admin commands
The admin commands are used to perform administrative functions, such as displaying configuration that is not subject to AAA, manually saving the configuration, clearing user sessions, and rebooting the system.
admin
— application-assurance
— group reference
— url-list reference
— upgrade
— upgrade
— clear
— security
— lockout
— all
— user named-item
— password-history
— all
— user named-item
— disconnect
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— op-table-bypass boolean
— session-id number
— session-type keyword
— username named-item
— ipsec
— show
— key
— gateway named-item
— ip-tunnel interface-name
— ipsec-tunnel named-item
— peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— peer-tunnel-port number
— type keyword
— nat
— save-deterministic-script
— reboot
— [card] keyword
— hold
— now
— redundancy
— force-switchover
— ignore-status
— now
— synchronize
— boot-environment
— certificate
— configuration
— satellite
— ethernet-satellite reference
— reboot
— now
— upgrade
— synchronize
— tech-support
— [url] url
— save
— bof
— configure
— debug
— li
— [url] string
— set
— time
— [system-time] date-and-time
— show
— configuration
— bof
— booted
— cflash-id cflash-id
— [cli-path] cli-path-type
— configure
— converted
— debug
— depth number
— detail
— differences
— flat
— full-context
— inheritance
— intended
— json
— li
— model keyword
— running
— units
— values
— xml
— support-mode
— password
— kernel encrypted-leaf
— shell encrypted-leaf
— system
— license
— activate
— [file-url] string
— now
— clear
— now
— validate
— [file-url] string
— management-interface
— commit
— confirmed
— accept
— cancel
— operations
— delete-operation
— [delete-id] number
— op-table-bypass boolean
— stop-operation
— op-table-bypass boolean
— [stop-id] number
— security
— hash-control
— custom-hash
— algorithm keyword
— key string
— remove-custom-hash
— pki
— clear-ocsp-cache
— [entry-id] number
— cmpv2
— cert-request
— ca-profile reference
— current-certificate pki-file-name
— current-key pki-file-name
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— new-key pki-file-name
— save-as cflash-url
— subject-dn string
— clear-request
— ca-profile reference
— initial-registration
— ca-profile reference
— certificate pki-file-name
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-to-certify pki-file-name
— password string
— protection-key pki-file-name
— reference string
— save-as cflash-url
— send-chain
— subject-dn string
— with-ca reference
— key-update
— ca-profile reference
— hash-algorithm keyword
— new-key pki-file-name
— old-certificate pki-file-name
— old-key pki-file-name
— save-as cflash-url
— poll
— ca-profile reference
— convert-file
— force
— format keyword
— [input-file] pki-file-name
— [output-file] pki-file-name
— crl-update
— ca-profile reference
— est
— ca-certificates
— est-profile string
— force
— output-url cflash-url
— enroll
— domain-name string
— est-profile string
— force
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key cflash-url
— output-file pki-file-name
— subject-dn string
— validate-certificate-chain
— renew
— certificate cflash-url
— est-profile string
— force
— hash-algorithm keyword
— key cflash-url
— output-file pki-file-name
— validate-certificate-chain
— export
— format keyword
— input-file pki-file-name
— key-file pki-file-name
— output-url cflash-url
— password string
— type keyword
— generate-csr
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-url cflash-url
— output-url cflash-url
— subject-dn string
— use-printable
— generate-keypair
— dsa-key-size number
— ecdsa-curve keyword
— rsa-key-size number
— [save-path] cflash-url
— import
— format keyword
— input-url cflash-url
— output-file pki-file-name
— password string
— type keyword
— validate-certificate-chain
— reload
— application keyword
— certificate pki-file-name
— key pki-file-name
— show
— file-content
— [file-path] cflash-url
— format keyword
— password string
— type keyword
— update-certificate
— certificate reference
— secure-boot
— activate
— card reference
— confirmation-code string-not-all-spaces
— serial-number string-not-all-spaces
— revoke-key
— card reference
— confirmation-code string-not-all-spaces
— serial-number string-not-all-spaces
— update-key
— card reference
— confirmation-code string-not-all-spaces
— serial-number string-not-all-spaces
— software-image cflash-and-url
— validate
— software-image cflash-and-url
— system-password
— admin-password
— telemetry
— grpc
— cancel
— all
— subscription-id number
— tech-support
— [url] url
admin command descriptions
admin
application-assurance
Synopsis | Enter the application-assurance context | |
Context | admin application-assurance | |
Tree | application-assurance | |
Description | Commands in this context configure Application Assurance (AA) upgrade and AA group upgrade operations. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
group [aa-group-id] reference
Synopsis | Enter the group list instance | |
Context | admin application-assurance group reference | |
Tree | group | |
Description | Commands in this context configure the attributes of the group-specific upgrade. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[aa-group-id] reference
Synopsis | AA group ID | |
Context | admin application-assurance group reference | |
Tree | group | |
Reference | state application-assurance group aa-group-id | |
Notes | This element is part of a list key. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
url-list [url-list-name] reference
Synopsis | Enter the url-list list instance | |
Context | admin application-assurance group reference url-list reference | |
Tree | url-list | |
Description | Commands in this context configure the URL list upgrade parameters. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[url-list-name] reference
Synopsis | AA URL list name | |
Context | admin application-assurance group reference url-list reference | |
Tree | url-list | |
Reference | state application-assurance group url-list url-list-name | |
Notes | This element is part of a list key. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
upgrade
upgrade
Synopsis | Upgrade to a new isa-aa.tim file | |
Context | admin application-assurance upgrade | |
Tree | upgrade | |
Description | This command loads a new isa-aa.tim file as part of a router-independent signature upgrade. An AA ISA reboot is required for the upgrade to take effect. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
