Before using this information and the product it supports, read the information in “Notices and trademarks” on page 1011.
First Edition (December 2008)
This edition applies to version 3, release 7, modification 2, level 0 of IBM WebSphere DataPower XML Security
Gateway XS40 and to all subsequent releases and modifications until otherwise indicated in new editions.
IBM®WebSphere®DataPower®SOA Appliances are purpose-built, easy-to-deploy
network appliances that simplify, help secure, and accelerate your XML and Web
services deployments while extending your SOA infrastructure. These appliances
offer an innovative, pragmatic approach to harness the power of SOA while
simultaneously enabling you to leverage the value of your existing application,
security, and networking infrastructure investments.
Who should read this document
This document is intended for administrators of IBM WebSphere DataPower who
are responsible for the configuration and maintenance of web services, security,
and data communications equipment. These administrators are expected to have
familiarity with XML and XSLT.
This document assumes that you have installed and initially configured the
appliance as described in the IBM WebSphere DataPower SOA Appliances: 9003:
Installation Guide or in the IBM WebSphere DataPower SOA Appliances: Type 9235:
Installation Guide, depending on the model type.
Publications
The IBM WebSphere DataPower library is organized into the following categories:
v “Installation and upgrade documentation”
v “Administration documentation” on page xx
v “Development documentation” on page xx
v “Reference documentation” on page xx
v “Integration documentation” on page xxi
v “Problem determination documentation” on page xxi
v “Supplemental documentations” on page xxi
Installation and upgrade documentation
v IBM WebSphere DataPower SOA Appliances: 9003: Installation Guide
Provides instructions for installing and powering up the Type 7993 (9003)
appliance, creating a startup configuration script, and placing the appliance in
operation.
v IBM WebSphere DataPower SOA Appliances: Type 9235: Installation Guide
Provides instructions for installing and powering up the Type 9235 appliance,
creating a startup configuration script, and placing the appliance in operation.
v IBM WebSphere DataPower SOA Appliances: Type 9235: Hardware Problem
Determination and Service Guide
Provides information about diagnosing and troubleshooting hardware problems,
ordering consumable replacement parts, and replacing parts.
v IBM WebSphere DataPower SOA Appliances: Upgrade and Rollback Guide: Generation
2 Firmware
Provides instructions for upgrading Generation 2 firmware and for rolling back
firmware upgrades.
v IBM WebSphere DataPower SOA Appliances: Appliance Overview
Provides an introduction and understanding of the IBM Websphere DataPower
SOA appliances.
v IBM WebSphere DataPower SOA Appliances: Administrators Guide
Provides instructions for using the DataPower GUI for managing user access,
network access, appliance configuration and system configuration of the
appliance.
v IBM WebSphere DataPower SOA Appliances: Hardware Security Module Guide
A user guide for using a Hardware Security Module (HSM) installed in the
appliance.
Development documentation
v IBM WebSphere DataPower SOA Appliances: XSL Accelerator Developers Guide
Provides instructions for using the WebGUI to configure XSL Proxy and XSL
Co-Processor services.
v IBM WebSphere DataPower SOA Appliances: XML Firewall Developers Guide
Provides instructions for using the WebGUI to configure XML Firewall services.
v IBM WebSphere DataPower SOA Appliances: Web Application Firewall Developers
Guide
Provides instructions for using the WebGUI to configure Web Application
Firewall services.
v IBM WebSphere DataPower SOA Appliances: Multi-Protocol Gateway Developers
Guide
Provides instructions for using the WebGUI to configure Multiple-Protocol
Gateway services.
v IBM WebSphere DataPower SOA Appliances: Web Service Proxy Developers Guide
Provides instructions for using the WebGUI to configure Web Service Proxy
services.
v IBM WebSphere DataPower SOA Appliances: B2B Gateway Developers Guide
Provides instructions for using the WebGUI to configure B2B Gateway services.
v IBM WebSphere DataPower SOA Appliances: Low Latency Messaging Developers
Guide
Provides instructions for using the WebGUI to configure a DataPower appliance
for low latency messaging.
Reference documentation
v Product-specific documentation for using commands from the command line.
The documentation is specific to each of the following products. Each document
provides an alphabetical listing of all commands with syntactical and functional
descriptions.
– IBM WebSphere DataPower XML Accelerator XA35: Command Reference
– IBM WebSphere DataPower XML Security Gateway XS40: Command Reference
– IBM WebSphere DataPower XML Integration Appliance XI50: Command Reference
– IBM WebSphere DataPower B2B Appliance XB60: Command Reference
– IBM WebSphere DataPower Low Latency Messaging Appliance XM70: Command
Reference
xxCommand Reference
v IBM WebSphere DataPower SOA Appliances: Extension Elements and Functions
Catalog
Provides programming information about the usage of DataPower XSLT
extension elements and extension functions.
Integration documentation
The following documents are available for managing the integration of related
products that can be associated with the DataPower appliance:
v IBM WebSphere DataPower SOA Appliances: Integrating with ITCAM
Provides concepts for integrating the DataPower appliance with IBM Tivoli
Composite Application Management for SOA.
v IBM WebSphere DataPower SOA Appliances: Integrating with WebSphere
Transformation Extender
Provides concepts for integrating the DataPower appliance with WebSphere
Transformer Extender.
v IBM WebSphere DataPower XML Integration Appliance XI50: WebSphere MQ
Interoperability
Explains the concepts and common use patterns for connecting DataPower
services to WebSphere MQ systems.
Problem determination documentation
v IBM WebSphere DataPower SOA Appliances: Problem Determination Guide
Provides troubleshooting and debugging tools.
Supplemental documentations
v IBM WebSphere DataPower SOA Appliances: Understanding Web Services Policy
Provides conceptual information about how the DataPower appliance can use
Web Services Policy (WS-Policy).
v IBM WebSphere DataPower SOA Appliances: Understanding WS-Addressing
Provides conceptual information about how the DataPower appliance can use
WS-Addressing.
v IBM WebSphere DataPower SOA Appliances: Understanding LTPA
Provides conceptual information about how the DataPower appliance can use
Lightweight Third Party Authentication.
v IBM WebSphere DataPower SOA Appliances: Understanding SPNEGO
Provides conceptual information about how the DataPower appliance can use
SPNEGO.
v IBM WebSphere DataPower SOA Appliances: Optimizing through Streaming
Provides conceptual information about and procedures for optimizing the
DataPower appliance through streaming.
v IBM WebSphere DataPower SOA Appliances: Securing the Last Mile
Provides conceptual information about and procedures for understanding the
DataPower appliance while securing the last mile.
v IBM WebSphere DataPower SOA Appliances: Configuring the DoD PKI
Provides conceptual information about and procedures for configuring the
DataPower appliance with Department of Defense Public Key Infrastructure.
Prefacexxi
Reading syntax statements
The reference documentation uses the following special characters to define syntax:
[]Identifies optional options. Options not enclosed in brackets are required.
...Indicates that you can specify multiple values for the previous option.
|Indicates mutually exclusive information. You can use the option to the left
of the separator or the option to the right of the separator. You cannot use
both options in a single use of the command.
{}Delimits a set of mutually exclusive options when one of the options is
required. If the options are optional, they are enclosed in brackets ([ ]).
When the order of the options or parameters must be used in a specific order, the
syntax statement shows this order.
Directories on the appliance
The file system contains many examples and critical configuration files. These
directories and their contents are as follows:
audit: This directory contains the audit logs. Each appliance contains only one
audit: directory. This directory cannot be the destination of a copy. This
directory is available from the command line in the default domain only.
To view the audit log from the WebGUI, select Status → View Logs → Audit
Log.
cert:This encrypted directory contains private key and certificate files that
services use in the domain. You can add, delete, and view files, but you
cannot modify these files while in the domain. Each application domain
contains one cert: directory. This directory is not shared across domains.
chkpoints:
This directory contains the configuration checkpoint files for the appliance.
