EXEC Commands
This section lists each EXEC command and each command page includes a brief description of its use, command syntax, any command defaults, command modes, usage guidelines, and an example of the command and any related commands.
application install
To install an application bundle file, use the application install command in EXEC mode. There is no No form of this command.
application install bundle-name remote-repository
Syntax Description
|
bundle-name |
Name of the application bundle file. Up to 255 alphanumeric characters. |
| remote-repository |
Name of the configured remote repository. Up to 255 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
application remove
To uninstall an application, use the application remove command in EXEC mode. There is no No form of this command.
application remove bundle-name remote-repository
Syntax Description
|
bundle-name |
Name of the application bundle file to be removed. Up to 255 alphanumeric characters. |
| remote-repository |
Name of the configured remote repository. Up to 255 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Uninstalls an application.
Examples
epnm-ha-imeir-prim/admin# application remove NCS
Continue with application removal? [y/n]
application reset-config
To reset an application configuration to factory defaults, use the reset-config command in EXEC mode. There is no No form of this command.
application reset-config application-name
Syntax Description
|
application-name |
Name of the application that you want to reset. Up to 255 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
application start
To start the application process, use the application start command in EXEC mode. There is no NO form of this command.
application start application-name
Syntax Description
|
application-name |
Name of the predefined application that you want to enable (maximum 255 alphanumeric characters). |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Enables an application.
You cannot use this command to start the Cisco EPNM application. If you use this command to start the application, you can see that the Cisco EPNM is already running.
Examples
epnm-system-168/admin# application start NCS
Starting EPNM...
This may take a while (10 minutes or more) ...
EPNM started successfully.
Redirecting to /bin/systemctl restart rsyslog.service
Completed in 1029 seconds
application stop
To stop the process, use the application stop command in EXEC mode. There is no No form of this command.
application stop application-name
Syntax Description
|
application-name |
Name of the predefined application that you want to disable. Up to 255 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Disables an application.
Examples
EPNM-system-117/admin# application stop NCS
EPNM-system/admin# application stop NCS
Stopping EPNM...
This may take a few minutes...
EPNM successfully shutdown.
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Completed shutdown of all servicesapplication upgrade
To upgrade an application bundle, use the application upgrade command in EXEC mode. There is no No form of this command.
application upgrade bundle-name remote-repository
Syntax Description
|
bundle-name |
Name of the application bundle file. Up to 255 alphanumeric characters. |
| remote-repository |
Name of the configured remote repository. Up to 255 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
backup
Appliance Backup: To perform a backup (including the Cisco EPNM and Cisco ADE OS data) and place the backup in a repository, use the backup command in EXEC mode.
Application Backup: To perform a backup of only the Cisco EPNM application data without the Cisco ADE OS data, use the application keyword command.
Command for Appliance Backup:
backup backup-name repository repository-name
Command for Application Backup
backup backup-name repository repository-name application application-name
Syntax Description
|
backup-name |
Name of the backup file. Up to 26 alphanumeric characters is recommended. |
||
|
repository-name |
Name of the location where the files should be backed up to. Up to 80 alphanumeric characters. |
||
|
application-name |
Application name. Up to 255 alphanumeric characters.
|
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Performs a backup of the Cisco EPNM and Cisco ADE OS data and places the backup in a repository.
To perform a backup of only the Cisco EPNM application data without the Cisco ADE OS data, use the application command.
Examples
epnm-system/admin# backup Appliancebkp repository test
DO NOT press ^C while the backup is in progress
Aborting backup with a ^C may terminate the backup operation or the backup file may be corrupted
To restore this backup you will have to enter this password
Password :
Password Again :
Backup Started at : 11/27/18 19:08:57
Stage 1 of 7: Database backup ...
Database size: 7.1G
-- completed at 11/27/18 19:10:20
Stage 2 of 7: Database copy ...
-- completed at 11/27/18 19:10:20
Stage 3 of 7: Backing up support files ...
-- completed at 11/27/18 19:10:24
Stage 4 of 7: Compressing Backup ...
-- completed at 11/27/18 19:10:46
Stage 5 of 7: Building backup file ...
-- completed at 11/27/18 19:11:03
Stage 6 of 7: Encrypting backup file ...
-- completed at 11/27/18 19:11:09
Stage 7 of 7: Transferring backup file ...
-- completed at 11/27/18 19:11:11
% Backup file created is: Appliancebkp-201203-1035__VER3.10.0.0.164_BKSZ11G_CPU4_MEM3G_RAM11G_SWAP15G_SYS_CK1242187374.tar.gpg
Total Backup duration is: 0h:2m:18s
epnm-system/admin#
************************************************************************************************************************Examples
epnm-system/admin# backup Applicationbkp repository test application NCS
DO NOT press ^C while the backup is in progress
Aborting backup with a ^C may terminate the backup operation or the backup file may be corrupted
To restore this backup you will have to enter this password
Password :
Password Again :
Backup Started at : 11/27/18 19:13:33
Stage 1 of 7: Database backup ...
Database size: 7.1G
-- completed at 11/27/18 19:14:17
Stage 2 of 7: Database copy ...
-- completed at 11/27/18 19:14:17
Stage 3 of 7: Backing up support files ...
-- completed at 11/27/18 19:14:19
Stage 4 of 7: Compressing Backup ...
-- completed at 11/27/18 19:14:34
Stage 5 of 7: Building backup file ...
-- completed at 11/27/18 19:14:50
Stage 6 of 7: Encrypting backup file ...
-- completed at 11/27/18 19:14:55
Stage 7 of 7: Transferring backup file ...
-- completed at 11/27/18 19:14:56
% Backup file created is: Applicationbkp-201203-1035__VER3.10.0.0.164_BKSZ11G_CPU4_MEM3G_RAM11G_SWAP15G_APP_CK1242187374.tar.gpg
Total Backup duration is: 0h:1m:26s
epnm-system/admin#
***************************************************************************************************************************************backup-logs
To back up system logs, use the backup-logs command in EXEC mode. There is no no form of this command.
backup-logs backup-name repository repository-name
Syntax Description
|
backup-name |
Name of one or more files to back up. Up to 100 alphanumeric characters. |
|
repository-name |
Location where files should be backed up to. Up to 80 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Backs up system logs.
Examples
EPNM-admin/admin# backup-logs log-backup repository defaultRepo
% Creating log backup with timestamped filename: log-backup-150621-1618.tar.gz
Transferring file ...
-- complete.
EPNM-system/admin#
banner
To set up messages while logging (pre-login) in to CLI, use the banner install pre-login command.
banner install pre-login banner-text-filename repository Repository-name
Syntax Description
|
banner-text-filename |
Banner text file name. |
|
repository-name |
Repository name. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
admin# banner install pre-login test.txt repository defaultRepo
change-password
To change the password you use to log in to CLI interface, use the change-password command.
change-password password
Syntax Description
|
password |
New password |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system/admin# change-password
Changing password for user admin.
Changing password for admin.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
clock
To set the system clock, use the clock command in EXEC mode. You cannot remove this function but reset the clock.
clock set [mmm dd hh:mm:ss yyyy]
Syntax Description
|
mmm |
Current month of the year by name. Up to three alphabetic characters. For example, Jan for January. |
|
dd |
Current day (by date) of the month. Value = 0 to 31. Up to two numbers. |
|
hh:mm:ss |
Current time in hours (24-hour format), minutes, and seconds. |
|
yyyy |
Current year (no abbreviation). |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Sets the system clock. You must restart the Cisco EPNM server after you reset the clock for the change to take effect.
Examples
epnm-system-208/admin# clock set dec 4 12:00:00 2020
epnm-system-208/admin# show clock
Fri Dec 4 12:00:10 IST 2020
epnm-system-208/admin#configure
To enter configuration mode, use the configure command in EXEC mode. If the replace option is used with this command, copies a remote configuration to the system which overwrites the existing configuration.
configure terminal
Syntax Description
|
terminal |
Executes configuration commands from the terminal. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use this command to enter configuration mode. Note that commands in this mode write to the running configuration file when you enter them (press Enter ).
To exit configuration mode and return to EXEC mode, enter end , exit , or press Ctrl-z .
To view the changes that you have made to the configuration, use the show running-config command in EXEC mode.
Examples
ncs/admin# configure
Enter configuration commands, one per line. End with CNTL/Z.
ncs/admin(config)#
ncs/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ncs/admin(config)#
copy
To copy any file from a source to a destination, use the copy command in EXEC mode.
Syntax Description
|
running-config |
Represents the current running configuration file. |
|
startup-config |
Represents the configuration file used during initialization (startup). |
|
protocol |
See Table 1 for protocol keyword options. |
|
hostname |
Hostname of destination. |
|
location |
Location of disk:/<dirpath>. |
|
logs |
The system log files. |
|
all |
Copies all the Cisco EPNM log files from the system to another location. All logs are packaged as ncslogs.tar.gz and transferred to the specified directory on the remote host. |
|
filename |
Allows you to copy a single Cisco EPNM log file and transfer it to the specified directory on the remote host, with its original name. |
|
log_filename |
Name of the Cisco EPNM log file, as displayed by the show logs command (up to 255 characters). |
|
mgmt |
Copies the Cisco EPNM management debug logs and Tomcat logs from the system, bundles them as mgmtlogs.tar.gz, and transfers them to the specified directory on the remote host. |
|
runtime |
Copies the Cisco EPNM runtime debug logs from the system, bundles them as runtimelogs.tar.gz, and transfers them to the specified directory on the remote host. |
Command Default
No default behavior or values.
Command Modes
EXEC
Running Configuration
The fundamental function of the copy command allows you to copy a file (such as a system image or configuration file) from one location to another location. The source and destination of the file specified uses the Cisco EPN Manager file system, through which you can specify any supported local or remote file location. The file system being used (a local memory source or a remote system) dictates the syntax that is used in the command.