clear
security
lockout
all
user named-item
password-history
Synopsis | Clear the password history | |
Context | admin clear security password-history | |
Tree | password-history | |
Introduced | 19.10.R1 | |
Platforms | All |
all
user named-item
disconnect
Synopsis | Disconnect a user session | |
Context | admin disconnect | |
Tree | disconnect | |
Introduced | 16.0.R1 | |
Platforms | All |
address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address of the session to disconnect | |
Context | admin disconnect address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | address | |
Introduced | 19.10.R1 | |
Platforms | All |
op-table-bypass boolean
Synopsis | Avoid operation ID allocation | |
Context | admin disconnect op-table-bypass boolean | |
Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
Introduced | 21.5.R1 | |
Platforms | All |
session-id number
Synopsis | ID of the session to disconnect | |
Context | admin disconnect session-id number | |
Tree | session-id | |
Range | 1 to 4294967295 | |
Introduced | 16.0.R1 | |
Platforms | All |
session-type keyword
Synopsis | Type of session to disconnect | |
Context | admin disconnect session-type keyword | |
Tree | session-type | |
Options | ||
Introduced | 19.10.R1 | |
Platforms |
All |
username named-item
Synopsis | Username to disconnect | |
Context | admin disconnect username named-item | |
Tree | username | |
String length | 1 to 32 | |
Introduced | 19.10.R1 | |
Platforms | All |
ipsec
show
key
gateway named-item
Synopsis | IPsec gateway name | |
Context | admin ipsec show key gateway named-item | |
Tree | gateway | |
String length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
Introduced | 23.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
ip-tunnel interface-name
Synopsis | IPsec transport mode IP tunnel name | |
Context | admin ipsec show key ip-tunnel interface-name | |
Tree | ip-tunnel | |
String length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
Introduced | 23.10.R1 | |
Platforms | All |
ipsec-tunnel named-item
Synopsis | IPsec tunnel name | |
Context | admin ipsec show key ipsec-tunnel named-item | |
Tree | ipsec-tunnel | |
String length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
Introduced | 23.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Dynamic tunnel IP address | |
Context | admin ipsec show key peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | peer-tunnel-ip-address | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
Introduced | 23.10.R1 | |
Platforms | All |
peer-tunnel-port number
Synopsis | Dynamic tunnel port | |
Context | admin ipsec show key peer-tunnel-port number | |
Tree | peer-tunnel-port | |
Range | 0 | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
Introduced | 23.10.R1 | |
Platforms | All |
type keyword
nat
save-deterministic-script
Synopsis | Save script that computes deterministic NAT map entries | |
Context | admin nat save-deterministic-script | |
Tree | save-deterministic-script | |
Introduced | 21.2.R1 | |
Platforms | All |
reboot
[card] keyword
hold
now
redundancy
Synopsis | Enter the redundancy context | |
Context | admin redundancy | |
Tree | redundancy | |
Introduced | 16.0.R1 | |
Platforms | All |
force-switchover
Synopsis | Force a switchover to the standby CPM | |
Context | admin redundancy force-switchover | |
Tree | force-switchover | |
Introduced | 16.0.R1 | |
Platforms | All |
ignore-status
Synopsis | Switch to the standby CPM regardless of its status | |
Context | admin redundancy force-switchover ignore-status | |
Tree | ignore-status | |
Introduced | 19.10.R1 | |
Platforms | 7950 XRS |
now
Synopsis | Force the switchover to the standby CPM immediately | |
Context | admin redundancy force-switchover now | |
Tree | now | |
Introduced | 16.0.R1 | |
Platforms | All |
synchronize
Synopsis | Synchronize the standby CPM | |
Context | admin redundancy synchronize | |
Tree | synchronize | |
Introduced | 20.10.R1 | |
Platforms | All |
boot-environment
Synopsis | Synchronize all files required for the boot process | |
Context | admin redundancy synchronize boot-environment | |
Tree | boot-environment | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
Introduced | 20.10.R1 | |
Platforms | All |
certificate
Synopsis | Synchronize imported certificate, key, and CRL files | |
Context | admin redundancy synchronize certificate | |
Tree | certificate | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
Introduced | 23.3.R1 | |
Platforms | All |
configuration
Synopsis | Synchronize the configuration files | |
Context | admin redundancy synchronize configuration | |
Tree | configuration | |
Description | When specified, the system synchronizes the primary, secondary, and tertiary configuration files. | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
Introduced | 20.10.R1 | |
Platforms | All |
satellite
ethernet-satellite [satellite-id] reference
Synopsis | Enter the ethernet-satellite list instance | |
Context | admin satellite ethernet-satellite reference | |
Tree | ethernet-satellite | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[satellite-id] reference
Synopsis | Satellite ID | |
Context | admin satellite ethernet-satellite reference | |
Tree | ethernet-satellite | |
Reference | state satellite ethernet-satellite satellite-id | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
reboot
Synopsis | Initiate an administrative reboot of the chassis | |
Context | admin satellite ethernet-satellite reference reboot | |
Tree | reboot | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
now
upgrade
synchronize
Synopsis | Synchronize the chassis to the boot image | |
Context | admin satellite ethernet-satellite reference synchronize | |
Tree | synchronize | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tech-support
Synopsis | Save satellite technical support information | |
Context | admin satellite ethernet-satellite reference tech-support | |
Tree | tech-support | |
Description | This command creates a system core dump. If no file URL is specified and the ts-location command is configured in the configure system security tech-support context, the technical support file is automatically generated by the system with the file name based on the system name and the date and time, and is saved to the directory indicated by the ts-location configuration. The format of the auto-generated file name is ts-XXXXX.YYYYMMDD.HHMMUTC.dat, where:
Note: This command is not supported over non-interactive interfaces (for example, NETCONF). Note: This command should only be used with authorized direction from the Nokia Technical Assistance Center (TAC). | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[url] url
Synopsis | URL to save technical support information | |
Context | admin satellite ethernet-satellite reference tech-support [url] url | |
Tree | [url] | |
String length | 1 to 180 | |
Notes | This element is mandatory. | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
save
bof
configure
debug
li
[url] string
set
time
[system-time] date-and-time
Synopsis | System date and time | |
Context | admin set time [system-time] date-and-time | |
Tree | [system-time] | |
Description | This command sets the system date and time. The time zone may optionally be specified. When the time zone is not specified, the system uses the configured system time zone. | |
Notes | This element is mandatory. | |
Introduced | 19.10.R1 | |
Platforms | All |
show
configuration
Synopsis | Show the current configuration | |
Context | admin show configuration | |
Tree | configuration | |
Introduced | 16.0.R1 | |
Platforms | All |
bof
Synopsis | Show the BOF region configuration | |
Context | admin show configuration bof | |
Tree | bof | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 20.10.R1 | |
Platforms | All |
booted
Synopsis | Show the booted BOF configuration | |
Context | admin show configuration booted | |
Tree | booted | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
Introduced | 20.10.R1 | |
Platforms | All |
cflash-id cflash-id
Synopsis | Show the BOF configuration file on a compact flash | |
Context | admin show configuration cflash-id cflash-id | |
Tree | cflash-id | |
String length | 4 to 6 | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
Introduced | 20.10.R1 | |
Platforms | All |
[cli-path] cli-path-type
Synopsis | Absolute path or relative path from '/' | |
Context | admin show configuration [cli-path] cli-path-type | |
Tree | [cli-path] | |
Introduced | 21.10.R1 | |
Platforms | All |
configure
Synopsis | Show the configure region configuration | |
Context | admin show configuration configure | |
Tree | configure | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 20.7.R1 | |
Platforms | All |
converted
Synopsis | Include converted third-party model configuration | |
Context | admin show configuration converted | |
Tree | converted | |
Description | This option specifies the inclusion of converted configuration values from third-party models in the output and is only available when configure system management-interface yang-modules openconfig-modules is set to true. This option should only be used in the configure region when third-party models are used. The output with this option is the same as admin show configuration when used in other configuration regions. | |
Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
debug
Synopsis | Show the debug region configuration | |
Context | admin show configuration debug | |
Tree | debug | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 21.5.R1 | |
Platforms | All |
depth number
Synopsis | Depth limit from the pwc | |
Context | admin show configuration depth number | |
Tree | depth | |
Range | 1 to 4294967040 | |
Introduced | 23.10.R1 | |
Platforms | All |
detail
Synopsis | Include default and unconfigured values | |
Context | admin show configuration detail | |
Tree | detail | |
Introduced | 20.7.R1 | |
Platforms | All |
differences
Synopsis | Show the different values each model sets | |
Context | admin show configuration differences | |
Tree | differences | |
Description | When specified, this command shows only the values that are different when multiple models set the same configuration element. This option is supported only with the converted option and is available only when configure system management-interface yang-modules openconfig-modules is set to true. | |
Notes | The following elements are part of a choice: differences, model, or values. | |
Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
flat
Synopsis | Show the context from the pwc on each line | |
Context | admin show configuration flat | |
Tree | flat | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 20.7.R1 | |
Platforms | All |
full-context
Synopsis | Show the full context on each line | |
Context | admin show configuration full-context | |
Tree | full-context | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 20.7.R1 | |
Platforms | All |
inheritance
Synopsis | Include configuration inherited from configuration groups | |
Context | admin show configuration inheritance | |
Tree | inheritance | |
Description | This option specifies the inclusion of configuration inherited from configuration groups in the output. This option should only be used in the configure region when configuration groups are used. The output with this option is the same as admin show configuration when used in other configuration regions. | |
Introduced | 24.3.R1 | |
Platforms | All |
intended
Synopsis | Show the intended configuration | |
Context | admin show configuration intended | |
Tree | intended | |
Notes | The following elements are part of a choice: intended or running. | |
Introduced | 20.7.R1 | |
Platforms | All |
json
Synopsis | Show the output in indented JSON format | |
Context | admin show configuration json | |
Tree | json | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 19.10.R1 | |
Platforms | All |
li
Synopsis | Show the LI region configuration | |
Context | admin show configuration li | |
Tree | li | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 19.10.R1 | |
Platforms | All |
model keyword
Synopsis | Data model for which to display converted output | |
Context | admin show configuration model keyword | |
Tree | model | |
Description | This option specifies the data model for which to display the converted output. This option is supported only with the converted option and is available only when configure system management-interface yang-modules openconfig-modules is set to true. | |
Options | all – All models openconfig – OpenConfig models | |
Default | all | |
Notes |
The following elements are part of a choice: differences, model, or values. | |
Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
running
Synopsis | Show the running configuration | |