Each application domain contains one chkpoints: directory. This directory
is not shared across domains.
config:
This directory contains the configuration files for the appliance. Each
application domain contains one config: directory. This directory is not
shared across domains.
dpcert:
This encrypted directory contains files that the appliance itself uses. This
directory is available from the command line in the default domain only.
export:
This directory contains the exported configurations that are created with
the Export Configuration utility. Each application domain contains one
export: directory. This directory is not shared across domains.
image: This directory contains the firmware images (primary and secondary) for
the appliance. This directory is where firmware images are stored typically
during an upload or fetch operation. Each appliance contains only one
image: directory. This directory is available in the default domain only.
local:This directory contains miscellaneous files that are used by the services
within the domain, such as XSL, XSD, and WSDL files. Each application
domain contains one local: directory. This directory can be made visible to
xxiiCommand Reference
other domains. When viewed from other domains, the directory name
changes from local: to the name of the application domain.
logstore:
This directory contains log files that are stored for future reference.
Typically, the logging targets use the logtemp: directory for active logs. You
can move log files to the logstore: directory. Each application domain
contains one logstore: directory. This directory is not shared across
domains.
logtemp:
This directory is the default location of log files, such as the
appliance-wide default log. This directory can hold only 13 MB. This
directory cannot be the destination of a copy. Each application domain
contains one logtemp: directory. This directory is not shared across
domains.
pubcert:
This encrypted directory contains the security certificates that are used
commonly by Web browsers. These certificates are used to establish
security credentials. Each appliance contains only one pubcert: directory.
This directory is shared across domains.
sharedcert:
This encrypted directory contains security certificates that are shared with
partners. Each appliance contains only one sharedcert: directory. This
directory is shared across domains. However, you must be in default
domain to create or upload keys and certificates.
store:This directory contains example style sheets, default style sheets, and
schemas that are used by the local appliance. Do not modify the files in
this directory.
Each appliance contains only one store: directory. By default, this directory
is visible to all domains. You can make changes to the contents of this
directory from the default domain only.
The store: directory has the following subdirectories:
metaThis encrypted subdirectory contains files that are used by the
appliance itself.
msgcat
This subdirectory contains the message catalogs.
policies
This subdirectory contains the following subdirectories. The
contents of these subdirectories affect Web services policy.
custom
This subdirectory contains custom style sheets.
mappings
This subdirectory contains mapping style sheets.
templates
This subdirectory contains XML files.
profiles
This subdirectory contains style sheets that are used by DataPower
services.
Prefacexxiii
schemas
dpThis encrypted subdirectory contains files that are used by the
pubcerts
tasktemplates:
This directory contains the XSL files that define the display of specialized
WebGUI screens. Each appliance contains only one tasktemplates: directory.
This directory is visible to the default domain only.
temporary:
This directory is used as temporary disk space by processing rules. Each
application domain contains one temporary: directory. This directory is not
shared across domains.
Object name conventions
The name must be unique in this object namespace. The following characters in an
object name are valid:
v a through z
v A through Z
v 0 through 9
v _ (underscore)
v - (dash)
v . (period)
This subdirectory contains schemas that are used by DataPower
services.
appliance itself. This subdirectory is available from the command
line only.
This encrypted subdirectory contains files that are used by the
appliance itself. This subdirectory is available from the command
line only.
Typeface conventions
The following typeface conventions are used in the documentation:
boldIdentifies commands, programming keywords, and GUI controls.
italicsIdentifies words and phrases used for emphasis and user-supplied
variables.
monospaced
Identifies user-supplied input or computer output.
xxivCommand Reference
Chapter 1. Initial login and common commands
This chapter provides an alphabetic listing of the commands that are available
before entering a specific configuration mode (available at initial login) and
commands that are available in most, if not all, configuration modes.
Initial login commands
For a list of the commands that are available after an initial login, refer to Table 1.
This table provides a listing of the available commands and their purpose. To
determine whether these commands are available to a specific user-type class after
an initial login, refer to Table 2.
Table 1. Initial login commands and their general purpose
CommandPurpose
1
alias
1
clock
configure terminalEnters Global configuration mode.
1
disable
disconnectCloses a user session.
echoEchoes text to the console.
enableEnters Privileged mode.
execCalls and runs a target configuration script from another
exitCloses the CLI connection.
helpDisplays online help.
loginLogs in to the appliance as a specific user.
1
ntp
pingDetermines if a target host is reachable on the network.
showDisplays configuration or status information
shutdown
2
switch domainMoves to a specified domain.
template
test schema
1
1
test tcp-connection
topReturns users to their initial log in mode.
traceroute
1
Creates a command macro.
Sets the date or time.
Enters User Mode.
configuration script.
Identifies an NTP server.
Restarts or shuts down the appliance.
Runs an interactive command line script.
Tests conformity of an XML file against a schema.
1
Tests the TCP connection to a remote host.
Traces the network path to a target host.
1
Also available in Global mode.
2
Also available in Flash configuration mode.
Table 2. Commands by type of user that are available after initial login
Commandadmin userPrivileged-type userUser-type user
Table 2. Commands by type of user that are available after initial login (continued)
Commandadmin userPrivileged-type userUser-type user
clockYesYesNo
configure terminalYesYesNo
disableYesYesNo
disconnectYesYesNo
echoYesYe sYes
enableNoNoYes
execYesYesNo
exitYesYe sYes
helpYe sYesYes
loginYesYesNo
ntpYesYesNo
pingYesYe sYes
showYesYesYes
shutdownYesYesNo
switchYesYe sYes
templateYesYe sYes
test schemaYe sYesYes
test tcp-connectionYesYesYe s
topYe sYesYes
tracerouteYe sYesYes
Common commands
For a list of the commands that are available in most configuration modes, refer to
Table 3. This table provides a listing of the available commands and their purpose.
Table 3. Common configuration commands and their general purpose
CommandPurpose
admin-stateSets the administrative state of an object.
cancelCancels changes to the current object and returns to the parent
disconnect
1
echo
1
exit
1
help
1
ping
resetRestores default values.
1,2
show
summarySpecifies a brief object-specific comment.
test tcp-connection
traceroute
configuration mode.
1
Closes a user session.
Echoes text to the console.
Applies changes to the current object and returns to the parent
configuration mode.
Displays online help.
Determines if a target host is reachable on the network.
Displays configuration information
1
Tests the TCP connection to a remote host.
1
Traces the network path to a target host.
2Command Reference
admin-state
Syntax
Parameters
Table 3. Common configuration commands and their general purpose (continued)
CommandPurpose
1
The command is also available after initial log in, which is before you explicitly enter
a configuration mode. To determine whether these commands are available to a
specific user-type class after an initial login, refer to Table 2 on page 1.
2
The output from the command differs when invoked after initial log in and when
invoked while in a configuration mode.
Sets the administrative state of an object.
admin-state {enabled | disabled}
enabled
(Default) Places an object in the enabled (active) state
disabled
Places an object in the disabled (inactive) state
alias
Guidelines
The admin-state command sets the administrative state of an object.
Administrative states are not equivalent to operational states. When an object has
an administrative state of enabled, its operational state might be up, down,or
pending. However, when an object has an administrative state of disabled, its
operational state is always down.
Examples
v Disables the object.
# admin-state disable
#
Creates a command macro.
Syntax
alias alias command
no alias alias
Parameters
aliasSpecifies the name of the object.
command
The name can contain a maximum of 32 characters. For restrictions, refer to
“Object name conventions” on page xxiv.
Specifies a sequence of commands and arguments.
Chapter 1. Initial login and common commands3
Guidelines
Also available in Global configuration mode.
If creating a macro that uses multiple commands, you can either
v Surround the string in quotes and separate commands with a semicolon. For
example:
alias eth0 "configure terminal; interface ethernet 0"
v Separate commands with an escaped semicolon. For example:
alias eth0 configure terminal\;interface ethernet0
Use the no alias command to delete a command macro.
Related Commands
show alias
Examples
v Creates an alias eth0. When invoked, moves to Interface configuration mode
(with the configure terminal and interface commands) for Ethernet Port 0.