You can enter on the command line all the necessary source and destination information and the username and password to use; or, you can enter the copy command and have the server prompt you for any missing information. You can enter up to a maximum of 2048 characters of source and destination URL information on the command line.
The copy command in the Cisco EPNM copies a configuration (running or startup).
The Cisco EPNM active configuration stores itself in the Cisco EPNM RAM. Every configuration command that you enter resides in the running configuration. If you reboot your Cisco EPNM server, you lose the running configuration. If you make changes that you want to save, you must copy the running configuration to a safe location, such as a network server, or save it as the Cisco EPNM server startup configuration.
You cannot edit a startup configuration directly. All commands that you enter store themselves in the running configuration, which you can copy into the startup configuration.
In other words, when you boot a Cisco EPNM server, the startup configuration becomes the initial running configuration. As you modify the configuration, the two diverge: the startup configuration remains the same; the running configuration reflects the changes that you have made. If you want to make your changes permanent, you must save the running configuration to the startup configuration using the write memory command. The write memory command makes the current running configuration permanent.
 Note |
If you do not save the running configuration, you will lose all your configuration changes during the next reboot of the Cisco EPNM server. You can also save a copy of the running and startup configurations using the following commands, to recover in case of loss of configuration: copy startup-config location copy running-config location |
Note |
The copy command is supported only for the local disk and not for a repository. |
 Tip |
Aliases reduce the amount of typing that you need to do. For example, type copy run start (the abbreviated form of the copy running-config startup-config command). |
The entire copying process might take several minutes and differs from protocol to protocol and from network to network.
Use the filename relative to the directory for file transfers.
A possible error is the standard FTP error message.
|
Keyword |
Destination |
||
|---|---|---|---|
|
ftp |
URL for FTP network server. The syntax for this alias: ftp:// location// directory |
||
|
sftp |
URL for an SFTP network server. The syntax for this alias: sftp://location/directory SFTP Repositories may require the // between the IP address/FQDN and the physical path on the SFTP store. If you find that you cannot access the SFTP repository with single slashes, add the additional slash and try the operation again. For example: url sftp://server//path
Depending on the SFTP software used with the remote server, you may need to enable "password authentication” instead of "keyboard-interactive mode”. Enabling “password authentication” is required; copy to remote SFTP servers will not work unless it is enabled. For example: With OpenSSH 6.6x, “keyboard-interactive mode” is the default. To enable “password authentication”, edit the OpenSSH sshd_config file to set the PasswordAuthentication parameter to “yes”, as follows: PasswordAuthentication yes. |
||
|
tftp |
URL for a TFTP network server. The syntax for this alias: tftp:// location/ directory |
Examples
ncs/admin# copy run start
Generating configuration...
ncs/admin#
ncs/admin# copy running-config startup-config
Generating configuration...
ncs/admin#
ncs/admin# copy start run
ncs/admin#
ncs/admin# copy startup-config running-config
ncs/admin#
ncs/admin# copy logs disk:/
Collecting logs...
ncs/admin#
This command is used to copy the certificate from tftp to pnp.
copy tftp://<EPNM Server IP Address>/server.key disk:/
copy tftp://<EPNM Server IP Address>/server.crt disk:/
copy tftp://<EPNM Server IP Address>/ncs_server_certificate.crt disk:/
debug
To display errors or events for command situations, use the debug command in EXEC mode.
debug{all | application | backup-restore | cdp | config | icmp | copy | locks | logging | snmp | system | transfer | user | utils}
Syntax Description
|
all |
Enables all debugging. |
|
application |
Application files.
|
|
backup-restore |
Backs up and restores files.
|
|
cdp |
Cisco Discovery Protocol configuration files.
|
|
config |
Configuration files.
|
|
copy |
Copy commands. Set level between 0 and 7, with 0 being severe and 7 being all. |
|
icmp |
Internet Control Message Protocol (ICMP) echo response configuration. all—Enable all debug output for ICMP echo response configuration. Set level between 0 and 7, with 0 being severe and 7 being all. |
|
locks |
Resource locking.
|
|
logging |
Logging configuration files. all—Enables all logging configuration debug output. Set level between 0 and 7, with 0 being severe and 7 being all. |
|
snmp |
SNMP configuration files. all—Enables all SNMP configuration debug output. Set level between 0 and 7, with 0 being severe and 7 being all. |
|
system |
System files.
|
|
transfer |
File transfer. Set level between 0 and 7, with 0 being severe and 7 being all. |
|
user |
User management.
|
|
utils |
Utilities configuration files. all—Enables all utilities configuration debug output. Set level between 0 and 7, with 0 being severe and 7 being all. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use the debug command to identify various failures within the Cisco EPNM server; for example, setup failures or configuration failures.
Examples
ncs/admin# debug all
ncs/admin# mkdir disk:/1
ncs/admin# 6 [15347]: utils: vsh_root_stubs.c[2742] [admin]: mkdir operation success
ncs/admin# rmdir disk:/1
6 [15351]: utils: vsh_root_stubs.c[2601] [admin]: Invoked Remove Directory disk:/1 command
6 [15351]: utils: vsh_root_stubs.c[2663] [admin]: Remove Directory operation success
ncs/admin#
ncs/admin# undebug all
ncs/admin#
delete
To delete a file from the server, use the delete command in EXEC mode. There is no no form of this command.
delete filename [disk:/path]
Syntax Description
|
filename |
Filename. |
|
disk:/path |
Location. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
If you attempt to delete the configuration file or image, the system prompts you to confirm the deletion. Also, if you attempt to delete the last valid system image, the system prompts you to confirm the deletion.
Examples
ncs/admin# delete disk:/hs_err_pid19962.log
ncs/admin#
dir
To list a file from the Cisco EPNM server, use the dir command in EXEC mode. To remove this function, use the no form of this command.
dir [word][recursive]
Syntax Description
|
word |
Directory name. Up to 80 alphanumeric characters. Requires disk:/ preceding the directory name. |
|
recursive |
Lists a local directory or filename recursively. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system-208/admin# dir
Directory of disk:/
20 Dec 02 2020 09:07:53 crash
4096 Dec 03 2020 10:48:22 defaultRepo/
4096 Dec 04 2020 12:27:33 ftp/
4096 Dec 03 2020 12:18:28 logs/
16384 Dec 01 2020 15:25:15 lost+found/
4096 Dec 02 2020 22:49:13 sftp/
4096 Dec 02 2020 09:06:12 ssh/
4096 Dec 02 2020 09:06:12 telnet/
4096 Dec 02 2020 09:46:31 tftp/
Usage for disk: filesystem
1031405568 bytes total used
42919706624 bytes free
46310408192 bytes available
epnm-system-208/admin#exit
To close an active terminal session by logging out of the Cisco EPNM server or to move up one mode level from configuration mode, use the exit command in EXEC mode.
exit
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use the exit command in EXEC mode to exit an active session (log out of the Cisco EPNM server) or to move up from configuration mode.
Examples
epnm-system/admin# exit
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(10.197.71.160:22) at 10:51:43.forceout
To force users out of an active terminal session by logging them out of the Cisco EPNM server, use the forceout command in EXEC mode.
forceout username
Syntax Description
|
username |
The name of the user. Up to 31 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# forceout user1
ncs/admin#
halt
To shut down and power off the system, use the halt command in EXEC mode.
halt
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Before you enter the halt command, ensure that the Cisco EPNM is not performing any backup, restore, installation, upgrade, or remove operation. If you enter the halt command while the Cisco EPNM is performing any of these operations, you get one of the following warning messages:
WARNING: A backup or restore is currently in progress! Continue with halt?
WARNING: An install/upgrade/remove is currently in progress! Continue with halt?
If you get any of these warnings, enter yes to halt the operation, or enter no to cancel the halt.
If no processes are running when you use the halt command or if you enter Yes in response to the warning message displayed, the Cisco EPNM asks you to respond to the following option:
Do you want to save the current configuration ?
Enter YES to save the existing Cisco EPNM configuration. The Cisco EPNM displays the following message:
Saved the running configuration to startup successfully
Examples
epnm-system/admin# halt
Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Continue with shutdown? [y/n] y
Broadcast message from root (pts/0) (Wed May 5 18:37:02 2010):
The system is going down for system halt NOW!
Server is shutting down...
mkdir
To create a new directory on the Cisco EPNM server, use the mkdir command in EXEC mode.
mkdir directory-name [disk:/path]
Syntax Description
|
directory-name |
The name of the directory to create. Up to 80 alphanumeric characters. |
|
disk:/path |
Use disk:/path with the directory name. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use disk :/path with the directory name; otherwise, an error appears that indicates that the disk :/path must be included.