Context | admin show configuration running | |
Tree | running | |
Notes | The following elements are part of a choice: intended or running. | |
Introduced | 20.7.R1 | |
Platforms | All |
units
Synopsis | Include unit types for applicable elements | |
Context | admin show configuration units | |
Tree | units | |
Introduced | 20.10.R1 | |
Platforms | All |
values
Synopsis | Show all the values each model sets | |
Context | admin show configuration values | |
Tree | values | |
Description | When specified, this command shows all the values that each model sets. This option is supported only with the converted option and is available only when configure system management-interface yang-modules openconfig-modules is set to true. | |
Notes | The following elements are part of a choice: differences, model, or values. | |
Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
xml
Synopsis | Show the output in indented XML format | |
Context | admin show configuration xml | |
Tree | xml | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 20.7.R1 | |
Platforms | All |
support-mode
Synopsis | Enable the kernel and shell commands | |
Context | admin support-mode | |
Tree | support-mode | |
Description | Commands in this context enable the kernel and shell commands. Note: These commands should be used only with authorized direction from Nokia support. | |
Introduced | 16.0.R4 | |
Platforms | All |
password
Synopsis | Enter support mode command passwords | |
Context | admin support-mode password | |
Tree | password | |
Introduced | 23.10.R1 | |
Platforms | All |
kernel encrypted-leaf
Synopsis | Kernel command password | |
Context | admin support-mode password kernel encrypted-leaf | |
Tree | kernel | |
String length | 1 to 199 | |
Notes | The following elements are part of a mandatory choice: kernel or shell. | |
Introduced | 23.10.R1 | |
Platforms | All |
shell encrypted-leaf
Synopsis | Shell command password | |
Context | admin support-mode password shell encrypted-leaf | |
Tree | shell | |
String length | 1 to 199 | |
Notes | The following elements are part of a mandatory choice: kernel or shell. | |
Introduced | 23.10.R1 | |
Platforms | All |
system
license
activate
[file-url] string
Synopsis | Location of the license file to activate | |
Context | admin system license activate [file-url] string | |
Tree | [file-url] | |
String length | 1 to 256 | |
Introduced | 19.10.R1 | |
Platforms | All |
now
clear
now
validate
[file-url] string
Synopsis | Location of the license file to validate | |
Context | admin system license validate [file-url] string | |
Tree | [file-url] | |
String length | 1 to 256 | |
Introduced | 19.10.R1 | |
Platforms | All |
management-interface
Synopsis | Enter the management-interface context | |
Context | admin system management-interface | |
Tree | management-interface | |
Introduced | 21.5.R1 | |
Platforms | All |
commit
Synopsis | Enter the commit context | |
Context | admin system management-interface commit | |
Tree | commit | |
Introduced | 23.10.R1 | |
Platforms | All |
confirmed
accept
cancel
operations
Synopsis | Enter the operations context | |
Context | admin system management-interface operations | |
Tree | operations | |
Description | Commands in this context are used to manage YANG-based operations (for example, admin reboot, or ping) in model-driven interfaces. | |
Introduced | 21.5.R1 | |
Platforms | All |
delete-operation
Synopsis | Stop and remove an operation | |
Context | admin system management-interface operations delete-operation | |
Tree | delete-operation | |
Description | This command removes an operation and all status and data associated with it. If the operation was executing, it is stopped before removal. | |
Introduced | 21.5.R1 | |
Platforms | All |
[delete-id] number
Synopsis | ID of the operation to remove | |
Context | admin system management-interface operations delete-operation [delete-id] number | |
Tree | [delete-id] | |
Range | 1 to 10000 | |
Notes | This element is mandatory. | |
Introduced | 21.5.R1 | |
Platforms | All |
op-table-bypass boolean
Synopsis | Avoid operation ID allocation | |
Context | admin system management-interface operations delete-operation op-table-bypass boolean | |
Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
Introduced | 21.5.R1 | |
Platforms | All |
stop-operation
Synopsis | Stop the execution of an operational command | |
Context | admin system management-interface operations stop-operation | |
Tree | stop-operation | |
Description | This command stops the execution of an operational command. An operation launched as "asynchronous" is not deleted from the system when it is stopped. Status and other data associated with the operation persist until the operation is explicitly deleted using the delete operation command or a retention timeout. | |
Introduced | 21.5.R1 | |
Platforms | All |
op-table-bypass boolean
Synopsis | Avoid operation ID allocation | |
Context | admin system management-interface operations stop-operation op-table-bypass boolean | |
Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
Introduced | 21.5.R1 | |
Platforms | All |
[stop-id] number
Synopsis | ID of the operation to stop | |
Context | admin system management-interface operations stop-operation [stop-id] number | |
Tree | [stop-id] | |
Range | 1 to 10000 | |
Notes | This element is mandatory. | |
Introduced | 21.5.R1 | |
Platforms | All |
security
hash-control
Synopsis | Enter the hash-control context | |
Context | admin system security hash-control | |
Tree | hash-control | |
Introduced | 16.0.R6 | |
Platforms | All |
custom-hash
Synopsis | Custom encryption | |
Context | admin system security hash-control custom-hash | |
Tree | custom-hash | |
Introduced | 16.0.R6 | |
Platforms | All |
algorithm keyword
Synopsis | Algorithm for custom encryption | |
Context | admin system security hash-control custom-hash algorithm keyword | |
Tree | algorithm | |
Description | This command configures the algorithm for custom encryption. The encryption uses ECB mode, PKCS#7 padding, and Base64 encoding. | |
Options | 3des – DES-EDE3-ECB with PKCS #5 padding aes128 – AES-128-ECB with PKCS #7 padding aes192 – AES-192-ECB with PKCS #7 padding aes256 – AES-256-ECB with PKCS #7 padding | |
Notes | This element is mandatory. | |
Introduced | 16.0.R6 | |
Platforms | All |
key string
Synopsis | Key for encryption algorithm | |