# alias eth0 configure terminal\;interface eth0
Alias update successful
#
v Creates an alias mgmport. When invoked, moves to Interface configuration mode
with the configure terminal and interface commands) for Management Port 0.
# alias "mgtport configure terminal; interface management 0"
Alias update successful
#
v Creates an alias back2. When invoked, moves back two configuration modes. If
invoked from Validation Credentials configuration mode, moves to Global
configuration mode.
# alias back2 "exit; exit"
Alias update successful
#
v Creates an alias proxies. When invoked, displays information about XSL Proxy
objects.
# alias proxies show xslproxy
Alias update successful
#
v Creates an alias update-cfg. When invoked, restarts the appliance with an
updated configuration script.
# alias update-cfg configure terminal\;flash\;del config:runningconfig.cfg\;
copy http://10.10.1.1/configs/39.3.cfg config:///runningconfig.cfg\;
boot config runningconfig.cfg\;shutdown
Alias update successful
#
v Deletes the eth0 alias.
# no alias eth0
Alias 'eth0' deleted
#
cancel
Cancels changes to the current object and returns to the parent configuration mode.
4Command Reference
clock
Syntax
cancel
Guidelines
The cancel command cancels all configuration changes to the current object and
returns to the parent configure mode. This command is available in all
configuration modes except Interface configuration mode.
Related Commands
exit, reset
Examples
v Cancels the current configuration, which leaves the objects unchanged.
# cancel
#
Sets the date or time.
Syntax
clock yyyy-mm-dd
clock hh:mm:ss
Parameters
yyyy-mm-dd
Specifies the date in four-digit year, two-digit month, and two-digit day
format. When setting the date, separate each value with a hyphen (-).
hh:mm:ss
Specifies the time in two-digit hour, two-digit minute, and two-digit
second format. When setting the time, separate each value with a colon (:).
Guidelines
Also available in Global configuration mode.
Related Commands
ntp, show clock
Examples
v Sets the date to August 8, 2007.
# clock 2007-08-08
Clock update successful
#
v Sets the time to 8:31 PM.
# clock 20:31:00
Clock update successful
#
Chapter 1. Initial login and common commands5
configure terminal
Enters Global configuration mode.
Syntax
configure terminal
Guidelines
You use Global configuration mode to create system-wide resources that are
available to various system service, to configure global behaviors, and to enter
specialized configuration modes.
Related Commands
disable, exit
Examples
v Enters Global configuration mode.
# configure terminal
Global configuration mode
(config)#
diagnostics
disable
Enters Diagnostics mode.
Syntax
diagnostics
Guidelines
The diagnostics command enters Diagnostics mode.
Attention:Use this command only at the explicit direction of IBM Support.
Enters User Mode.
Syntax
disable
Guidelines
Also available in Global configuration mode.
Related Commands
enable, exit
Examples
v Exits privileged mode and enters User Mode.
# disable
Exiting privileged mode.
>
6Command Reference
disconnect
Syntax
Parameters
Guidelines
Related Commands
Examples
Closes a user session.
disconnect session
session Specifies the session ID.
The disconnect command closes a user session. Use the show users command to
display the list of active user sessions.
show users
v Closes the session that is associated with session ID 36..
# disconnnect 36
Session 36 closed.
#
echo
enable
Echoes text to the console.
Syntax
echo text
Parameters
textSpecifies the text to display.
Enters Privileged mode.
Syntax
enable
Guidelines
After entering the enable command, the CLI prompts for a user name and
password. Only authenticated users are allowed to enter Privileged Mode.
Use the disable command to exit Privileged Mode and enter User Mode.
Use the exit command to exit Privileged Mode and terminate the CLI connection.
Use Privileged Mode to provide initial access and to start and to shutdown the
appliance.
Chapter 1. Initial login and common commands7
exec
Related Commands
disable, exit
Examples
v Exits User Mode and enters Privileged Mode.
> enable
Username: admin
Password: ********
#
Calls and runs a target configuration script.
Syntax
exec URL
Parameters
URLIdentifies the location of the configuration file.
v If the file resides on the appliance, this parameter takes the form
directory:///filename, where:
directory
Identifies a local directory. Generally, the directory is one of the
following keywords:
– config
– local
Guidelines
The exec command enables the modularity of configuration scripts. For example,
you can include all service configuration commands in a script called services.cfg
and all Multi-Protocol Gateway configuration commands in the gateway.cfg script.
A main configuration script can consist entirely of a series of exec commands.
v If the file is remote and the transport protocol is HTTP, HTTPS, SCP, or
SFTP, this parameter takes one of the following forms:
– http://user:password@host/file
– https://user:password@host/file
– scp://user:password@host/file
– sftp://user:password@host/file
The host name can be specified as an IP address or as a qualified host
name when DNS services were previously enabled.
8Command Reference
exit
Applies changes to the current object and returns to the parent configuration
mode.
Syntax
exit
Guidelines
The exit command applies all changes made to the object to the running
configuration. To save these changes to the startup configuration, use the writemem command.
When issued from User Mode or Privileged Mode, the exit command closes the
CLI connection. In all other modes, the command returns to its parent mode. When
issued from the top most parent, the command closes the CLI connection.
Related Commands
cancel, disable, write mem (Global)
Examples
v Closes the CLI connection from User or Privileged Mode.
# exit
v Applies all changes made to the Crypto Validation Credentials object. Leaves
this Crypto Validation Credentials configuration mode, and returns to Crypto
configuration mode. Leaves Crypto configuration mode and returns to Global
configuration mode. Persists the changes made to all object during this session
to the startup configuration. Closes the CLI connection.
v Displays a list of commands available in Privileged Mode.
# help
v Displays help for the shutdown command.
# help shutdown
Specifies the command name.
Chapter 1. Initial login and common commands9
login
v Displays help for the shutdown command.
# ? shutdown
Logs in to the appliance as a specific user.
Syntax
login
Guidelines
After entering the login command, the CLI prompts for a username and password.
User accounts log in to User Mode, while admin, privileged accounts, and
group-specific accounts log in to Privileged Mode.
After your initial log in, the CLI prompts you to change your password.
Related Commands
username
Examples
v Logs in as support (a privileged account).
# login
Username: support
Password: ********
#
v Logs in as eugene (a user account).
# login
Username: eugene
Password: ********
>
ntp
Identifies an NTP server.
Syntax
ntp server [interval]
no ntp
Parameters
serverSpecifies the IP address or host name.
interval
Specifies the number of seconds between synchronizations with the NTP
server. The default is 900.
Guidelines
Also available in Global configuration mode.
10Command Reference
Use the ntp command to identify the NTP (Network Time Protocol) server. After
identifying an NTP server, the appliance functions as a Simple Network Time
Protocol (SNTP) client as described in RFC 2030.
Note: From the CLI, the appliance supports the configuration of only one NTP
server. Although the CLI supports only one NTP server, you can use the
WebGUI to identify multiple NTP servers. When more than one NTP server
is identified, the appliance contacts the first NTP server in the list. If this
server does not respond, the appliance contacts the next server in the list. If
you used the WebGUI to identify more than one NTP server, do not use the
CLI to modify the NTP service. Using the ntp command replaces the entire
list with the one identified NTP server.
Related Commands
clock, show ntp-service, show ntp-refresh, time
Examples
v Identifies 10.10.12.13 as the NTP server. Uses the default synchronization
interval.
# ntp 10.10.12.13
Modifying NTP Service configuration
#
v Replaces 10.10.12.13 with 10.10.12.14 as an NTP server. Sets the synchronization
interval to every 2 minutes.
# ntp 10.10.12.13 120
Modifying NTP Service configuration
#
v Deletes the configured NTP server.
#nontp
Modifying NTP Service configuration
%No NTP servers are configured
#
ping
Determines if a target host is reachable on the network.
Syntax
ping host
Parameters
hostSpecifies the target host. Use either the IP address or host name.