Examples
ncs/admin# mkdir disk:/test
ncs/admin# dir
Directory of disk:/
4096 May 06 2010 13:34:49 activemq-data/
4096 May 06 2010 13:40:59 logs/
16384 Mar 01 2010 16:07:27 lost+found/
4096 May 06 2010 13:42:53 target/
4096 May 07 2010 12:26:04 test/
Usage for disk: filesystem
181067776 bytes total used
19084521472 bytes free
20314165248 bytes available
ncs/admin#
ncs certvalidation certificate-check
To enable or disable the certificate validation, use ncs certvalidation certificate-check command in EXEC mode.
ncs certvalidation certificate-check { disable | enable | trust-on-first-use } trustzone trustzone_name
Syntax Description
|
disable |
Disable certificate validation |
|
enable |
Enable certificate validation |
|
trust-on-first-use |
Trust and pin the host certificate on first use |
|
trustzone_name |
Name of the trustzone |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system/admin# ncs certvalidation certificate-check trust-on-first-use trustzone system
ncs certvalidation certificate-check enable trustzone systemncs certvalidation custom-ocsp-responder
To configure a custom OCSP responder, use ncs certvalidation custom-ocsp-responder command in EXEC mode.
ncs certvalidation custom-ocsp-responder { clear url | disable | enable | set url }
Syntax Description
|
clear |
Clear OCSP responder URL |
|
disable |
Disable custom OCSP responder |
|
enable |
Enable custom OCSP responder |
|
set |
Set OCSP responder URL |
Note |
You must restart the EPNM after using any of the above ncs certvalidation entries. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system/admin# ncs certvalidation custom-ocsp-responder enable
epnm-system/admin# ncs certvalidation custom-ocsp-responder set url1 http://10.104.119.201
epnm-system/admin# ncs certvalidation custom-ocsp-responder clear url1
epnm-system/admin# ncs certvalidation custom-ocsp-responder disablencs certvalidation revocation-check
To enable or disable revocation check using OCSP or CRL, use ncs certvalidation revocation-check command in EXEC mode.
ncs certvalidation revocation-check { disable | enable } trustzone { devicemgmt | pubnet | system | user }
Syntax Description
|
disable |
Disable certificate revocation |
|
enable |
Enable certificate revocation |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system/admin# ncs certvalidation revocation-check enable trustzone system
epnm-system/admin#ncs certvalidation tofu-certs
To view and delete the certificates trusted on the first use, use ncs certvalidation tofu-certs command in EXEC mode.
ncs certvalidation tofu-certs { listcerts | deletecert host host_name }
Syntax Description
|
deletecert |
Delete a trust-on-first-use cert for a host |
|
listcerts |
List certificates trusted on first use |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
Example 1: listcert
epnm-system/admin# ncs certvalidation tofu-certs listcerts
Host certificate are automatically added to this list on first connection, if
trust-on-first-use is configured - ncs certvalidation certificate-check ...
host=10.197.71.121_8082; subject= /C=US/ST=CA/L=SJ/O=Cisco Systems/OU=EPNM/CN=epnm-system-121
epnm-system/admin#Example 2: deletecerts
epnm-system/admin# ncs certvalidation tofu-certs deletecert host 10.197.71.121_8082
Deleted entry for 10.197.71.121_8082
epnm-system/admin#ncs certvalidation trusted-ca-store
To configure a trusted CA certificate store, use ncs certvalidation trusted-ca-store command in EXEC mode.
ncs certvalidation trusted-ca-store { auto-ca-update { enable | disable truststore truststore_name } | deletecacert alias { alias_name truststore truststore_name { devicemgmt | pubnet | system | user } } | importcacert alias alias_name repository repository_name truststore truststore_name | listcacerts truststore trustsore_name }
Syntax Description
|
auto-ca-update |
Auto update list of trusted CA certs during software update |
|
deletecacert |
Enable certificate validation |
|
importcacert |
Import a certificate to the trust store |
|
listcacerts |
List all trusted CA certificates |
|
truststore_name |
Name of the truststore |
|
devicemgmt |
Trust store used for validating cert from managed devices |
|
pubnet |
Trust store used for validating cert from public internet |
|
system |
Trust store used for validating cert from other peer systems |
|
user |
Trust store used for validating cert for user login |
Command Default
No default behavior or values.
Command Modes
Configuration
Examples
Example 1: auto-ca-upadate
epnm-system/admin# ncs certvalidation trusted-ca-store auto-ca-update enable truststore system
epnm-system/admin# ncs certvalidation trusted-ca-store auto-ca-update disable truststore system
epnm-system/admin# Example 2: deletecacert
epnm-system/admin# ncs certvalidation trusted-ca-store deletecacert alias quovadisroot truststore system
Deleted CA certificate from trust store. Changes will take affect on the next server restart
epnm-system/admin#Example 3: importcacert
epnm-system/admin# ncs certvalidation trusted-ca-store importcacert alias ALIAS repository defaultRepo epnm.cer truststore system
Imported CA certificate to trust store. Changes will take affect on the next server restart
epnm-system/admin#Example 3: listcacert
epnm-system/admin# ncs certvalidation trusted-ca-store listcacerts truststore pubnet
ciscoeccrootca, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 52:EC:7D:BB:5C:65:11:DD:C1:C5:46:DB:BC:29:49:B5:AB:E9:D0:EE
ciscorootcam2, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 93:3D:63:3A:4E:84:0D:A4:C2:8E:89:5D:90:0F:D3:11:88:86:F7:A3
ciscorootca2048, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): DE:99:0C:ED:99:E0:43:1F:60:ED:C3:93:7E:7C:D5:BF:0E:D9:E5:FA
ciscorootcam1, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 45:AD:6B:B4:99:01:1B:B4:E8:4E:84:31:6A:81:C2:7D:89:EE:5C:E7
quovadisrootca2, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
ciscorootca2099, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): AC:1E:DE:2E:1C:97:0F:ED:3E:E8:5F:8C:3A:CF:E2:BA:C0:4A:13:76
ciscolicensingrootca, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 5C:A9:5F:B6:E2:98:0E:C1:5A:FB:68:1B:BB:7E:62:B5:AD:3F:A8:B8
verisignclass3publicprimarycertificationauthorityg5, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
ciscorxcr2, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 2C:8A:FF:CE:96:64:30:BA:04:C0:4F:81:DD:4B:49:C7:1B:5B:81:A0
digicertglobalrootca, Nov 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
epnm-system/admin#ncs cleanup
To clean up the data that are listed below and reclaim the disk space, use the ncs cleanup command in EXEC mode.
-
Files under /opt/backup
-
*.m-n.logs, *.n.logs, *.log.n log files under /opt/CSCOlumos/logs
-
Regular files under /localdisk
-
.hprof file under opt/CSCOlumos/crash
-
Matlab*.log under /opt/tmp/
-
.trm and .trc files under /opt/oracle/base/diag/rdbms/*/*/trace
-
Older expired Archive logs and backup set under /opt/oracle/base/fast_recovery_area/WCS
ncs cleanup
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Do you want to delete all the files in the local disk partition? (Y/N)
Examples
epnm-system-117/admin# ncs cleanup
Starting Cleanup: Wed Feb 28 01:50:44 IST 2019
===================================================
{Wed Aug 12 01:50:47 IST 2019} Removing all files in backup staging directory
{Wed Aug 12 01:50:47 IST 2019} Removing all Matlab core related files
{Wed Aug 12 01:50:47 IST 2019} Removing all older log files
{Wed Aug 12 01:50:47 IST 2019} Cleaning older archive logs
{Wed Aug 12 01:51:03 IST 2019} Cleaning database backup and all archive logs
{Wed Aug 12 01:51:03 IST 2019} Cleaning older database trace files
{Wed Aug 12 01:51:03 IST 2019} Removing all user local disk files
{Wed Aug 12 01:51:03 IST 2019} Cleaning database
{Wed Aug 12 01:51:05 IST 2019} Stopping server
{Wed Aug 12 01:52:05 IST 2019} Not all server processes stop. Attempting to stop \ remaining
{Wed Aug 12 01:52:05 IST 2019} Stopping database
{Wed Aug 12 01:52:07 IST 2019} Starting database
{Wed Aug 12 01:52:20 IST 2019} Starting database clean
{Wed Aug 12 01:58:50 IST 2019} Completed database clean
{Wed Aug 12 01:58:50 IST 2019} Stopping database
{Wed Aug 12 01:59:14 IST 2019} Starting server
===================================================
Completed Cleanup
Start Time: Mon Aug 28 01:50:44 IST 2019
Completed Time: Mon Aug 28 02:07:07 IST 2019
epnm-system-117/admin#ncs ha authkey
To enter the authentication key for high availability (HA), use the ncs ha authkey command in EXEC mode.
ncs ha authkey authorization key
Syntax Description
| authorization key |
The authorization key for high availability. Up to 80 alphanumeric characters, must contain a combination of characters that include lowercase letters, uppercase letters, and digits. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The ncs ha authkey command changes the authorization for the health monitor.
Examples
This example shows how to set up the authorization key for high availability:
epnm-system/admin#ncs ha authkey cisco123
Going to update primary authentication key
Successfully updated primary authentication key
Successfully intimated Primary updated authentication key to Secondary Server
epnm-system/admin#
Related Commands
|
Command |
Description |
|---|---|
|
Removes the high availability configuration settings from Cisco EPN Manager. |
|
|
Provides the current status of high availability. |
Note |
After changing the HA authentication key using the ncs ha authkey command, the HA readiness check may fail with the error Authentication key does not match between primary and secondary servers, even though the key is correct. This occurs because the readiness check might be referencing outdated or cached information. To resolve this issue,
|
ncs ha configure
To control high availability (HA) operations, use the ncs ha configure command in EXEC mode.
ncs ha configure
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
To control HA operations.
If you enter the ncs ha configure command, you see the following sub-commands:
epnm-dev-vm-54/admin# ncs ha configure ?
dgtimeout Update the DataGuard Time out for high availability
hbinterval Update the HM interval for high availability
hbretry Update the HM retry for high availability
sqlexpiretime Update the DB SqlExpireTime for high availability
sqlinboundtimeout Update the DB SqlInBoundTimeout for high availability
tcpkeepaliveintvl Update the Tcp Keep Alive Intvl for high availability
tcpkeepaliveprobes Update the Tcp Keep Alive Probes for high availability
tcpkeepalivetime Update the Tcp Keep Alive Time for high availability
updatecheckreadiness Update CheckReadinessncs ha monitor interface add
You can add interface to high availability monitoring using ncs ha monitor interface add command in EXEC mode.
ncs ha monitor interface add [ GigabitEthernet | Team ] [ interface number ]
Command Default
No default behavior or values.
Command Modes
EXEC
ncs ha monitor interface del
You can delete interface from high availability monitoring using ncs ha monitor interface del command in EXEC mode.
ncs ha monitor interface del [ GigabitEthernet | Team ] [ interface number ] }
Command Default
No default behavior or values.
Command Modes
EXEC
ncs ha northbound interface
You can set northbound interface using ncs ha northbound interface command in EXEC mode.
ncs ha northbound interface [ GigabitEthernet | Team ] [ interface number ]
Command Default
Default mode is GigabitEthernet 0.
