displays information about the terminal configuration parameter settings for the current terminal line. |
timezone |
Displays the time zone of the Prime Infrastructure server. |
timezones |
Displays all of the time zones available for use on the Prime Infrastructure server. |
udi |
Displays information about the unique device identifier (UDI) of the Prime Infrastructure. |
uptime |
Displays how long the system you are logged in to has been up and running. |
users |
Displays information for currently logged in users. |
version |
Displays information about the installed application version. |
12 |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
All show commands require at least one keyword to function.
Examples
pi-system-117/admin# show application
name Description
NCS Cisco Prime Infrastructure
pi-system-117/admin#
Examples
pi-system-226/admin# show version
Cisco Application Deployment Engine OS Release: 4.1
ADE-OS Build Version: 4.1.0.001
ADE-OS System Architecture: x86_64
Copyright (c) 2009-2020 by Cisco Systems, Inc.
All rights reserved.
Hostname: pi-system-226
Version information of installed applications
---------------------------------------------
Cisco Prime Infrastructure
********************************************************
Version : 3.8.0 [FIPS not Enabled]
Build : 3.8.0.0.310
pi-system-226/admin#
ssh
To start an encrypted session with a remote system, use the ssh command in EXEC mode.
Note |
An Admin or Operator (user) can use this command (see Table 1-1). |
ssh [ip-address | hostname] usernameport[number]version[1|2] delete hostkeyword
Syntax Description
ip-address |
IP address of the remote system. Up to 64 alphanumeric characters. |
hostname |
Hostname of the remote system. Up to 64 alphanumeric characters. |
username |
Username of the user logging in through SSH. |
port [number] |
(Optional) Indicates the port number of the remote host. From 0 to 65,535. Default 22. |
version [1 | 2] |
(Optional) Indicates the version number. Default 2. |
delete hostkey |
Deletes the SSH fingerprint of a specific host. |
word |
IPv4 address or hostname of a remote system. Up to 64 alphanumeric characters. |
Command Default
Disabled.
Command Modes
EXEC (Admin or Operator).
Usage Guidelines
The ssh command enables a system to make a secure, encrypted connection to another remote system or server. This connection provides functionality similar to that of an outbound Telnet connection except that the connection is encrypted. With authentication and encryption, the SSH client allows for secure communication over an insecure network.
Examples
ncs/admin# ssh ncs1 admin
admin@ncs1's password:
Last login: Wed Jul 11 05:53:20 2008 from ncs.cisco.com
ncs1/admin#
ncs/admin# ssh delete host ncs
ncs/admin#
tech dumptcp
To dump a Transmission Control Protocol (TCP) package to the console, use the tech dumptcp command in EXEC mode.
tech dumptcp gigabit-ethernet
Syntax Description
gigabit-ethernet |
Gigabit Ethernet interface number 0 to 1. |
Command Default
Disabled.
Command Modes
EXEC
Examples
ncs/admin# tech dumptcp 0
140816:141088(272) ack 1921 win 14144
08:26:12.034630 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141088:141248(160) ack 1921 win 14144
08:26:12.034635 IP dhcp-64-102-82-153.cisco.com.2221 > NCS.cisco.com.ssh: . ack 139632 win 64656
08:26:12.034677 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141248:141520(272) ack 1921 win 14144
08:26:12.034713 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141520:141680(160) ack 1921 win 14144
08:26:12.034754 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141680:141952(272) ack 1921 win 14144
08:26:12.034756 IP dhcp-64-102-82-153.cisco.com.2221 > NCS.cisco.com.ssh: . ack 140064 win 65520
08:26:12.034796 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141952:142112(160) ack 1921 win 14144
1000 packets captured
1000 packets received by filter
0 packets dropped by kernel
ncs/admin#
telnet
To log in to a host that supports Telnet, use the telnet command in operator (user) or EXEC mode.
telnet [ip-address | hostname] port number
Syntax Description
ip-address |
IP address of the remote system. Up to 64 alphanumeric characters. |
hostname |
Hostname of the remote system. Up to 64 alphanumeric characters. |
port number |
(Optional) Indicates the port number of the remote host. From 0 to 65,535. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# telnet 172.16.0.11 port 23
ncs.cisco.com login: admin
password:
Last login: Mon Jul 2 08:45:24 on ttyS0
ncs/admin#
terminal length
To set the number of lines on the current terminal screen for the current session, use the terminal length command in EXEC mode.
terminal length integer
Syntax Description
integer |
Number of lines on the screen. Contains between 0 to 511 lines, inclusive. A value of zero (0) disables pausing between screens of output. |
Command Default
24 lines.