Context | admin system security hash-control custom-hash key string | |
Tree | key | |
String length | 1 to 71 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R6 | |
Platforms | All |
remove-custom-hash
Synopsis | Remove the custom encryption | |
Context | admin system security hash-control remove-custom-hash | |
Tree | remove-custom-hash | |
Introduced | 20.10.R1 | |
Platforms | All |
pki
clear-ocsp-cache
Synopsis | Clear the current OCSP response cache | |
Context | admin system security pki clear-ocsp-cache | |
Tree | clear-ocsp-cache | |
Introduced | 23.3.R1 | |
Platforms | All |
[entry-id] number
Synopsis | Local OCSP response cache entry ID to clear | |
Context | admin system security pki clear-ocsp-cache [entry-id] number | |
Tree | [entry-id] | |
Range | 1 to 2000 | |
Introduced | 23.3.R1 | |
Platforms | All |
cmpv2
cert-request
Synopsis | Request an additional certificate | |
Context | admin system security pki cmpv2 cert-request | |
Tree | cert-request | |
Description | When specified, the system requests an additional certificate after the initial certificate has been obtained from the CA. The request is authenticated by a signature signed by the current key, along with the current certificate. The hash algorithm used for the signature depends on the key type:
CA may not return a certificate immediately, for example, if the request process requires manual intervention. The poll command can be used to poll the status of the request. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 cert-request ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile ca-profile-name | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
current-certificate pki-file-name
Synopsis | Existing imported certificate file to create request | |
Context | admin system security pki cmpv2 cert-request current-certificate pki-file-name | |
Tree | current-certificate | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
current-key pki-file-name
Synopsis | Imported key file used to create the request | |
Context | admin system security pki cmpv2 cert-request current-key pki-file-name | |
Tree | current-key | |
Description | This command specifies the imported key file corresponding to the existing imported certificate file used to create the request. | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki cmpv2 cert-request domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki cmpv2 cert-request hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki cmpv2 cert-request ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
new-key pki-file-name
save-as cflash-url
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki cmpv2 cert-request subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
clear-request
Synopsis | Clear pending CMPv2 requests | |
Context | admin system security pki cmpv2 clear-request | |
Tree | clear-request | |
Description | When specified, the system clears pending CMPv2 requests for the specified CA. If no requests are pending, the system clears the saved result of the previous request | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 clear-request ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile ca-profile-name | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
initial-registration
Synopsis | Request initial certificate using the CMPv2 protocol | |
Context | admin system security pki cmpv2 initial-registration | |
Tree | initial-registration | |
Description | When specified, the system requests the initial certificate from the CA using the CMPv2 initial registration procedure. The ca-profile parameter specifies a CA profile which includes CMP server information. The key-to-certify parameter is an imported key file to be certified by the CA. The request is authenticated via one of the following methods:
The subject-dn command specifies the subject of the requesting certificate. The save-as command specifies the full path name for saving the result certificate. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In such cases, the poll command can be used to poll the status of the request. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 initial-registration ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile ca-profile-name | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate pki-file-name
Synopsis | Filename of the certificate for the protection key | |
Context | admin system security pki cmpv2 initial-registration certificate pki-file-name | |
Tree | certificate | |
String length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki cmpv2 initial-registration domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki cmpv2 initial-registration hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki cmpv2 initial-registration ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
key-to-certify pki-file-name
Synopsis | Name of the key file used to create initial request | |
Context | admin system security pki cmpv2 initial-registration key-to-certify pki-file-name | |
Tree | key-to-certify | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
password string
Synopsis | Password for message protection | |
Context | admin system security pki cmpv2 initial-registration password string | |
Tree | password | |
String length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
protection-key pki-file-name
Synopsis | Key file used to generate message protection signature | |
Context | admin system security pki cmpv2 initial-registration protection-key pki-file-name | |
Tree | protection-key | |
String length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
reference string
Synopsis | Password reference number | |
Context | admin system security pki cmpv2 initial-registration reference string | |
Tree | reference | |
String length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
save-as cflash-url
send-chain
Synopsis | Send a certificate chain | |
Context | admin system security pki cmpv2 initial-registration send-chain | |
Tree | send-chain | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki cmpv2 initial-registration subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
with-ca reference
Synopsis | Name of CA profile with certificate in the send chain | |
Context | admin system security pki cmpv2 initial-registration with-ca reference | |
Tree | with-ca | |
Reference | state system security pki ca-profile ca-profile-name | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