Command Modes
EXEC
ncs ha remove
To remove the high availability configuration settings from Cisco EPNM, use the ncs ha remove command in EXEC mode.
ncs ha remove
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The ncs ha remove command removes the high availability configuration settings from the Cisco EPNM. If you enter this command, you will see the following confirmation message:
High availability configuration will be removed.
Do you wish to continue? (Y/N)
Examples
epnm-system/admin# ncs ha remove
High availability configuration will be removed
Do you wish to continue? (y/N) y
Removing primary configuration will remove all database information
Primary is attempting to remove high availability configuration from both primary \
and secondary
Successfully removed high availability configuration
epnm-system/admin#
ncs ha status
To display the current status of high availability (HA), use the ncs ha status command in EXEC mode.
ncs ha status
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Displays the current status of HA.
If you enter the ncs ha status command, you see the following response:
Examples
epnm-system/admin# ncs ha status
[Role] Primary [State] HA not Configured
epnm-systems/admin#
In Primary server:
epnm-system/admin# ncs ha status
[Role] Primary [Secondary Server] 10.197.71.162(10.197.71.162) [State] Primary
Active [Failover Type] Automatic
epnm-system/admin#
In Secondary server:
epnm-system/admin# ncs ha status
[Role] Secondary [Primary Server] epnm-system-161(10.197.71.161) [State] Secondary
Syncing [Failover Type] Automatic
epnm-system/admin#
ncs key genkey
To generate a new RSA key and self-signed certificate, use the ncs key genkey command. You can use this command in the following ways:
ncs key genkey -newdn -csr csrfilename repository repositoryname
Syntax Description
|
genkey |
Generates a new RSA key and self-signed certificate. You can use the following options with this command: -csr: Generates Certificate Signing Request (CSR) file. -newdn: Generates a new RSA key and self-signed certificate with domain information. <cr>: Carriage return. |
|
-newdn |
Generates a new RSA key and self-signed cert with domain information. You can use the following options with this command: -csr: Generates Certificate Signing Request(CSR) file. <cr>: Carriage return. |
|
-csr |
Generates a new CSR certificate file. You can use the following option with this command: <WORD>: Types in a certificate file name (Max Size - 80). |
|
csrfilename |
CSR filename. |
|
repository |
Repository command. This option is available when you use the -csr option. |
|
repositoryname |
Location where the files should be backed up to. Up to 80 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to generate a new rsa key and certificate files in the Cisco EPNM server:
epnm-cluster-88/admin# ncs key genkey -newdn -csr test.csr repository defaultRepo
Changes will take affect on the next server restart
Enter the fully qualified domain name of the server !!!!: epnm-cluster-88.cisco.com
Enter the name of your organization unit !!!!!!!!!!!!!!!: cisco
Enter the name of your organization !!!!!!!!!!!!!!!!!!!!: hcl
Enter the name of your city or locality !!!!!!!!!!!!!!!!: chennai
Enter the name of your state or province !!!!!!!!!!!!!!!: tn
Enter the two letter code for your country !!!!!!!!!!!!!: US
Specify subject alternate names.
If none specified, CN will be used.
Use comma seperated list - DNS:<name>,IP:<address> !!!!!: \
DNS:epnm-cluster-88.cisco.com,IP:10.126.168.88
Specify the public key algorithm [rsa/ec] !!!!!!!!!!!!!!: rsa
Specify the RSA key size [2048/4096/8192] !!!!!!!!!!!!!!: 4096
Specify the signature algorithm [sha256/sha512] !!!!!!!!: sha256
Key and CSR/Certificate will be generated with following details
Subject : \
/C=US/ST=tn/L=chennai/O=hcl/OU=cisco/CN=epnm-cluster-88.cisco.com
Subject Alternate Name : DNS:epnm-cluster-88.cisco.com,IP:10.126.168.88
Public Key Alg : rsa, 4096
Signature Alg : sha256
Continue [yes] : yes
Generating...
Completed generating new key...Changes will take affect on the next server restart
Note: You can provide comma separated list of FQDN and IP of EPNM servers where you want to import the same certificate received from CA.
To import same CA in other server, you need to import the key from the server where you generate CSR and them import the CA certiifcates.Note |
You will get a csr file generated in the location where the repository is pointing. Use that csr file get a CA certificate or signed certificate from any CA agent. |
Related Commands
|
Command |
Description |
|---|---|
|
Applies an RSA key and signed certificate to Cisco EPNM. |
|
|
Applies an RSA key and certificate to Cisco EPNM. |
Note |
After entering this command, enter the ncs stop and ncs start command to restart the Cisco EPNM server. |
ncs key importkey
To apply an RSA key and signed certificate to the Cisco EPNM, use the ncs key importkey command in EXEC mode.
ncs key exportkey key-filename cert-filename repository repositoryname
ncs key importkey key-filename cert-filename repository repositoryname
Syntax Description
|
key-filename |
RSA private key file name. |
|
cert-filename |
Certificate file name. |
|
repository |
Repository command |
|
repositoryname |
The repository name configured in the Cisco EPNM where the key-file and cert-file are hosted. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to apply the new RSA key and certificate files to the server.
ncs key exportkey private.key server.cer repository defaultRepo
ncs key importkey keyfile certfile repository ncs-sftp-repo
Note |
After applying this command, enter the ncs stop and ncs start command to restart the server. |
ncs key importsignedcert
To apply an RSA key and signed certificate, use the ncs key importsignedcert command EXEC mode.
ncs key importsignedcert signed-cert-filename repository repositoryname
Syntax Description
|
signed-cert-filename |
Signed certificate filename. |
|
repository |
Repository command |
|
repositoryname |
The repository name that is configured in Cisco EPNM where the key-file and cert-file is hosted. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to apply signed certificate files to the Cisco EPNM server:
> ncs key importsignedcert signed-certfile repository ncs-sftp-repo
Note |
After applying this command, enter the ncs stop and the ncs start command to restart the Cisco EPNM server to make changes take effect. |
ncs password ftpuser
To change the FTP username and password, use the ncs password ftpuser command in EXEC mode.
Note |
The value for ftpuser in the above command should always be set to ftp-user. |
After you enable the ftp-user, you can FTP files to and from the /localdisk/ftp folder on standalone or, if configured, High Availability primary servers only. You cannot use change directory (cd) or list directory (ls) functionality with ftp-user.
ncs password ftpuser ftp-user password password
Syntax Description
|
ftp-user |
The FTP user name |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to change the FTP username and password:
epnm-system-65/admin# ncs password ftpuser ftp-user password Password123
Updating FTP password
Saving FTP account password in credential store
Synching FTP account passwd to database store - location-ftp-user
Synching FTP account password to system store
Completed FTP password update
epnm-system-65/admin#
ncs password root password
To change the root password, use the ncs password root password command in EXEC mode.
ncs password root password userpassword
Syntax Description
|
userpassword |
Password for the root user. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to change the root password:
epnm-systems/admin# ncs password root password Userpassword
Password updated for web root user
epnm-systems/admin#
ncs run client-auth
You can enable client certificate authentication on your Cisco EPNM application using ncs run client-auth command.
ncs run client-auth enable
ncs run client-auth disable
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system-117/admin# ncs run client-auth enable
WARNING :
This feature requires the CA certificate to be installed on the system.
Please use the command 'ncs key importcacert ..." to
import the certificate of the CA used to sign the client certificates.
Ignore this warning if the CA certificate is already installed.
Use the 'disable' option of this command, to disable client authentication,
if not required.
client_auth status : enabled
epnm-system-117/admin#
epnm-system-117/admin# ncs run client-auth disable
client_auth status : disabled
epnm-system-117/admin#ncs run csrf
The cross-site request forgery check can be disabled (not recommended). The CLI provided only for backward compatibility with API clients which are not programmed for CSRF protection. For CSRF protection, this option should be enabled using the following command.
ncs run csrf enable
To disable, use the following command:
ncs run csrf disable
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-cluster-93/admin# ncs run csrf enable
epnm-cluster-93/admin# ncs run csrf disablencs run custom-subject-oid-type-regex
You can set custom OID type regular expression using ncs run custom-subject-oid-type-regex command in EXEC mode.
ncs run custom-subject-oid-type-regex { regex }
Command Default
No default behavior or values.
Command Modes
EXEC
ncs run custom-subject-oid-type
You can set custom OID type using ncs run custom-subject-oid-type command in EXEC mode.
ncs run custom-subject-oid-type { disable | cn | sn | serialnumber | c | l | st | s | street | o | ou | t | title | g | gn | e | emailaddress | email | uid | dc }
Command Default
No default behavior or values.
Command Modes
EXEC
ncs run gen-sec-pwd
To generate a secure password, you can use the ncs run gen-sec-pwd command in EXEC mode.
ncs run gen-sec-pwd
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-imeir-ha-prim/admin# ncs run gen-sec-pwd
Ukx(mr0j
epnm-imeir-ha-prim/admin#ncs run jms
Cisco EPNM can send notifications to a Java Message Server (JMS) whenever there are changes in the inventory or configuration parameters that are a part of an audit you have defined. You can enable or disable this feature using ncs run jms command.
ncs run jms enable
ncs run jms disable
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-cluster-93/admin# ncs run jms enable
epnm-cluster-93/admin# ncs run jms disable
Connectivity to the JMS (message bus) from external servers disabled.
Connectivity is required for external PnP Gateway servers to interact
with the EPNM server.