Guidelines
The ping command sends 6 Internet Control Message Protocol (ICMP)
echo-request messages to the specified host with a one second interval between
each message and reports the results.
Related Commands
ip host, ip name-server, test tcp-connection, traceroute
Chapter 1. Initial login and common commands11
reset
Examples
v Pings ragnarok.
# ping ragnarok
v Pings 192.168.77.144.
# ping 192.168.77.144
Restores default values.
Syntax
reset
Guidelines
The reset command sets mode-specific properties to their default values. Properties
that lack default values, are unchanged.
Default values assigned by the reset command are not applied until the user uses
the exit command to save changes and exit the current configuration mode.
Related Commands
cancel, exit
show
Examples
v Restores default values for the object and returns to Global configuration model.
# reset
# exit
#
Displays configuration or status information
Syntax
show [ arguments ]
Parameters
arguments
Specifies the specific configuration object or status object.
Guidelines
The show command displays configuration information or status information that
is relevant to the provided argument. In the absence of an argument, the result
differs depending on where you invoked the command.
v Within the initial login, displays a list of available arguments.
v Within a configuration mode, list the currently configured properties of that
object.
For information about using the various show command, refer to Chapter 114,
“Monitoring commands,” on page 949.
12Command Reference
shutdown
Syntax
Parameters
Guidelines
Restarts or shuts down the appliance.
shutdown reboot [seconds]
shutdown reload [seconds]
shutdown halt [seconds]
reboot Shuts down and restarts the appliance.
reload Restarts the appliance.
haltShuts down the appliance.
seconds
Specifies the number of seconds before the appliance starts the shutdown
operation. Use an integer in the range of 0 through 65535. The default is
10.
Also available in Flash configuration mode.
The appliance restarts using the startup configuration specified by the boot config
command and the startup firmware image specified by the boot image command.
If a startup configuration or firmware image has not been designated, the
appliance restarts with the configuration and firmware image that were active
when the shutdown command was executed.
Related Commands
boot config, boot image
Examples
v Shuts down and restarts the appliance after 10 seconds.
# shutdown reboot
Reboot in 10 second(s).
#
v Restarts the appliance after 20 seconds.
# shutdown reload 20
Reload in 20 second(s).
#
v Shuts down the appliance after 60 seconds.
# shutdown halt 60
Shutdown in 60 second(s).
#
summary
Specifies a brief, object-specific comment.
Chapter 1. Initial login and common commands13
Syntax
Parameters
Guidelines
Examples
switch domain
Syntax
Parameters
summary string
stringSpecifies descriptive text for the object.
The summary command specifies a brief, object-specific comment. If the comment
contains spaces, enclose the comment in double quotation marks.
v Adds an object-specific comment.
# summary "Amended server list"
Moves to a specified domain.
switch domain [domain]
template
domain Specifies the name of the target domain.
Guidelines
In the absence of a specified target domain, the command prompts for the domain
name.
Related Commands
domain
Examples
v Switches from the default domain to the application-1 domain.
v Displays the list of available domains and switches from the application-1
domain to the default domain.
[application-1](config)# switch domain
Domain (? for all): ?
application-1
default
Domain (? for all): default
(config)#
Runs an interactive command line script.
Syntax
template URL
14Command Reference
Parameters
URLSpecifies the fully-qualified location of the interactive command line script.
Guidelines
Also available in Global configuration mode.
The template command specifies the URL of the interactive command line script.
The script is an XML file that can be local or remote to the DataPower appliance.
The script must conform to the store:///schemas/dp-cli-template.xsd schema.
To verify whether the script is conformant with the schema, use the test schema
command.
Related Commands
test schema
Examples
v Verify that local:///shell-script.xml conforms to the store:///schemas/dp-
cli-template.xsd schema.
# test local:///shell-script.xml store:///schemas/dp-cli-template.xsd
#
v Runs the interactive script as defined in the local:///shell-script.xml file.
# template local:///shell-script.xml
#
test schema
Syntax
Parameters
Guidelines
Examples
Tests conformity of an XML file against a schema.
test schema file schema
fileSpecifies the URL of the XML file to test.
schema Specifies the URL of the schema.
Also available in Global configuration mode.
The test schema command tests the conformity of an XML file against an XSD
schema file.
v Tests conformity of the xyzbanner.xml XML file against the dp-user-
interface.xsd schema.
# test schema store:///xyzbanner.xml store:///schemas/dp-user-interface.xsd
Performing validation of document 'store:///xyzbanner.xml' using
schema 'store:///schemas/dp-user-interface.xsd' ...
Document validation completed: OK.
#
Chapter 1. Initial login and common commands15
test tcp-connection
Tests the TCP connection to a remote appliance.
Syntax
test tcp-connection host port [timeout]
Parameters
hostSpecifies the target host. Use either the IP address or host name.
portSpecifies the target port.
timeout
Guidelines
Also available in Global configuration mode.
Related Commands
ip host, ip name-server, ping, traceroute
Examples
v Confirms an available TCP connection to the specified host on port number 80
(the well-known HTTP port), using the default timeout value (10 seconds).
# test tcp-connection ragnarok 80
TCP connection successful
#
v Confirms an available TCP connection to the specified IP address on port 21 (the
well-known FTP control port). The timeout value is 5 seconds.
# test tcp-connection 192.168.77.27 21 5
TCP connection successful
#
Specifies an optional timeout value, the number of seconds that the CLI
waits for a response from the target host. The default is 10.
top
Returns users to their initial log in mode.
Syntax
top
Guidelines
Regardless of the current location in the configuration modes, the top command
immediately returns you to your original login mode.
For custom accounts, top returns to the user-group-specific login mode.
Related Commands
usergroup
16Command Reference
Examples
traceroute
Syntax
Parameters
Guidelines
Related Commands
v Returns the user, either the admin account or a privileged account, to Privileged
Mode, the user-specific login mode.
(config crypto-val-credentials)# top
#
Traces the network path to a target host.
traceroute host
hostSpecifies the target host as either the IP address or host name.
Also available in Global configuration mode.
ip host, ip name-server, ping, test tcp-connection
Examples
v Confirms an available TCP connection to loki .
# traceroute loki
Chapter 1. Initial login and common commands17
18Command Reference
Chapter 2. Global configuration mode
You use Global configuration mode to create system-wide resources that are
available to various system services, to configure global behaviors, and to enter
specialized configuration modes.
This chapter provides an alphabetic listing of commands that are available in
Global configuration mode. Many of the commands that are listed in “Common
commands” on page 2 and most, but not all, of the commands that are listed in
Chapter 114, “Monitoring commands,” on page 949 are also available in Global
configuration mode.
aaapolicy
Enters AAA Policy configuration mode.
Syntax
aaapolicy name
no aaapolicy name
Parameters
nameSpecifies the name of the object.
The name can contain a maximum of 32 characters. For restrictions, refer to
“Object name conventions” on page xxiv.
Guidelines
The aaapolicy command enters AAA (Authentication, Authorization, Audit)
configuration mode where you can create or modify an AAA Policy.
Use the no aaapolicy command to delete an AAA Policy.
Use the cancel or exit commands to exit AAA Policy configuration mode and
return to Global configuration mode.
Available only when the appliance is in Common Criteria mode.
Guidelines
The account command defines whether to lock out a local user account after a
specific number of failed login attempts and, if lockout is enabled, the duration to
lock out the local account. To enable lockout behavior and define the duration to
lock out the account requires two invocations of the account command.
v An invocation with the max-login failure parameter defines the number of
failed login attempts to permit before a successful login. If the value is 3 and the
user has failed three consecutive login attempts, the behavior on the next login
attempt for this user is as follows:
– If failure, the account is locked out. The duration of the lockout depends on
the value defined by the lockout-duration parameter.
– If successful, the account is not locked out and the count is reset.
If the value is 0, lockout behavior is disabled. Repeated successive login failures
by a user do not cause lockout of that account.
v An invocation with the lockout-duration parameter defines the duration to lock
out an account after exceeding the permitted number of failed login attempts
defined by the invocation with the max-login failure command. Instead of
locking out an account for a specific duration, the account can be locked out
until re-enabled by a privileged administrator. To lock out accounts until reset,
set the duration to 0.