Command Modes
EXEC
Usage Guidelines
The system uses the length value to determine when to pause during multiple-screen output.
Examples
ncs/admin# terminal length 0
ncs/admin#
terminal session-timeout
To set the inactivity timeout for all sessions, use the terminal session-timeout command in EXEC mode.
terminal session-timeout minutes
Syntax Description
minutes |
Sets the number of minutes for the inactivity timeout. From 0 to 525,600. Zero (0) disables the timeout. |
Command Default
30 minutes.
Command Modes
EXEC
Usage Guidelines
Setting the terminal session-timeout command to zero (0) results in no timeout being set.
Examples
ncs/admin# terminal session-timeout 40
ncs/admin#
terminal session-welcome
To set a welcome message on the system for all users who log in to the system, use the terminal session-welcome command in EXEC mode.
terminal session-welcome string
Syntax Description
string |
Welcome message. Up to 2,023 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Specify a message using up to 2048 characters.
Examples
ncs/admin# terminal session-welcome Welcome
ncs/admin#
terminal terminal-type
To specify the type of terminal connected to the current line for the current session, use the terminal terminal-type command in EXEC mode.
terminal terminal-type type
Syntax Description
type |
Defines the terminal name and type, and permits terminal negotiation by hosts that provide that type of service. Up to 80 alphanumeric characters. |
Command Default
VT100.
Command Modes
EXEC
Usage Guidelines
Indicate the terminal type if it is different from the default of VT100.
Examples
ncs/admin# terminal terminal-type vt220
ncs/admin#
traceroute
To discover the routes that packets take when traveling to their destination address, use the traceroute command in EXEC mode.
traceroute [ip-address | hostname]
Syntax Description
ip-address |
IP address of the remote system. Up to 32 alphanumeric characters. |
hostname |
Hostname of the remote system. Up to 32 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# traceroute 172.16.0.11
traceroute to 172.16.0.11 (172.16.0.11), 30 hops max, 38 byte packets
1 172.16.0.11 0.067 ms 0.036 ms 0.032 ms
ncs/admin#
undebug
To disable debugging functions, use the undebug command in EXEC mode.
undebug {all | application | backup-restore | cdp | config | copy | icmp | locks | logging | snmp | system | transfer | user | utils}
Syntax Description
all |
Disables all debugging. |
application |
Application files.
|
backup-restore |
Backs up and restores files.
|
cdp |
Cisco Discovery Protocol configuration files.
|
config |
Configuration files.
|
copy |
Copy commands. |
icmp |
ICMP echo response configuration. all—Disable all debug output for ICMP echo response configuration. Set level between 0 and 7, with 0 being severe and 7 being all. |
locks |
Resource locking.
|
logging |
Logging configuration files. all—Disables all debug output for logging configuration. |
snmp |
SNMP configuration files. all—Disables all debug output for SNMP configuration. |
system |
System files.
|
transfer |
File transfer. |
user |
User management.
|
utils |
Utilities configuration files. all—Disables all utilities configuration debug output. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# undebug all
ncs/admin#
write
To copy, display, or erase Prime Infrastructure server configurations, use the write command with the appropriate argument in EXEC mode.
write {erase | memory | terminal}
Syntax Description
erase |
Erases the startup configuration. This command is disabled by default. |
memory |
Copies the running configuration to the startup configuration. |
terminal |
Copies the running configuration to console. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
The following is an example of the write command with the erase keyword:
Note |
write erase command functionality is disabled from Cisco Prime Infrastructure Release 2.0 and later. If you try to write erase, then the following warning message is displayed. |
pi-system/admin# write erase
% Warning: 'write erase' functionality has been disabled by application: NCS
pi-system/admin#