Use the 'enable' option of this command, to enable connectivity again.ncs run list
To display the list of commands associated with NCS, use ncs run list command in EXEC mode.
ncs run list
Command Default
No default behavior or arguments
Command Modes
EXEC
Examples
commands :
list - prints this list
test iops - tests the disk write performance
reset [db|keys] - reset database and keys to default factory settings
csrf [disable|enable] - enable or disable CSRF protection
client-auth [disable|enable] - enable or disable client certificate based authentication
jms [disable|enable] - enable or disable message bus connectivity (port 61617)
sshclient-nonfips-ciphers [disable|enable] - enable or disable non fips compliant ciphers for outgoing ssh client connections to devices
ssh-server-legacy-algorithms [disable|enable] - enable or disable legacy algorithms for SSH service.
tls-server-versions <tls_versions> - set the TLS versions to be enabled for TLS service - TLSv1.2 TLSv1.1 TLSv1
tls-server-ciphers <tls_cipher_groups> - set the TLS cipher group to be enabled for TLS service - tls-ecdhe-sha2 tls-ecdhe-sha1 tls-dhe-sha2 tls-dhe-sha1 tls-static-sha2 tls-static-sha1
livelogs [all|secure|ade|messages] - view live audit logs
loghistory [all|secure|ade|messages] - view audit logs
gen-sec-pwd - Generate secure password
ssh-server-single-legacy-algorithm [list | reset | algorithms] -algorithms with space seperated
ocsp-responder [disable|enable] - enable or disable OCSP Responder (requires EPNM restart)
custom-subject-oid-type [disable|cn|sn|serialnumber|c|l|st|s|street|o|ou|t|title|g|gn|e|emailaddress|email|uid|dc] - custom OID type
custom-subject-oid-type-regex [regex] - custom OID type regular expression
ncs run livelogs
You can run ncs run livelogs command to view live audit logs.
ncs run livelogs { all | secure | ade | messages }
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system-120/admin# ncs run livelogs
***Available filter options to limit logs - all secure ade messages***
************Press Ctrl+C for stop logging*****************
2018-02-28T01:48:39.407787+05:30 epnm-system-120 sshd[10309]: pam_unix(sshd:session): \
session closed for user admin
2018-02-28T01:50:14.109435+05:30 epnm-system-120 sshd[32038]: \
pam_tally2(sshd:account): option unlock_time=60 allowed in auth phase only
2018-02-28T01:50:14.109456+05:30 epnm-system-120 sshd[32038]: \
pam_tally2(sshd:account): unknown option: no_reset
2018-02-28T01:50:14.112152+05:30 epnm-system-120 sshd[32038]: pam_unix(sshd:session): \
session opened for user admin by (uid=0)
2018-02-28T02:00:57.499844+05:30 epnm-system-120 sshd[32038]: pam_unix(sshd:session): \
session closed for user admin
2018-02-28T02:04:28.870085+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-28T02:04:28.976462+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-28T02:21:30.485537+05:30 epnm-system-120 sshd[6381]: \
pam_tally2(sshd:account): option unlock_time=60 allowed in auth phase only
2018-02-28T02:21:30.485556+05:30 epnm-system-120 sshd[6381]: \
pam_tally2(sshd:account): unknown option: no_reset
2018-02-28T02:21:30.488589+05:30 epnm-system-120 sshd[6381]: pam_unix(sshd:session): \
session opened for user admin by (uid=0)
2018-02-28T02:25:04.370446+05:30 epnm-system-120 debugd[3229]: [7471]: \
config:network: sysconfig.c[1116] [admin]: Getting ipaddress for eth1
2018-02-28T02:25:04.377607+05:30 epnm-system-120 debugd[3229]: [7471]: \
config:network: syscfg_cli.c[1098] [admin]: No ipaddress for interface eth1
2018-02-28T02:25:04.384642+05:30 epnm-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetIfState::root:/opt/system/bin/carssh:NotFromTerminal:5:
2018-02-28T02:25:04.384720+05:30 epnm-system-120 debugd[3229]: [7471]: \
config:network: syscfg_cli.c[1105] [admin]: Interface eth1 is down
2018-02-28T02:25:04.384777+05:30 epnm-system-120 debugd[3229]: [7471]: \
config:network: syscfg_cli.c[1011] [admin]: Getting dhcpv6 enabled for eth1
2018-02-28T02:25:04.405866+05:30 epnm-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetNameserver::root:/opt/system/bin/carssh:NotFromTerminal:6:
2018-02-28T02:25:04.412912+05:30 epnm-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetNameserver::root:/opt/system/bin/carssh:NotFromTerminal:7:
2018-02-28T02:25:04.420049+05:30 epnm-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetNameserver::root:/opt/system/bin/carssh:NotFromTerminal:8:
2018-02-28T02:25:04.427224+05:30 epnm-system-120 ADEOSShell[7471]: Change Audit \
Details:SUCCESS:CARS \
CLI:carsGetGateway::root:/opt/system/bin/carssh:NotFromTerminal:9:
2018-02-28T02:28:16.411167+05:30 epnm-system-120 ADEOSShell[8312]: Change Audit \
Details:SUCCESS:CARS CLI:run_command::root:/opt/system/bin/carssh:/dev/pts/1:1:
2018-02-28T02:21:25.649026+05:30 epnm-system-120 sshd[6381]: Operating in CiscoSSL \
Common Criteria mode
2018-02-28T02:21:25.654950+05:30 epnm-system-120 sshd[6381]: FIPS mode initialized
2018-02-28T02:21:25.806409+05:30 epnm-system-120 sshd[6381]: Outbound-ReKey for \
10.77.144.125:16285 [preauth]
2018-02-28T02:21:25.889051+05:30 epnm-system-120 sshd[6381]: Inbound-ReKey for \
10.77.144.125:16285 [preauth]
2018-02-28T02:21:30.487757+05:30 epnm-system-120 sshd[6381]: Accepted password for \
admin from 10.77.144.125 port 16285 ssh2
2018-02-28T02:21:30.490420+05:30 epnm-system-120 sshd[6390]: Inbound-ReKey for \
10.77.144.125:16285
2018-02-28T02:21:30.490437+05:30 epnm-system-120 sshd[6390]: Outbound-ReKey for \
10.77.144.125:16285
2018-02-28T02:21:32.124237+05:30 epnm-system-120 rsyslogd: [origin \
software="rsyslogd" swVersion="5.8.10" x-pid="3216" \
x-info="http://www.rsyslog.com ] rsyslogd was HUPed
2018-02-28T02:25:04.601075+05:30 epnm-system-120 rsyslogd-2177: imuxsock begins to \
drop messages from pid 3229 due to rate-limiting
2018-02-28T02:25:30.938945+05:30 epnm-system-120 rsyslogd-2177: imuxsock lost 463 \
messages from pid 3229 due to rate-limiting
^CERROR: cmd '/opt/CSCOlumos/bin/run_command.sh livelogs' failed
epnm-system-120/admin#
ncs run loghistory
You can run ncs run loghistory command to view a list of audit logs.
ncs run loghistory { all | secure | ade | messages }
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system-120/admin# ncs run loghistory
***Available filter options to limit logs - all secure ade messages***
::::::::::::::
/var/log/secure
::::::::::::::
2018-02-25T04:22:03.091312+05:30 epnm-system-120 passwd: pam_unix(passwd:chauthtok): \
password changed for scpuser
2018-02-25T05:47:52.693460+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T05:47:52.746896+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T07:48:08.551061+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T07:48:08.607276+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T09:48:29.616066+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T09:48:29.675890+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T11:48:49.792055+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T11:48:49.845594+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T13:49:13.712070+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T13:49:13.764692+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T15:49:28.165108+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T15:49:28.231362+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T17:49:46.089296+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T17:49:46.143475+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T19:50:06.775083+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T19:50:06.828332+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T21:50:33.338183+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T21:50:33.393056+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-25T23:50:59.225069+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-25T23:50:59.278849+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-26T01:51:23.433628+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T01:52:00.541797+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T01:52:00.582068+05:30 epnm-system-120 su: pam_unix(su:session): session \
opened for user oracle by (uid=0)
2018-02-26T01:52:00.635314+05:30 epnm-system-120 su: pam_unix(su:session): session \
closed for user oracle
2018-02-26T03:30:00.737839+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:01.308384+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:01.318405+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:01.373111+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:01.411957+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:03.176254+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:03.196829+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:03.252549+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:06.105604+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:07.126919+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:07.131747+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
2018-02-26T03:30:14.916295+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
closed for user oracle
2018-02-26T03:30:14.923602+05:30 epnm-system-120 su: pam_unix(su-l:session): session \
opened for user oracle by (uid=0)
epnm-system-120/admin#ncs run ocsp-responder
You can enable or disable OCSP Responder (requires EPNM restart) using ncs run ocsp-responder command in EXEC mode.
ncs run ocsp-responder { enable | disable }
Syntax Description
|
enable |
Enables OCSP Responder. |
|
disable |
Disables OCSP Responder. |
Command Default
No default behavior or values.
Command Modes
EXEC
Note |
For the OCSP Responder command to work, it is necessary to enable the ncs run client-auth command. Please refer to ncs run client-auth to enable it. |
ncs run reset
You can use ncs run reset command to delete all the private keys from your Cisco EPNM server and to clean a corrupted database. Resetting DB clears all the existing data and replaces it with empty data.
ncs run reset { db | keys }
Syntax Description
|
db |
Resets DB wth empty data. |
|
keys |
Deletes all the private keys from Cisco EPNM server. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-system-160/admin# ncs run reset db
********************* Warning *********************
This script will delete the existing data in database (network data) and reset
database to default factory settings.
Do you want to proceed [yes/no] [no]? yes
Stopping EPNM...
This may take a few minutes...
EPNM successfully shutdown.
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Completed shutdown of all services
Listener wcstns is down.
Listener already stopped.
Database is already stopped. Cannot stop again.
This script is intended to run database configuration utilities
to provision and create the embedded database
Running database network config assistant tool (netca)...
Running oracle ZIP DB creation script...
configuring Oracle memory size
Running standby database creation script...
currentState is ...
sid being set wcs
SQL*Plus: Release 12.1.0.2.0 Production on Wed Nov 14 11:25:18 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to an idle instance.
SQL> ORACLE instance started.