When lockout behavior is enabled and an account is locked out, a privileged
administrator can use the Global reset username command to re-enable the
account. To re-enabled the account
1. The administrator will change the password on the account with the reset
2. The user will be prompted to again change the password on initial login.
Specifies the number of minutes to lock out an account after exceeding the
maximum number of failed login attempts. A value of 0 indicates that
accounts are locked out until reset by a privileged administrator. Use an
integer in the range of 0 through 1000. The default is 1.
Specifies the maximum number of failed login attempts to allow before
lockout. A value of 0 disables account lockout. Use an integer in the range
of 0 through 64. The default is 3.
username command.
Note: The account command applies to all accounts including the admin account.
The only difference is that the admin account cannot be locked out until
reset. When the duration is 0, the admin account is locked out for 120
minutes or until re-enabled by another administrator.
Related Commands
reset username
20Command Reference
acl
Examples
v Enables lockout behavior for accounts that on the fifth login failure, the account
is locked out locked out until reset by a privileged administrator:
Enters Access Control List configuration mode for a specified service provider.
Syntax
acl name
acl ssh
acl web-mgmt
acl xml-mgmt
no acl name
Parameters
nameSpecifies the name of an object-specific or standalone ACL.
sshIdentifies the SSH service. In this case, the command enters ACL
web-mgmt
xml-mgmt
Guidelines
While in Access Control List configuration mode, you can configure an ACL for a
specific service provider or for later assignment to a service provider.
v Can be the name of the service provider (for example, the name of a
DataPower service or the name of a CLI Telnet service) in which case the
enters Access Control List configuration mode to create an object-specific
ACL.
v Can be the name of a standalone ACL, which can later be assigned to a
service provider, or to any of the Protocol Handler types.
The name can contain a maximum of 128 characters. For restrictions,
refer to “Object name conventions” on page xxiv.
configuration mode to create an SSH-specific ACL.
Identifies the WebGUI Management Interface. In this case, the command
enters ACL configuration mode to create a WebGUI Management
Interface-specific ACL.
Identifies the XML Management Interface. In this case, the command enters
ACL configuration mode to create an XML Management Interface-specific
ACL.
An ACL contains one or more clauses. Each clause consists of an IP address range
that is defined by an IP address and net mask and a Boolean value (ALLOW or DENY).
IP addresses are evaluated against each clause in the order in which they are in the
Chapter 2. Global configuration mode21
list. A candidate address is denied or granted access to the service provider in
accordance with the first matching clause. Consequently, the order of clauses is
important in an Access Control List.
Use the no acl command to delete a named ACL.
Use the exit command to exit Access Control list configuration mode and return to
Global configuration mode.
Related Commands
cancel, exit, ssh, xml-mgmt
Examples
v Enters Access Control list configuration mode to create the ACL-1 standalone
ACL.
# acl ACL-1
ACL configuration mode
#
v Deletes the standalone ACL-1 ACL.
# no acl ACL-1
#
v Enters ACL configuration mode for the SSH service.
nameSpecifies the name of the Application Security Policy.
Guidelines
The application-security-policy command enters Application Security Policy
configuration mode to create a named Application Security Policy. A Web
Application Firewall can use this Application Security Policy.
Use the no application-security-policy command to delete an Application Security
Policy.
Use the cancel or exit commands to exit Application Security Policy configuration
mode and return to Global configuration mode.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Related Commands
cancel, exit
24Command Reference
audit delete-backup (Common Criteria)
Deletes the archived version of the audit log.
Syntax
audit delete-backup
Context
Available only when the appliance is in Common Criteria mode.
Guidelines
The audit delete-backup command deletes the audit:///audit-log.1 file. This file is
the archived version of the audit log and is created when the log reaches When the
size of the audit log, the audit:///audit-log file, reaches approximately 250
kilobytes, the appliance save this file as the audit:///audit-log.1 file, which
overwrites the previous version of the audit:///audit-log.1 file.
After invoking the command, the interface prompts for confirmation.
audit level (Common Criteria)
Sets the audit level of the firmware.
Syntax
audit level {full | standard}
Parameters
full(Default) Audits the standard set of events and decisions on information
flow.
standard
Audits the standard set of events only. Does not audit decisions on
information flow.
Context
Available only when the appliance is in Common Criteria mode.
Guidelines
The audit level command sets the audit level of the firmware.
v When full auditing is not strictly required, set the level to standard.
v When corporate or business security policies require full auditing, set the level
to full. This audit level impacts performance.
audit reserve (Common Criteria)
Reserves disk space for the audit log.
Syntax
audit reserve kilobytes
Chapter 2. Global configuration mode25
Parameters
kilobytes
Context
Available only when the appliance is in Common Criteria mode.
Available only to privileged users in the default domain.
Guidelines
The audit reserve command specifies the amount of disk space in kilobytes to
reserve for the audit log. Use this command to alter the amount of disk space to
reserve to prevent the loss of audit events in case of a full disk. This function is
disabled if the value is 0.
If the appliance is forced to release the audit reserve:
v All data services will be forced into an operational down state and cease to
process traffic.
v All administrative services, such as the WebGUI, Telnet, and so forth, will
continue to work.
Specifies the amount of disk space in kilobytes to reserve for the audit log.
The reserve space must be at least four kilobytes less than the total amount
of free space that is currently available on the file system. Use an integer in
the range of 0 through 10000. The default is 40.
cache schema
Syntax
Parameters
When the appliance forces the release, the log will contain a message that states
that the disk space for audit events is low.
Before restoring the appliance to service, a privileged administrator needs to free
up disk space. When there is enough available disk space for normal operations,
the administration can restart the appliance, which will resume the processing of
traffic.
Loads a compiled schema to the schema cache of a specific XML Manager.
In addition to using the clear pdp cache command to explicitly clear the
PDP-specific XACML policy cache, you can use the following WebGUI properties
to control XACML policy cache.
Specify the TTL for the PDP
During PDP configuration, use the cache-ttl command to specify a cache
lifetime.
Use the XML Manager
When the PDP is for authorization, users can access the XML Manager that
Chapter 2. Global configuration mode29
Use a URL Refresh Policy
Examples
v Clears the XACML policy cache of the PDP-orderEntry PDP.
is associated with the AAA Policy with the clear xsl cache command. This
command clears the compiled XACML policies in the XML Manager that is
referenced by the AAA Policy.
You can use a URL Refresh Policy whose match conditions match the
internal URL xacmlpolicy:///pdpName to perform periodic cache refreshes.
v When PDP TTL is 0, the URL Refresh Policy controls cache refresh.
v When the URL Refresh Policy is the no-cache type, XACML policies are
never cached.
v When the URL Refresh Policy is the protocol-specified type, the TTL of
the PDP governs cache refresh unless its value is 0.
v When the URL Refresh Policy is the default type with a refresh interval
setting, the TTL of the PDP is ignored, and the URL Refresh Policy
refresh interval governs cache refresh.
v When the URL Refresh Policy is the no-flush type with a refresh interval
setting, the greater of the URL Refresh Policy refresh interval or the TTL
of the PDP governs cache refresh.
clear rbm cache
Syntax
Examples
clear xsl cache
Syntax
Parameters
Clears all cached role-based management (RBM) authentication data.
clear rbm cache
v Clears cached RBM authentication data.
# clear rbm cache
Cleared RBM cache
#
Clears the stylesheet cache of a specific XML Manager.
clear xsl cache XML-manager
XML-manager
Specifies the name of an XML Manager.
Related Commands
cache stylesheet xsl, cache size
30Command Reference
Examples
cli remote open
Syntax
Parameters
Guidelines
v Clears the stylesheet cache of the mgr1 XML Manager.
Establishes a TCP/IP connection to a specific remote host.
cli remote open address port
address Specifies the IP address of the remote host.
portIdentifies the port on the remote host that monitors CLI traffic. Use an
integer in the range of 0 through 65535.