key-update
Synopsis | Request new certificate to update existing certificate | |
Context | admin system security pki cmpv2 key-update | |
Tree | key-update | |
Description | When specified, the system requests a new certificate from the CA to update an existing certificate due to reasons such as a key refresh or to replace a compromised key. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In these cases, the poll command can be used to poll the status of the request. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 key-update ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile ca-profile-name | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki cmpv2 key-update hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
new-key pki-file-name
old-certificate pki-file-name
Synopsis | Name of the old certificate file to be replaced | |
Context | admin system security pki cmpv2 key-update old-certificate pki-file-name | |
Tree | old-certificate | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
old-key pki-file-name
save-as cflash-url
poll
Synopsis | Poll the CMPv2 server for pending request status | |
Context | admin system security pki cmpv2 poll | |
Tree | poll | |
Description | When specified, the system polls the status of the pending CMPv2 request toward the specified CA. If the response is ready, the system resumes the CMPv2 protocol exchange with the server. SR OS allows only one pending CMP request per CA; therefore, no new request is allowed when a pending request is present. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 poll ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile ca-profile-name | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
convert-file
Synopsis | Convert imported file between secure and legacy format | |
Context | admin system security pki convert-file | |
Tree | convert-file | |
Introduced | 23.3.R1 | |
Platforms | All |
force
format keyword
[input-file] pki-file-name
Synopsis | Name of the file to be converted | |
Context | admin system security pki convert-file [input-file] pki-file-name | |
Tree | [input-file] | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
[output-file] pki-file-name
Synopsis | Output filename | |
Context | admin system security pki convert-file [output-file] pki-file-name | |
Tree | [output-file] | |
Description | This command specifies the output filename. If the filename already exists, the system prompts the user to proceed or aborts if the force command is unconfigured. | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
crl-update
Synopsis | Trigger the CRL update for the CA profile | |
Context | admin system security pki crl-update | |
Tree | crl-update | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki crl-update ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile ca-profile-name | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
est
ca-certificates
Synopsis | Download CA certificates from the EST server | |
Context | admin system security pki est ca-certificates | |
Tree | ca-certificates | |
Description | This command downloads a Certificate Authority (CA) certificate from an EST server specified by the profile name. | |
Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
Synopsis | PKI EST profile name | |
Context | admin system security pki est ca-certificates est-profile string | |
Tree | est-profile | |
String length | 1 to 32 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
force
output-url cflash-url
Synopsis | Path to the result file | |
Context | admin system security pki est ca-certificates output-url cflash-url | |
Tree | output-url | |
String length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
enroll
Synopsis | Enroll a new certificate with CA with the EST protocol | |
Context | admin system security pki est enroll | |
Tree | enroll | |
Description | When specified, the system enrolls a new certificate with Certificate Authority (CA) by the EST protocol specified with the est-profile command with a imported private key specified by the key command. The est-profile commad specifies the authentication between the system and EST server. The hash-alg, subject-dn, domain-name, and ip-address commands are used to generate the Certificate Signing Request (CSR) in the EST request message. The domain-name and ip-address commands are used as subject alternative names. If validate-certificate-chain is specified, the system validates the chain of result certificate before importing it. The certificate chain is the chain of all certificates from the result certificate to the issuing CA. The result certificate is the new certificate returned by the EST server. The result certificate is imported and saved with the filename specified by the output-file command. If the force command is specified, the system overwrites the existing file with same name as the output file. | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki est enroll domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
Synopsis | PKI EST profile name | |
Context | admin system security pki est enroll est-profile string | |
Tree | est-profile | |
String length | 1 to 32 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
force
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki est enroll hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki est enroll ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
key cflash-url
output-file pki-file-name
Synopsis | Name of the result file | |
Context | admin system security pki est enroll output-file pki-file-name | |
Tree | output-file | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki est enroll subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
validate-certificate-chain
Synopsis | Validate result certificate chain before importing | |
Context | admin system security pki est enroll validate-certificate-chain | |
Tree | validate-certificate-chain | |
Introduced | 23.3.R1 | |
Platforms | All |
renew
Synopsis | Renew a CA certificate using the EST protocol | |
Context | admin system security pki est renew | |
Tree | renew | |
Description | When specified, the system renews an imported certificate (specified by the certificate command) with a Certificate Authority (CA) using the EST protocol specified by the est-profile parameter, with an imported private key specified the key command. The key can be either the key of the certificate to be renewed or a new key. The authentication between system and EST server is specified by the est-profile parameter. The system uses the hash-alg command to generate the CSR in the EST request message. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate cflash-url