Total System Global Area 2147483648 bytes
Fixed Size 2926472 bytes
Variable Size 1023412344 bytes
Database Buffers 1107296256 bytes
Redo Buffers 13848576 bytes
Database mounted.
Database opened.
SQL>
User altered.
SQL> Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - \
64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL*Plus: Release 12.1.0.2.0 Production on Wed Nov 14 11:25:52 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to an idle instance.
SQL> ORACLE instance started.
Total System Global Area 1287651328 bytes
Fixed Size 2934984 bytes
Variable Size 331351864 bytes
Database Buffers 947912704 bytes
Redo Buffers 5451776 bytes
Database mounted.
Database opened.
SQL>
User altered.
SQL> Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - \
64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
Listener wcstns is up
Database is already stopped. Cannot stop again.
INFO: reset db command executed successfully. Please restore the system data from a \
backup file
Examples
This example shows how to delete all private keys in the Cisco EPNM server:
epnm-system-61/admin# ncs run reset keys
This will delete all the private keys and may impact webserver, SSH service etc.
Do you want to proceed [yes/no] [no]? yes
ncs run ssh-server-single-legacy-algorithm
You can enable or disable ssh server legacy algorithms using ncs run ssh-server-single-legacy-algorithm command in EXEC mode.
ncs run ssh-server-single-legacy-algorithm { list | reset | algorithms }
Syntax Description
|
list |
lists all the supported algorithms. |
|
reset |
Resets to default settings. |
|
algorithms |
Sets algorithms. |
Note |
If customer has moved to EPNM 3.7.x or 3.8.x via upgrade path, some of the Kex, and Ciphers algorithms would have changed in 3.7.x or 3.8.x upgrade, though the ssh legacy algorithms settings were enabled or disabled in the previous EPNM versions. Now, if you upgrade to 3.9 from 3.7.x or 3.8.x, you can see the same list of Kex, and Ciphers algorithms in 3.9 as available in the 3.7.x or 3.8.x upgrade servers. The following steps explain the workaround, listing all the required ssh algorithms:
|
ncs run sshclient-nonfips-ciphers
To enable or disable non fips compliant ciphers for outgoing ssh client connections to devices you can use ncs run sshclient-nonfips-ciphers command in EXEC mode.
ncs run sshclient-nonfips-ciphers { enable | disable }
Syntax Description
|
enable |
Enables non fips compliant ciphers for outgoing ssh client connections. |
|
disable |
Disables non fips compliant ciphers for outgoing ssh client connections. |
Command Default
Default mode is enable.
EXEC
Examples
epnm-ha-imeir-prim/admin# ncs run sshclient-nonfips-ciphers disableNote |
This command is available only in the federal information processing standard (FIPS) mode |
ncs run test iops
To test and view the details of the input output operations on your Cisco EPNM, use the ncs run test iops command in the EXEC mode.
ncs run test iops
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
epnm-242/admin# ncs run test iops
Testing disk write speed ...
8388608+0 records in
8388608+0 records out
8589934592 bytes (8.6 GB) copied, 33.4561 s, 257 MB/sncs run tls-server-ciphers
You can enable a TLS cipher group using ncs run tls-server-ciphers command in EXEC mode.
ncs run tls-server-ciphers { tls-ecdhe-sha2 | tls-ecdhe-sha1 | tls-dhe-sha2 | tls-dhe-sha1 | tls-static-sha2 | tls-static-sha1}
Syntax Description
|
tls-ecdhe-sha2 |
Refers to tls cipher group, ecdhe sha2 |
|
tls-ecdhe-sha1 |
Refers to tls cipher group, ecdhe sha1 |
|
tls-dhe-sha2 |
Refers to tls cipher group, dhe sha2 |
|
tls-dhe-sha1 |
Refers to tls cipher group, dhe sha1 |
|
tls-static-sha2 |
Refers to tls cipher group, static sha2 |
|
tls-static-sha1 |
Refers to tls cipher group, static sha1 |
Command Default
The default cipher group is tls-ecdhe-sha2
EXEC
Examples
epnm/admin# ncs run tls-server-ciphers tls-ecdhe-sha1
Enabled TLS cipher groups are - tls-ecdhe-sha1
Restart is required for the changes to take effectncs run tls-server-versions
To set the TLS (Transport Layer Security) version, use the ncs run tls-server-versions command in EXEC mode.
ncs run tls-server-version <TLS version>
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
The following example illustrates the usage of the ncs run set-tls-versions command:
epnm-system-168/admin# ncs run tls-server-versions TLSv1 TLSv1.1 TLSv1.2
Enabled TLS version are - TLSv1,TLSv1.1,TLSv1.2
Restart is required for the changes to take effect
epnm-system-168/admin# Warning |
Running this command requires an immediate software restart. It is suggested you perform a failover and failback so that the changes are reflected in primary and secondary servers. |
ncs start
To start the EPNM server, use the ncs start command.
ncs start [verbose]
Syntax Description
|
verbose |
Displays the detailed messages during the start process. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
To see the messages in the console, use the ncs start verbose command.
Examples
This example shows how to start the EPNM server:
Examples
Starting Evolved Programmable Network Manager...
This may take a while (10 minutes or more) ...
Evolved Programmable Network Manager started successfully.
ncs status
To display the EPNM server status, use the ncs status command in EXEC mode.
ncs status
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
This example shows how to display the status of the EPNM server:
ncs status
Health Monitor Server is running. ( [Role] Primary [State] Primary Active )
Database server is running
Distributed Cache Service is running.
Messaging Service is running.
FTP Service is disabled
TFTP Service is disabled
NMS Server is running.
LCM Monitor is running.
SAM Daemon is running ...
DA Daemon is running ...
ncs stop
To stop the EPNM server, use the ncs stop command in EXEC mode. To see the detailed messages, use the ncs stop verbose command.
ncs stop [verbose]
Syntax Description
|
verbose |
Displays the detailed messages during the stop process. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
To see the detailed messages, use the ncs stop verbose command.
Examples
This example shows how to stop the EPNM server:
Stopping Evolved Programmable Network Manager...
This may take a few minutes...
Database is not running.
FTP Service is not running.
TFTP Service is not running.
NMS Server is not running!.
Evolved Programmable Network Manager successfully shutdown.
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Completed shutdown of all services
nslookup
To look up the hostname of a remote system on the Cisco EPNM server, use the nslookup command in EXEC mode.
nslookup word
Syntax Description
|
word |
IPv4 address or hostname of a remote system. Up to 63 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# nslookup 209.165.200.225
Trying "209.165.200.225.in-addr.arpa"
Received 127 bytes from 172.16.168.183#53 in 1 ms
Trying "209.165.200.225.in-addr.arpa"
Host 209.165.200.225.in-addr.arpa. not found: 3(NXDOMAIN)
Received 127 bytes from 172.16.168.183#53 in 1 ms
ncs/admin#
ncs/admin# nslookup 209.165.200.225
Trying "225.200.165.209.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65283
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;225.200.165.209.in-addr.arpa. IN PTR
;; ANSWER SECTION:
225.200.165.209.in-addr.arpa. 86400 IN PTR 209-165-200-225.got.net.
;; AUTHORITY SECTION:
192.168.209.in-addr.arpa. 86400 IN NS ns1.got.net.
192.168.209.in-addr.arpa. 86400 IN NS ns2.got.net.
Received 119 bytes from 172.16.168.183#53 in 28 ms
ncs/admin#
ocsp responder
Online Certificate Status Protocol (OCSP) enables certificate-based authentication for web clients using OCSP responders. Typically, the OCSP responder’s URL is read from the certificate’s Authority Information Access (AIA). As a failover mechanism, you can configure the same URL on the Cisco EPNM server as well. You can enable or disable a custom OCSP responder, and set/remove OCSP responder URLs using ocsp responder command in EXEC mode.
ocsp responder { remove | set | show }
Syntax Description
|
clear |
Clears the OCSP responder URL. |
|
custom |
Enables or disables the custom OCSP responder. |
|
set |
Sets the OCSP responder URL. |
Command Default
No default behaviour.
Command Modes
EXEC
Examples
ncs/admin# ocsp responder
ncs/admin# ocsp responder custom enable
ncs/admin# ocsp responder set url1 <WORD>
<WORD> Enter ocsp url (Max Size - 1024)
ncs/admin# ocsp responder clear url1ping
To diagnose the basic IPv4 network connectivity to a remote system, use the ping command in EXEC mode.
ping {ip-address | hostname} [Dfdf][packetsizepacketsize][pingcountpingcount]
Syntax Description
|
ip-address |
IP address of the system to ping. Up to 32 alphanumeric characters. |
|
hostname |
Hostname of the system to ping. Up to 32 alphanumeric characters. |
|
df |
Specification for packet fragmentation. |
|
df |
Specifies the value as 1 to prohibit packet fragmentation, or 2 to fragment the packets locally, or 3 to not set df. |
|
packetsize |
Size of the ping packet. |
|
packetsize |
Specifies the size of the ping packet; the value can be between 0 and 65507. |
|
pingcount |
Number of ping echo requests. |
|
pingcount |
Specifies the number of ping echo requests; the value can be between 1 and 10. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The ping command sends an echo request packet to an address, then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over the path, and whether you can reach a host.
Examples
ncs/admin# ping 172.16.0.1 df 2 packetsize 10 pingcount 2
PING 172.16.0.1 (172.16.0.1) 10(38) bytes of data.