The cli remote open command establishes a TCP/IP session between the appliance
and a remote site, but only at explicit initiation of an the admin or a privileged
user. This command does not provide a back door to the appliance.
cli telnet
This command provides a command shell to a remote host that allows offsite
technicians to access a appliance that is protected by a firewall or other security
measures.
This command provides the same function as the cli telnet command, but provides
the function from a remote host.
Related Commands
cli telnet
Examples
v Establishes an appliance-initiated TCP/IP connection between the DataPower
appliance and the remote host (192.168.32.101:64999) and provides the remote
host with a command shell.
# cli remote open 192.168.32.101 64999
#
Enters Telnet Service configuration mode, or creates a Telnet service for
client-initiated access to the command line.
Syntax
cli telnet name
cli telnet name [0 | telnetServerIP] telnetServerPort [telnetClientIP clientMask]
no cli telnet name
Chapter 2. Global configuration mode31
Parameters
nameSpecifies the name of the Telnet service.
telnetServerIP
0Indicates a wildcard that specifies all DataPower IP addresses.
telnetServerPort
telnetClientIP
clientMask
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Specifies the IP address (either primary or secondary) of a DataPower
Ethernet interface. In conjunction with the port, identifies the IP address
and port that the Telnet service monitors.
Identifies a port on one or all IP interfaces. Use an integer in the range of 0
through 65535. In conjunction with IP address of the server, identifies the
appliance IP addresses and port that the Telnet service monitors.
Optionally identifies the IP address. In conjunction with the client mask,
defines a contiguous range of IP addresses that are granted client access to
the Telnet service.
Identifies the network portion of the client IP address. The client mask can
be expressed in CIDR (slash) format or in dotted decimal format.
Guidelines
Without the telnetClientIP and clientMask arguments, client access to the Telnet
service is unrestricted. To restrict access to a noncontiguous IP address range,
compile an ACL with the acl, allow, and deny commands.
Note: Telnet is an unsecure protocol and should be used with extreme caution.
Telnet should be enabled only on the trusted management port or on a
secure network segment.
Use the no cli telnet command to delete a Telnet service.
Related Commands
acl, allow, deny
Examples
v Enters Telnet Service configuration mode to create the telnet-1 service.
# cli telnet telnet-1
Telnet Service configuration mode
#
v Creates the support Telnet service on 192.168.14.12:23. Access is restricted to the
# no cli telnet support
Deleted cli telnet handler
#
compact-flash (Type 9235)
Enters Compact Flash configuration mode.
Syntax
compact-flash name
Parameters
nameSpecifies the name of the existing compact flash volume. For appliances
that have a compact flash for auxiliary data storage, the name is cf0.
Guidelines
The compact-flash command enters Compact Flash configuration mode for an
existing compact flash enabled appliance. For appliances that have a compact flash
for auxiliary data storage, the name is cf0.
Examples
v Enters Compact Flash configuration mode for volume cf0.
nameSpecifies the name of the existing compact flash volume. For appliances
that have a compact flash for auxiliary data storage, the name is cf0.
Guidelines
The compact-flash-initialize-filesystem command initializes the file system on the
compact flash to allow it to be made active. This action destroys the existing
contents of the compact flash storage card.
Examples
v Makes a new file system on the cf0 compact flash volume.
# compact-flash-initialize-filesystem cf0
compact-flash-repair-filesystem (Type 9235)
Repairs the file system.
Chapter 2. Global configuration mode33
Syntax
Parameters
Guidelines
Examples
compile-options
Syntax
compact-flash-repair-filesystem name
nameSpecifies the name of the existing compact flash volume. For appliances
that have a compact flash for auxiliary data storage, the name is cf0.
The compact-flash-repair-filesystem command repairs the file system on the
compact flash storage card, in case it was corrupted by an abnormal shutdown of
the appliance or other error.
v Repairs the file system on the cf0 compact flash volume.
# compact-flash-repair-filesystem cf0
Enters Compile Options Policy configuration mode.
compile-options name
no compile-options name
Parameters
nameSpecifies the name of the Compile Options Policy.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
Profiling results are available with the show profile command, from the WebGUI
(Status → Stylesheet Profiles), or from the XML Management Interface.
Note: After a style sheet is compiled with profiling enabled, it must be flushed
from the cache to disable profiling.
Use the no compile-options command to delete a Compile Options Policy.
Use the cancel or exit command to exit Compile Options Policy configuration
mode and return to Global configuration mode.
Refer to Appendix D, “Compile Options Policy configuration,” on page 1007 for
details about creating a Compile Option Policy.
Related Commands
cancel, exit, show profile, xslconfig
34Command Reference
conformancepolicy
Enters Conformance Policy configuration mode.
Syntax
conformancepolicy name
no conformancepolicy name
Parameters
nameSpecifies the name of the Conformance Policy.
Guidelines
Use the conformancepolicy command to enter Conformance Policy configuration
mode to create or edit a Conformance Policy. A Conformance Policy is used by a
conformance filter or a conformance transform.
v For a conformance filter, define a filter action that uses the store:///
conformance-filter.xsl style sheet and specifies the named Conformance
Policy.
v For a conformance filter, define a transform (xform) action that uses the
store:///conformance-xform.xsl style sheet and specifies the named
Conformance Policy.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
copy
A Conformance Policy supports the following profiles:
v Web Services Interoperability (WS-I) Basic Profile, version 1.0. The
documentation is available at the http://www.ws-i.org/Profiles/BasicProfile-
1.0.html site.
v WS-I Basic Profile, version 1.1. The documentation is available at the
http://www.ws-i.org/Profiles/BasicProfile-1.1.html site
v WS-I Attachments Profile, version 1.0. The documentation is available at the
Use the no conformancepolicy command to delete a Conformance Policy.
Use the cancel or exit command to exit Conformance Policy configuration mode
and return to Global configuration mode.
Related Commands
cancel, exit
Copies a file to or from the DataPower appliance.
Syntax
copy [-f] source destination
Chapter 2. Global configuration mode35
Parameters
-fOverwrites an existing file, if one of the same name already exists. In the
source and destination
absence of this argument, an attempt to save a file with the same name as
an existing file will result in a prompt that requests confirmation to
overwrite the existing file.
Specifies the URLs that identify the source file and target destination,
respectively.
v If the source file or target destination reside on the appliance, these
arguments take the following form:
directory:///filename
directory
Specifies a directory on the appliance. Refer to “Directories on
the appliance” on page xxii for details.
filename
Specifies the name of a file in the specified directory.
v If the source file or target destination is remote to the DataPower
appliance and the transport protocol is SCP or SFTP, these arguments
take the form that is compliant with RFC 1738.
The copy command transfers files to or from the DataPower appliance. You must
issue this command from the appliance. When the source file or target destination
is remote to the appliance, this command supports only the following protocols:
v HTTP
v HTTPS
v Secure Copy (SCP)
v Secured File Transfer Protocol
To send a file from the appliance as an email, use the Global send file command.
When using the copy command, be aware of the following restrictions:
v You cannot copy files from the cert: directory
v You cannot copy files to the audit:, logstore:, or logtemp: directory.
To use a path that is relative to the user's home directory:
Access Manager key database and key stash files are placed in
the cert: directory when created. This directory does not allow files to be
moved out of it.