Synopsis | Name of the imported certificate file to renew | |
Context | admin system security pki est renew certificate cflash-url | |
Tree | certificate | |
String length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
Synopsis | PKI EST profile name | |
Context | admin system security pki est renew est-profile string | |
Tree | est-profile | |
String length | 1 to 32 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
force
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki est renew hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
key cflash-url
output-file pki-file-name
Synopsis | Name of the result file | |
Context | admin system security pki est renew output-file pki-file-name | |
Tree | output-file | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
validate-certificate-chain
Synopsis | Validate result certificate chain before importing | |
Context | admin system security pki est renew validate-certificate-chain | |
Tree | validate-certificate-chain | |
Introduced | 23.3.R1 | |
Platforms | All |
export
format keyword
input-file pki-file-name
Synopsis | Name of the file to be exported | |
Context | admin system security pki export input-file pki-file-name | |
Tree | input-file | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
key-file pki-file-name
Synopsis | Name of the key file to be exported | |
Context | admin system security pki export key-file pki-file-name | |
Tree | key-file | |
Description | This command specifies the name of the key file to be exported when the output format may contain the certificate and the key. | |
String length | 1 to 95 | |
Introduced | 23.3.R1 | |
Platforms | All |
output-url cflash-url
Synopsis | Full path to export the result file | |
Context | admin system security pki export output-url cflash-url | |
Tree | output-url | |
String length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
password string
type keyword
generate-csr
Synopsis | Generate a PKCS#10 certificate signing request file | |
Context | admin system security pki generate-csr | |
Tree | generate-csr | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki generate-csr domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki generate-csr hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki generate-csr ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
key-url cflash-url
output-url cflash-url
Synopsis | Full path to result certificate signing request file | |
Context | admin system security pki generate-csr output-url cflash-url | |
Tree | output-url | |
String length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki generate-csr subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
use-printable
Synopsis | Force ASCII encoding for input subject DN attributes | |
Context | admin system security pki generate-csr use-printable | |
Tree | use-printable | |
Description | When specified, the system forces the use of ASCII encoding for the input subject DN attributes. Otherwise, the system uses UTF-8 encoding. | |
Introduced | 23.3.R1 | |
Platforms | All |
generate-keypair
Synopsis | Generate PKI key pair | |
Context | admin system security pki generate-keypair | |
Tree | generate-keypair | |
Description | When specified, the system generates an RSA, DSA, or ECDSA private/public key pair file | |
Introduced | 23.3.R1 | |
Platforms | All |
dsa-key-size number
Synopsis | Length of the DSA key to be generated | |
Context | admin system security pki generate-keypair dsa-key-size number | |
Tree | dsa-key-size | |
Range | 512 to 8192 | |
Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
Introduced | 23.3.R1 | |
Platforms | All |
ecdsa-curve keyword
Synopsis | Elliptic curve of the ECDSA key to be generated | |
Context | admin system security pki generate-keypair ecdsa-curve keyword | |
Tree | ecdsa-curve | |
Options | ||
Default | secp256r1 | |
Notes | The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
Introduced | 23.3.R1 | |
Platforms | All |
rsa-key-size number
Synopsis | Length of the RSA key to be generated | |
Context | admin system security pki generate-keypair rsa-key-size number | |
Tree | rsa-key-size | |
Range | 512 to 8192 | |
Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
Introduced | 23.3.R1 | |
Platforms | All |
[save-path] cflash-url
Synopsis | Full path to save the result key file | |
Context | admin system security pki generate-keypair [save-path] cflash-url | |
Tree | [save-path] | |
String length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
import
Synopsis | Import a certificate related file | |
Context | admin system security pki import | |
Tree | import | |
Description | When specified, the system imports an input file (key/certificate/CRL) to be used by SROS applications. The following summarizes the supported formats:
| |
Introduced | 23.3.R1 | |
Platforms | All |
format keyword
input-url cflash-url
output-file pki-file-name
Synopsis | Name of the result file | |
Context | admin system security pki import output-file pki-file-name | |
Tree | output-file | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
password string
type keyword
validate-certificate-chain
Synopsis | Validate the certificate chain | |
Context | admin system security pki import validate-certificate-chain | |
Tree | validate-certificate-chain | |
Description | When specified, the system validates the result certificate chain before it is imported. | |
Introduced | 23.3.R1 | |
Platforms | All |
reload
Synopsis | Reload key or certificate files | |
Context | admin system security pki reload | |
Tree | reload | |
Description | When specified, the system reloads the key or certificate files for the specified application.This command can be used to ensure a changed imported file takes effect. | |
Introduced | 23.3.R1 | |
Platforms | All |
application keyword
Synopsis | Application to be reloaded | |
Context | admin system security pki reload application keyword | |
Tree | application | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate pki-file-name
Synopsis | Name of the certificate file to reload | |
Context | admin system security pki reload certificate pki-file-name | |
Tree | certificate | |