18 bytes from 172.16.0.1: icmp_seq=0 ttl=40 time=306 ms
18 bytes from 172.16.0.1: icmp_seq=1 ttl=40 time=300 ms
--- 172.16.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 300.302/303.557/306.812/3.255 ms, pipe 2
ncs/admin#
ping6
To diagnose the basic IPv6 network connectivity to a remote system, use the ping6 command in EXEC mode.
ping6 {ip-address | hostname} [GigabitEthernetpacketsizepacketsize][pingcountpingcount]
Syntax Description
|
ip-address |
IP address of the system to ping. Up to 64 alphanumeric characters. |
|
hostname |
Hostname of the system to ping. Up to 64 alphanumeric characters. |
|
GigabitEthernet |
Selects the ethernet interface. |
|
packetsize |
Size of the ping packet. |
|
packetsize |
Specifies the size of the ping packet; the value can be between 0 and 65507. |
|
pingcount |
Number of ping echo requests. |
|
pingcount |
Specifies the number of ping echo requests; the value can be between 1 and 10. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The IPv6 ping6 command sends an echo request packet to an address, then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over the path, and whether you can reach a host.
The IPv6 ping6 command is similar to the existing IPv4 ping command that does not support the IPv4 ping fragmentation (df in IPv4) options, but allows an optional specification of an interface. The interface option is primarily useful for pinning with link-local addresses that are interface-specific. The packetsize and pingcount options work identically the same as they do with the IPv4 command.
Examples
ncs/admin# ping6 3ffe:302:11:2:20c:29ff:feaf:da05
PING 3ffe:302:11:2:20c:29ff:feaf:da05(3ffe:302:11:2:20c:29ff:feaf:da05) from 3ffe:302:11:2:20c:29ff:feaf:da05 eth0: 56 data bytes
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=0 ttl=64 time=0.599 ms
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=1 ttl=64 time=0.150 ms
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=2 ttl=64 time=0.070 ms
64 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=3 ttl=64 time=0.065 ms
--- 3ffe:302:11:2:20c:29ff:feaf:da05 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3118ms
rtt min/avg/max/mdev = 0.065/0.221/0.599/0.220 ms, pipe 2
ncs/admin#
ncs/admin# ping6 3ffe:302:11:2:20c:29ff:feaf:da05 GigabitEthernet 0 packetsize 10 pingcount 2
PING 3ffe:302:11:2:20c:29ff:feaf:da05(3ffe:302:11:2:20c:29ff:feaf:da05) from 3ffe:302:11:2:20c:29ff:feaf:da05 eth0: 10 data bytes
18 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=0 ttl=64 time=0.073 ms
18 bytes from 3ffe:302:11:2:20c:29ff:feaf:da05: icmp_seq=1 ttl=64 time=0.073 ms
--- 3ffe:302:11:2:20c:29ff:feaf:da05 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1040ms
rtt min/avg/max/mdev = 0.073/0.073/0.073/0.000 ms, pipe 2
ncs/admin#
reload
To reload the Cisco EPNM operating system, use the reload command in EXEC mode.
reload
Syntax Description
This command has no arguments or keywords.
Command Default
The command has no default behavior or values.
Command Modes
EXEC
Usage Guidelines
The reload command reboots the system. Use the reload command after you enter configuration information into a file and save the running-configuration to the persistent startup-configuration on the CLI and save any settings in the web Administration user interface session.
Before you enter the reload command, ensure that the Cisco EPNM is not performing any backup, restore, installation, upgrade, or remove operation. If the Cisco EPNM performs any of these operations and you enter the reload command, you will notice any of the following warning messages:
WARNING: A backup or restore is currently in progress! Continue with reload?
WARNING: An install/upgrade/remove is currently in progress! Continue with reload?
If you get any of these warnings, enter YES to halt the operation, or enter NO to cancel the halt.
If no processes are running when you use the reload command or you enter YES in response to the warning message displayed, the Cisco EPNM asks you to respond to the following option:
Do you want to save the current configuration ?
Enter YES to save the existing Cisco EPNM configuration. The Cisco EPNM displays the following message:
Saved the running configuration to startup successfully
Examples
ncs/admin# reload
Do you want to save the current configuration ? (yes/no) [yes] ? yes
Generating configuration...
Saved the running configuration to startup successfully
Continue with reboot? [y/n] y
Broadcast message from root (pts/0) (Fri Aug 7 13:26:46 2010):
The system is going down for reboot NOW!
ncs/admin#
restore
To perform a restore of a previous backup, use the restore command in EXEC mode.
Application Backup Restore:
Use the following command to restore data related only to the Cisco EPNM application:
restore filename repository repository-name application application-name
Application Backup Restore
Use the following command to restore data related to the Cisco EPNM application and Cisco ADE OS:
restore filename repository repository-name
Syntax Description
|
filename |
Name of the backed-up file that resides in the repository. Up to 120 alphanumeric characters.
|
||
|
repository |
The repository keyword. |
||
|
repository-name |
Name of the repository you want to restore from backup. |
||
|
application |
The application keyword. |
||
|
application-name |
The name of the application data to be restored. Up to 255 alphanumeric characters.
|
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
A restore operation restores data related to the Cisco EPNM and Cisco ADE OS. To perform a restore of a previous backup of the application data of the Cisco EPNM only, add the application command to the restore command in EXEC mode.
When you use these two commands in the Cisco EPNM, the Cisco EPNM server restarts automatically.
Examples
epnm-system-120/admin# restore epnm-system-173-190908-0334__VER3.7.0.0.159_BKSZ26G_CPU4_MEM3G_RAM11G_SWAP15G_APP_CK218281319.tar.gpg repository defaultRepo application NCS
* NOTE *
If the system console is disconnected or got cleared on session timeout
run 'show restore log' to see the output of the last restore session.
Restore will restart the application services. Continue? (yes/no) [yes] ?
DO NOT press ^C while the restoration is in progress
Aborting restore with a ^C may leave the system in a unrecoverable state
Enter the backup password, if your backup is password protected. Otherwise, press Enter to continue the data restoration.
Password :
Initiating restore. Please wait...
Restore Started at 08/09/19 22:59:05
Stage 1 of 9: Transferring backup file ...
-- completed at 08/09/19 22:59:15
Stage 2 of 9: Decrypting backup file ...
-- completed at 08/09/19 23:02:24
Stage 3 of 9: Unpacking backup file ...
-- completed at 08/09/19 23:02:25
Stopping EPNM server ...
Stage 4 of 9: Decompressing backup ...
-- completed at 08/09/19 23:18:58
Stage 5 of 9: Restoring Support Files ...
-- completed at 08/09/19 23:19:07
Stage 6 of 9: Restoring Database Files ...
-- completed at 08/09/19 23:19:43
Stage 7 of 9: Recovering Database ...
-- completed at 08/09/19 23:28:42
Stage 8 of 9: Updating Database Schema ...
This could take long time based on the existing data size.
Stage 1 of 5: Pre Migration Schema Upgrade ...
-- completed at: 2019-08-09 23:32:46.091, Time Taken : 0 hr, 4 min, 1 sec
Stage 2 of 5: Schema Upgrade ...
-- completed at: 2019-08-09 23:53:56.668, Time Taken : 0 hr, 21 min, 9 sec
Stage 3 of 5: Post Migration Schema Upgrade ...
-- completed at: 2019-08-09 23:54:17.489, Time Taken : 0 hr, 0 min, 19 sec
Stage 4 of 5: Enabling DB Constraints ...
-- completed at: 2019-08-09 23:54:53.179, Time Taken : 0 hr, 0 min, 34 sec
Stage 5 of 5: Finishing Up ...
-- completed at: 2019-08-09 23:55:12.431, Time Taken : 0 hr, 0 min, 18 sec
-- completed at 08/09/19 23:55:43
Stage 9 of 9: Re-enabling Database Settings ...
-- completed at 08/10/19 00:24:32
Total Restore duration is: 01h:25m:27s
INFO: Restore completed successfully.
Starting Evolved Programmable Network Manager...
This may take a while (10 minutes or more) ...
Evolved Programmable Network Manager started successfully.
Redirecting to /bin/systemctl restart rsyslog.service
Completed in 1207 secondsrmdir
To remove an existing directory, use the rmdir command in EXEC mode.
rmdir directory-name [disk:/path]
Syntax Description
|
directory-name |
The name of the directory to create. Up to 80 alphanumeric characters. |
|
disk:/path |
Use disk:/path with the directory name. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# mkdir disk:/test
ncs/admin# dir
Directory of disk:/
4096 May 06 2010 13:34:49 activemq-data/
4096 May 06 2010 13:40:59 logs/
16384 Mar 01 2010 16:07:27 lost+found/
4096 May 06 2010 13:42:53 target/
4096 May 07 2010 12:26:04 test/
Usage for disk: filesystem
181067776 bytes total used
19084521472 bytes free
20314165248 bytes available
ncs/admin#
ncs/admin# rmdir disk:/test
ncs/admin# dir
Directory of disk:/
4096 May 06 2010 13:34:49 activemq-data/
4096 May 06 2010 13:40:59 logs/
16384 Mar 01 2010 16:07:27 lost+found/
4096 May 06 2010 13:42:53 target/
Usage for disk: filesystem
181063680 bytes total used
19084525568 bytes free
20314165248 bytes available
ncs/admin#
rsakey
To display a configured RSA key or to set a new RSA public key for user authentication, use rsakey command in EXEC mode. You can also use it to remove a configured RSA key.
rsakey { remove | set | show }
Syntax Description
|
remove |
Remove RSA public key for user authentication. |
|
set |
Set RSA public key for user authentication. |
|
show |
Show RSA public key for user authentication. |
Command Default
No default behaviour.
Command Modes
EXEC
Examples
ncs/admin# rsakey
ncs/admin# rsakey show
No RSA key configured for user 'admin'
ncs/admin# rsakey remove
No RSA key configured for user 'admin
ncs/admin# rsakey set <WORD>
<WORD> Filename of RSA public key (Max Size - 256)show
To show the running system information, use the show command in EXEC mode. The show commands are used to display the Cisco EPNM settings and is one of the most useful commands.
The commands that are given in the table Table 1 require the show command to be followed by a keyword; for example, show application status . Some show commands require an argument or variable after the keyword to function. For example, show application version .