By selecting to create copies of the created files, a copy of the key database
and stash files will be placed in the temporary: directory, and can be
downloaded off of the appliance.
onPlaces copies in the temporary: directory.
off(Default) Does not place copies in the temporary: directory.
fileSpecifies the name to use for the created files. Do not provide a file
extension. By default, the configuration files are stored in the local:
directory and have the .conf extension. In addition to the configuration
files, this file name is the base file name for the TAM key file (.kdb
extension) and TAM stash files (.sth extension). The key file and stash file
are stored in the cert: directory.
adminSpecifies the user name of the TAM administrator. The default is
sec_master.
password
Specifies the password for the TAM administrator.
tam-domain
Specifies the name of the TAM domain. The specified domain is the TAM
domain to which the TAM client authenticate and use at runtime. The
default is Default.
application
Specifies the name of the TAM application. The specified name is
combined with the host name of the appliance to create a unique identifier
for objects that are created for the TAM client.
hostSpecifies the host name or IP address of the TAM policy server.
portSpecifies the port on which the TAM policy server listens for requests. The
default is 7135.
ssl-key-expiry
Specifies the duration, in days, for which the SSL key file for the TAM
client is valid. When the key expires, a new key must be generated for the
TAM client. Valid range is 1 through 7200. The default is 183.
ssl-timeout
Specifies the wait period, in seconds, that the TAM client waits for a
response to an SSL request from the TAM policy server. Valid range is 1
through 30. The default is 30.
ldap-host
Specifies the host name of the LDAP server that is the user registry for the
TAM environment.
ldap-port
Specifies the port on which the LDAP server listens for requests. The
default is 389.
ldap-password
Specifies the password for the distinguished name (DN) used to sign on
(bind) to the LDAP server.
38Command Reference
ldap-auth-timeout
ldap-search-timeout
use-ldap-cache
ldap-user-cache-size
ldap-policy-cache-size
Guidelines
Use the create-tam-files command to create the configuration files needed to create
a TAM object. The configuration files specify the network and security
configuration for the policy server, replica authorization servers, and the LDAP
(directory) server.
Specifies the timeout, in seconds, that is allowed for LDAP authentication
operations. There is no range limit. The default is 30.
Specifies the timeout, in seconds, that is allowed for LDAP search
operations. There is no range limit. The default is 30.
Indicates whether to enable client-side caching. Enabling client-side
caching can improve performance for similar LDAP queries.
When client-side caching is enabled, specifies the number of entries in the
LDAP user cache. The default is 256.
When client-side caching is enabled, specifies the number of entries in the
LDAP policy cache. The default is 20.
crypto
This command creates the following files:
v Client configuration file
v Key database file
v Key stash file
v Client obfuscation file (TAM version 5.1 and above)
The created files are named using the output file parameter. If TAM files are
created with app1 as the output file name parameter, the created files are
app1.conf, app1.kdb, app1.sth, and appl.conf.obf (Tivoli Access Manager version
5.1 and above).
The configuration and obfuscation files are written to the local: directory, and the
key database and stash files are written to the cert: directory.
Related Commands
cancel, exit, tam
Enters Crypto configuration mode.
Syntax
crypto
Guidelines
Use the exit command to exit Crypto configuration mode and return to Global
configuration mode.
Chapter 2. Global configuration mode39
delete
Related Commands
exit
Deletes a file from the DataPower appliance.
Syntax
delete URL
Parameters
URL
Specifies a URL of the file to delete. This argument take the
directory:///filename form, where:
directory
Specifies a directory on the appliance. Refer to “Directories on the
appliance” on page xxii for details.
filename
Specifies the name of a file in the specified directory.
Guidelines
The delete command deletes a file on the DataPower appliance. The deletion of a
file is permanent. After a file is deleted, it cannot be recovered.
Note: The delete command does not prompt for confirmation. Be certain that you
Related Commands
copy, dir, move
Examples
v Deletes the startup-config-deprecated file from the store: directory.
# delete store:\\\startup-config-deprecated
#
v Deletes the betaImage file from the image: directory.
# delete image:\\\betaImage
#
deployment-policy
Enters Deployment Policy configuration mode.
Syntax
deployment-policy name
no deployment-policy name
want to delete the file before issuing this command.
Parameters
nameSpecifies the name of the Deployment Policy.
40Command Reference
dir
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
Use the deployment-policy command to enter Deployment Policy configuration
mode to create or edit a Deployment Policy.
Use the cancel or exit command to exit Deployment Policy configuration mode
and return to Global configuration mode.
Use the no deployment-policy command to delete a Deployment Policy.
Related Commands
cancel, exit
Displays the contents of a directory.
Syntax
dir directory
Parameters
directory
Specifies a directory on the appliance. Refer to “Directories on the
appliance” on page xxii for details.
Use the disable command to exit Global configuration mode and enter User mode.
Use the exit command to exit Global configuration mode and enter Privileged
mode.
Also available in Privileged mode.
Related Commands
enable, exit
Examples
v Exits Global configuration mode and enters User Mode.
# disable
>
v Exits Global configuration mode and enters Privileged Mode.
# exit
#
dns
Enters DNS Settings configuration mode.
Syntax
dns
no dns
Guidelines
Use the no dns command to disable DNS services.
Use the exit or cancel command to exit DNS Settings configuration mode and
return to Global configuration mode.
Related Commands
cancel, exit, ip domain, ip host, ip name-server
Examples
v Enters DNS Settings configuration mode.
# dns
DNS Settings configuration mode
#
v Disables DNS services.
42Command Reference
#nodns
#
document-crypto-map
Enters Document Crypto Map configuration mode.
Syntax
document-crypto-map name
no document-crypto-map name
Parameters
nameSpecifies the name of the Document Crypto Map.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
Use the no document-crypto-map command to delete a Document Crypto Map.
Use the exit or cancel command to exit Document Crypto Map Mode and return
to Global configuration mode.
Related Commands
documentcache
Syntax
Parameters
Guidelines
cancel, exit
Enters Document Cache configuration mode for a specific XML Manager
documentcache XML-manager
XML-manager
Specifies the name of an XML Manager.
By default, document caching is disabled. Document caching enables an XML
Manager to cache any document that is through HTTP.
In Document Cache configuration mode, you can:
v Enable and specify the size of the document cache
v Design cache policies that determine which documents will be cached and how
long they will be retained in the cache
v Delete cache policies
v Clear specific documents or all documents from the document cache.
Use the exit command to exit Document Cache configuration mode and enter
Global configuration mode.
Chapter 2. Global configuration mode43
domain
Related Commands
exit
Enters Application Domain configuration mode.
Syntax
domain name
no domain name
Parameters
nameSpecifies the name of the application domain.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
The domain command enters Application Domain configuration mode to create a
new Application Domain object or to modify an existing Application Domain
object. While in this configuration mode, use the mode-specific commands to
define the configuration of the Application Domain object.
To delete an Application Domain object, use the no domain command.
To exit this configuration mode without saving configuration changes to the
running configuration, use the cancel command.
To exit this configuration mode and save configuration changes to the running
configuration, use the exit command.
Related Commands
cancel, exit
failure-notification
Enters Failure Notification configuration mode.
Syntax
failure-notification
no failure-notification
Guidelines
Use the no failure-notification command to disable failure reporting. By default,
failure reporting is disabled.
Use the cancel or exit command to exit Failure Notification configuration mode
and enter Global configuration mode.
44Command Reference
Related Commands
file-capture
Syntax
Parameters
cancel, exit, send error-report
Controls the file capture trace utility.
file-capture {always | errors | off}
always
Enables the file capture trace utility and provides a trace of all appliance
traffic.
errors Enables the file capture trace utility and provides a trace for failed
transactions only.
off
Guidelines
The file-capture command enables or disables the file capture trace facility. File
captures facilitate visibility into erroneous XML or XSLT content as well as provide
a record of the sources of erroneous content.
To support file capture, the appliance document trace function creates a RAM-disk
to house a WebGUI-accessible virtual file system for tracing all traffic through the
appliance. Each transaction appears in a file hierarchy broken down according to
the semantics of its URL (that is, a directory for the hostname portion and a
directory for each slash portion of the URL) and then further by individual
transaction.
Each transaction that represents a transformation stores not only the inputs, but
information on style sheets, and disposition of the transformation.
Documents are stored in compressed format to reduce byte count. Should
documents need to be removed from the RAM-disk space they will be removed on
a FIFO basis.
While browsing the virtual file system repository via the WebGUI, any point in the
directory hierarchy can be downloaded either as a tar ball or a zip file.
(Default) Disables the file capture trace utility.