String length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
key pki-file-name
show
file-content
Synopsis | Display content of certificate related files | |
Context | admin system security pki show file-content | |
Tree | file-content | |
Introduced | 23.3.R1 | |
Platforms | All |
[file-path] cflash-url
Synopsis | Full path to the file to display | |
Context | admin system security pki show file-content [file-path] cflash-url | |
Tree | [file-path] | |
String length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
format keyword
password string
type keyword
update-certificate
Synopsis | Update End Entity certificate | |
Context | admin system security pki update-certificate | |
Tree | update-certificate | |
Description | When specified, the system triggers an update for the specified certificate according to the corresponding configure system security pki certificate-auto-update configuration. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate reference
Synopsis | Name of the certificate file to be updated | |
Context | admin system security pki update-certificate certificate reference | |
Tree | certificate | |
Reference | state system security pki certificate-auto-update certificate-file-name | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
secure-boot
Synopsis | Enter the secure-boot context | |
Context | admin system security secure-boot | |
Tree | secure-boot | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
activate
Synopsis | Activate secure boot on a CPM | |
Context | admin system security secure-boot activate | |
Tree | activate | |
Description | This command activates Secure Boot to enforce digital signature verification of the software on every boot. Once Secure Boot is activated on a CPM, the capability is permanently enabled and cannot be disabled. | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
card reference
confirmation-code string-not-all-spaces
Synopsis | Confirmation code | |
Context | admin system security secure-boot activate confirmation-code string-not-all-spaces | |
Tree | confirmation-code | |
String length | 1 to 32 | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
serial-number string-not-all-spaces
Synopsis | CPM card serial number which secure-boot activates | |
Context | admin system security secure-boot activate serial-number string-not-all-spaces | |
Tree | serial-number | |
String length | 1 to 32 | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
revoke-key
Synopsis | Revoke secure boot keys | |
Context | admin system security secure-boot revoke-key | |
Tree | revoke-key | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
card reference
Synopsis | CPM slot where secure boot is activated or modified | |
Context | admin system security secure-boot revoke-key card reference | |
Tree | card | |
Reference | state cpm cpm-slot | |
Notes | This element is mandatory. | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
confirmation-code string-not-all-spaces
Synopsis | Confirmation code | |
Context | admin system security secure-boot revoke-key confirmation-code string-not-all-spaces | |
Tree | confirmation-code | |
String length | 1 to 32 | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
serial-number string-not-all-spaces
Synopsis | CPM card serial number which secure-boot activates | |
Context | admin system security secure-boot revoke-key serial-number string-not-all-spaces | |
Tree | serial-number | |
String length | 1 to 32 | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
update-key
Synopsis | Update secure boot keys | |
Context | admin system security secure-boot update-key | |
Tree | update-key | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
card reference
Synopsis | CPM slot where secure boot is activated or modified | |
Context | admin system security secure-boot update-key card reference | |
Tree | card | |
Reference | state cpm cpm-slot | |
Notes | This element is mandatory. | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
confirmation-code string-not-all-spaces
Synopsis | Confirmation code | |
Context | admin system security secure-boot update-key confirmation-code string-not-all-spaces | |
Tree | confirmation-code | |
String length | 1 to 32 | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
serial-number string-not-all-spaces
Synopsis | CPM card serial number which secure-boot activates | |
Context | admin system security secure-boot update-key serial-number string-not-all-spaces | |
Tree | serial-number | |
String length | 1 to 32 | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
software-image cflash-and-url
Synopsis | Location of the target software image | |
Context | admin system security secure-boot update-key software-image cflash-and-url | |
Tree | software-image | |
String length | 1 to 180 | |
Notes | This element is mandatory. | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
validate
software-image cflash-and-url
Synopsis | Location of the target software image | |
Context | admin system security secure-boot validate software-image cflash-and-url | |
Tree | software-image | |
String length | 1 to 180 | |
Notes | This element is mandatory. | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1 (FP5), 7750 SR-s, 7950 XRS-20e |
system-password
Synopsis | Change a local system password | |
Context | admin system security system-password | |
Tree | system-password | |
Introduced | 22.10.R2 | |
Platforms | All |
admin-password
Synopsis | Administrative password | |
Context | admin system security system-password admin-password | |
Tree | admin-password | |
Notes | This element is mandatory. | |
Introduced | 22.10.R2 | |
Platforms | All |
telemetry
grpc
cancel
all
subscription-id number
Synopsis | ID of the telemetry subscription to cancel | |
Context | admin system telemetry grpc cancel subscription-id number | |
Tree | subscription-id | |
Max. range | 0 to 4294967295 | |
Notes | The following elements are part of a mandatory choice: all or subscription-id. | |
Introduced | 19.10.R1 | |
Platforms | All |
tech-support
Synopsis | Save technical support information to a file | |
Context | admin tech-support | |
Tree | tech-support | |
Introduced | 20.10.R1 | |
Platforms | All |
[url] url
Synopsis | URL to save technical support information | |
Context | admin tech-support [url] url | |
Tree | [url] | |
String length | 1 to 180 | |
Introduced | 20.10.R1 | |
Platforms | All |