For detailed information on all the Cisco EPNM show commands, see show Commands.
show keyword
Syntax Description
|
Command(1) |
Description |
|---|---|
|
application (requires keyword)(2) |
Displays information about the installed application. For example, the status or version. |
|
backup (requires keyword) |
Displays information about the backup. |
|
banner |
Displays login banners. |
|
cdp (requires keyword) |
Displays information about the enabled Cisco Discovery Protocol interfaces. |
|
clock |
Displays the day, date, time, time zone, and year of the system clock. |
|
cpu |
Displays CPU information. |
|
disks |
Displays file-system information of the disks. |
|
icmp_status |
Displays information about the icmp echo response configuration. |
|
interface |
Displays statistics for all the interfaces that are configured on the Cisco ADE OS. |
|
inventory |
Displays information about the hardware inventory. |
|
ip |
Displays IP information. |
|
logging (requires keyword) |
Displays system logging information. |
|
logins (requires keyword) |
Displays login history. |
|
memory |
Displays memory usage by all running processes. |
|
netstat |
Displays information about the netstat and firewall. |
|
ntp |
Displays the status of the Network Time Protocol (NTP). |
|
ports |
Displays all the processes listening on the active ports. |
|
process |
Displays information about the active processes of the Cisco EPNM server. |
|
repository (requires keyword) |
Displays the file contents of a specific repository. |
|
restore (requires keyword) |
Displays the restore history on the Cisco EPNM server. |
|
running-config |
Displays the contents of the currently running configuration file on the Cisco EPNM server. |
|
security-status |
Displays various information such as services/ports enabled/disabled. |
|
startup-config |
Displays the contents of the startup configuration on the Cisco EPNM server. |
|
tech-support |
Displays the system and configuration information that you can provide to TAC when you report a problem. |
|
terminal |
Displays information about the terminal configuration parameter settings for the current terminal line. |
|
timezone |
Displays the time zone of the Cisco EPNM server. |
|
timezones |
Displays all the time zones available for use on the Cisco EPNM server. |
|
udi |
Displays information about the unique device identifier (UDI) of the Cisco EPNM. |
|
uptime |
Displays how long the system you are logged in to has been up and running. |
|
users |
Displays information for currently logged in users. |
|
version |
Displays information about the installed application version. |
| 12 |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
All show commands require at least one keyword to function.
Examples
epnm-imeir-secon/admin# show version
Cisco Application Deployment Engine OS Release: 6.7
ADE-OS Build Version: 6.7.9.001
ADE-OS System Architecture: x86_64
Copyright (c) 2009-2020 by Cisco Systems, Inc.
All rights reserved.
Hostname: erez-esxi-12-vm6
Version information of installed applications
---------------------------------------------
Cisco EPN Manager
********************************************************
Version : 6.0.0 [FIPS not Enabled]
Build : 6.0.0.0.000ssh
To start an encrypted session with a remote system, use the ssh command in EXEC mode.
Note |
An Admin or Operator (user) can use this command (see Table). |
ssh [ip-address | hostname] usernameport[number]version[1|2] delete hostkeyword
Syntax Description
|
ip-address |
IP address of the remote system. Up to 64 alphanumeric characters. |
|
hostname |
Hostname of the remote system. Up to 64 alphanumeric characters. |
|
username |
Username of the user logging in through SSH. |
|
port [number] |
(Optional) Indicates the port number of the remote host. From 0 to 65,535. Default 22. |
|
version [1 | 2] |
(Optional) Indicates the version number. Default 2. |
|
delete hostkey |
Deletes the SSH fingerprint of a specific host. |
|
word |
IPv4 address or hostname of a remote system. Up to 64 alphanumeric characters. |
Command Default
Disabled.
Command Modes
EXEC (Admin or Operator).
Usage Guidelines
The ssh command enables a system to make a secure, encrypted connection to another remote system or server. This connection provides functionality similar to that of an outbound Telnet connection except that the connection is encrypted. With authentication and encryption, the SSH client allows for secure communication over an insecure network.
Examples
ncs/admin# ssh ncs1 admin
admin@ncs1's password:
Last login: Wed Jul 11 05:53:20 2008 from ncs.cisco.com
ncs1/admin#
ncs/admin# ssh delete host ncs
ncs/admin#
tech dumptcp
To dump a Transmission Control Protocol (TCP) package to the console, use the tech dumptcp command in EXEC mode.
tech dumptcp gigabit-ethernet
Syntax Description
|
gigabit-ethernet |
Gigabit Ethernet interface number 0 to 1. |
Command Default
Disabled.
Command Modes
EXEC
Examples
ncs/admin# tech dumptcp 0
140816:141088(272) ack 1921 win 14144
08:26:12.034630 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141088:141248(160) ack 1921 win 14144
08:26:12.034635 IP dhcp-64-102-82-153.cisco.com.2221 > NCS.cisco.com.ssh: . ack 139632 win 64656
08:26:12.034677 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141248:141520(272) ack 1921 win 14144
08:26:12.034713 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141520:141680(160) ack 1921 win 14144
08:26:12.034754 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141680:141952(272) ack 1921 win 14144
08:26:12.034756 IP dhcp-64-102-82-153.cisco.com.2221 > NCS.cisco.com.ssh: . ack 140064 win 65520
08:26:12.034796 IP NCS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 141952:142112(160) ack 1921 win 14144
1000 packets captured
1000 packets received by filter
0 packets dropped by kernel
ncs/admin#
telnet
To log in to a host that supports Telnet, use the telnet command in operator (user) or EXEC mode.
telnet [ip-address | hostname] port number
Syntax Description
|
ip-address |
IP address of the remote system. Up to 64 alphanumeric characters. |
|
hostname |
Hostname of the remote system. Up to 64 alphanumeric characters. |
|
port number |
(Optional) Indicates the port number of the remote host. From 0 to 65,535. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# telnet 172.16.0.11 port 23
ncs.cisco.com login: admin
password:
Last login: Mon Jul 2 08:45:24 on ttyS0
ncs/admin#
terminal length
To set the number of lines on the current terminal screen for the current session, use the terminal length command in EXEC mode.
terminal length integer
Syntax Description
|
integer |
Number of lines on the screen. Contains between 0 to 511 lines, inclusive. A value of zero (0) disables pausing between screens of output. |
Command Default
24 lines.
Command Modes
EXEC
Usage Guidelines
The system uses the length value to determine when to pause during multiple-screen output.
Examples
ncs/admin# terminal length 0
ncs/admin#
terminal session-timeout
To set the inactivity timeout for all sessions, use the terminal session-timeout command in EXEC mode.
terminal session-timeout minutes
Syntax Description
|
minutes |
Sets the number of minutes for the inactivity timeout. From 0 to 525,600. Zero (0) disables the timeout. |
Command Default
30 minutes.
Command Modes
EXEC
Usage Guidelines
Setting the terminal session-timeout command to zero (0) results in no timeout being set.
Examples
ncs/admin# terminal session-timeout 40
ncs/admin#
terminal session-welcome
To set a welcome message on the system for all users who log in to the system, use the terminal session-welcome command in EXEC mode.
terminal session-welcome string
Syntax Description
|
string |
Welcome message. Up to 2,023 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Specify a message using up to 2048 characters.
Examples
ncs/admin# terminal session-welcome Welcome
ncs/admin#
terminal terminal-type
To specify the type of terminal connected to the current line for the current session, use the terminal terminal-type command in EXEC mode.
terminal terminal-type type
Syntax Description
|
type |
Defines the terminal name and type, and permits terminal negotiation by hosts that provide that type of service. Up to 80 alphanumeric characters. |
Command Default
VT100.
Command Modes
EXEC
Usage Guidelines
Indicate the terminal type if it is different from the default of VT100.
Examples
ncs/admin# terminal terminal-type vt220
ncs/admin#
traceroute
To discover the routes that packets take when traveling to their destination address, use the traceroute command in EXEC mode.
traceroute [ip-address | hostname]
Syntax Description
|
ip-address |
IP address of the remote system. Up to 32 alphanumeric characters. |
|
hostname |
Hostname of the remote system. Up to 32 alphanumeric characters. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# traceroute 172.16.0.11
traceroute to 172.16.0.11 (172.16.0.11), 30 hops max, 38 byte packets
1 172.16.0.11 0.067 ms 0.036 ms 0.032 ms
ncs/admin#
undebug
To disable debugging functions, use the undebug command in EXEC mode.
undebug {all | application | backup-restore | cdp | config | copy | icmp | locks | logging | snmp | system | transfer | user | utils}
Syntax Description
|
all |
Disables all debugging. |
|
application |
Application files.
|
|
backup-restore |
Backs up and restores files.
|
|
cdp |
Cisco Discovery Protocol configuration files.
|
|
config |
Configuration files.
|
|
copy |
Copy commands. |
|
icmp |
ICMP echo response configuration. all—Disable all debug output for ICMP echo response configuration. Set level between 0 and 7, with 0 being severe and 7 being all. |
|
locks |
Resource locking.
|
|
logging |
Logging configuration files. all—Disables all debug output for logging configuration. |
|
snmp |
SNMP configuration files. all—Disables all debug output for SNMP configuration. |
|
system |
System files.
|
|
transfer |
File transfer. |
|
user |
User management.
|
|
utils |
Utilities configuration files. all—Disables all utilities configuration debug output. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
ncs/admin# undebug all
ncs/admin#
write
To copy, display, or erase the Cisco EPNM server configurations, use the write command with the appropriate argument in EXEC mode.
write {erase | memory | terminal}
Syntax Description
|
erase |
Erases the startup configuration. This command is disabled by default. |
|
memory |
Copies the running configuration to the startup configuration. |
|
terminal |
Copies the running configuration to the console. |
Command Default
No default behavior or values.
Command Modes
EXEC
Examples
The following is an example of the write command with an erase keyword:
epnm-system/admin# write erase
% Warning: 'write erase' functionality has been disabled by application: NCS
epnm-system/admin#
Feedback