Note: With file capture enabled (either always or errors), significant performance
penalties are imposed. Consequently, file capture should be enabled only in
test environments, not in production environments.
Related Commands
packet-capture
Examples
v Enables the file capture trace utility for failed transactions only.
# file-capture errors
File capture mode set to errors
#
Chapter 2. Global configuration mode45
v Disables the file capture trace utility, which restores the default state.
# file-capture off
File nature mode set to off
#
flash
Enters Flash configuration mode.
Syntax
flash
Guidelines
Use the exit command to exit Flash configuration mode and enter Global
configuration mode.
Related Commands
exit
ftp-quote-command-list
Enters FTP Quoted Commands List configuration mode.
Syntax
Parameters
Guidelines
Related Commands
host-alias
ftp-quote-command-list name
no ftp-quote-command-list name
nameSpecifies the name of the FTP quoted command list.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Use the no ftp-quote-command-list command to delete an a FTP quoted
commands list.
Use the cancel or exit command to exit FTP Quoted Commands List configuration
mode and enter Global configuration mode.
cancel, exit
Enters Host Alias configuration mode to map an IP address to an alias.
Syntax
host-alias alias
no host-alias alias
46Command Reference
httpserv
Parameters
aliasSpecifies the alias to assign to the specified IP address.
Guidelines
Use the no host-alias command to remove an alias map.
Related Commands
cancel, exit
Enters HTTP Server configuration mode.
Syntax
httpserv name
httpserv name address port
no httpserv name
Parameters
nameSpecifies the name of the HTTP server.
address Specifies the IP address of the appliance interface that, in conjunction with
portSpecifies the port of the appliance interface that, in conjunction with the IP
Guidelines
You can use either of two forms of the httpserv command to create an HTTP
server.
v The single-command form, creates a basic HTTP server that serves documents
only from the general user storage (store:) area.
If you wish to restrict access to an HTTP server, you can compile an ACL using
the acl, allow, and deny commands.
v The multi-command form, creates an HTTP server capable of serving documents
from other local storage areas, and provides the ability to add optional features
such as user authentication.
With only the name argument, the command enters HTTP Server configuration
mode, a mode that supports HTTP server creation with a series of brief
single-purpose commands.
While in HTTP Server configuration mode, you must use the ip-address,
local-directory, and port commands to complete server configuration.
Optionally, you can use the authentication, mode, and start-page commands to
provide enhanced server functions.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
the port, identifies the interface-port pair that the HTTP server monitors
for incoming HTTP client requests.
address, identifies the interface-port pair that the HTTP server monitors for
incoming HTTP client requests.
Chapter 2. Global configuration mode47
If you wish to restrict access to an HTTP server, you can compile an ACL using
the acl, allow, and deny commands.
Use the no httpserv command to delete an HTTP server.
Use the exit command to exit HTTP Server configuration mode and return to
Global configuration mode.
Related Commands
acl, exit, show services
Examples
v Enters HTTP Server configuration mode to create the Serv-1 HTTP server.
# httpserv Serv-1
HTTP Server configuration mode
#
v Creates the Serv-2 HTTP server on the specified interface.
# httpserv Serv-2 192.168.1.200 64000
Installed HTTP server on port 64000
#
v Deletes the Serv-2 HTTP server.
# no httpserv Serv-2
#
import-execute
Syntax
Parameters
Guidelines
Related Commands
Examples
Imports an Import Package object.
import-execute package
package
Specifies the name of the Import Package object.
The import-execute command imports an existing Import Package object. The
Import Package must have been created with the import-package command.
nameSpecifies the name of the Import Configuration File object.
Guidelines
The import-package command enters Import Configuration File configuration
mode to create a new Import Configuration File object or to modify an existing
Import Configuration File object. While in this configuration mode, use the
mode-specific commands to define the configuration of the Import Configuration
File object.
To delete an Import Configuration File object, use the no import-package
command.
To exit this configuration mode without saving configuration changes to the
running configuration, use the cancel command.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Related Commands
include-config
Syntax
Parameters
Guidelines
To exit this configuration mode and save configuration changes to the running
configuration, use the exit command.
cancel, exit
Enters Include Configuration File configuration mode.
include-config filename
no include-config filename
filename
Specifies the name of the include configuration object.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
An include configuration object references a local or remote configuration file that
can be included in other configuration files.
Use the no include-config command to delete an include configuration object.
Chapter 2. Global configuration mode49
Related Commands
exec
Examples
v Enters Include Configuration configuration mode to create the
standardServiAceProxies Include Configuration.
# include-config standardServiceProxies
Include Configuration configuration mode
#
v Deletes the standardServiAceProxies Include Configuration.
Depending on model type, the appliance provides three or four Ethernet interfaces.
There is one dedicated management port (labelled either MANAGEMENT or MGMT), and
two or three network ports (labelled either ETHERNET or NETWORK).
Use the no interface command to delete an Ethernet interface connections from the
appliance.
50Command Reference
Note: To disable an Ethernet interface, use the admin-state command in Interface
configuration mode.
Use the exit command to exit Interface configuration mode and enter Global
configuration mode.
Related Commands
admin-state (Interface), exit, show interface
Examples
v Enters Interface configuration mode for Ethernet interface 0.
Adds an entry to the IP domain-suffix search table.
ip domain domain
no ip domain domain
domain Specifies the base domain name to which a host name can be prefixed.
This command enables the usage on non-fully qualified domain names (host
names) by specifying a list of one or more domain names that can be appended to
a host name.
Use multiple ip domain commands to add more than one entry to the IP domain
name table.
The appliance attempts to resolve a host name in conjunction with any domains
identified by the ip domain command. The host name is resolved as soon as a
match is found.
Use the no ip domain command to delete an entry from the table.
Related Commands
search-domain
Chapter 2. Global configuration mode51
ip host
Examples
v Adds the datapower.com, somewhereelse.com, and endoftheearth.com IP domains
to the IP domain table. The appliance attempts to resolve the host name loki in
following ways:
# ip domain datapower.com
# ip domain somewhereelse.com
# ip domain endoftheearth.com
# xslproxy Proxy-01
XSL proxy configuration mode
# remote-address loki 80
#
v Removes datapower.com from the IP domain search table. The appliance
attempts to resolve the host name loki in following ways:
loki.somewhereelse.com
loki.endoftheearth.com
# no ip domain datapower.com
#
Maps a host name to an IP address.
Syntax
ip host hostname address
no ip host {hostname |*
Parameters
hostname
Specifies the name of the host.
address Specifies the IP address of the host.
*Specifies all hosts.
Guidelines
Use the no ip host command to remove the host name-IP address mapping.
Related Commands
ip name-server, show ip hosts, show ip name-servers
Examples
v Maps IP address 10.10.10.168 to host loki.
# ip host loki 10.10.10.168
#
v Deletes the map between IP address 10.10.10.168 and host loki.
# no ip host loki
#
v Deletes all maps from the host mapping table.
52Command Reference
ip name-server
Syntax
Parameters
# no ip host *
#
Identifies a local DNS provider.
ip name-server address [ udpPortNumber][tcpPortNumber][flags][max-retries]
no ip name-server address
no ip name-server *
address Specifies the IP address of the DNS server.
udpPortNumber
Optionally identifies the UDP port that the DNS server monitors. Use an
integer in the range of 0 through 65535. The default is 53.
tcpPortNumber
Optionally identifies the TCP port that the DNS server monitors. Use an
integer in the range of 0 through 65535. The default is 53.
flagsOptionally specifies protocol-level DNS behavior. Should be set to 0.
max-retries
Optionally specifies the maximum number of times to retransmit an
unacknowledged resolution request to the DNS server. The default is 3.
*Specifies all DNS servers.
Guidelines
Use the no ip name-server command to delete a DNS provider.
Note: Unless specifically requested, do not change that DNS parameter.
Related Commands
ip host, show ip hosts, show ip name-servers
Examples
v Identifies a DNS server at 10.10.10.240 with the default port.
# ip name-server 10.10.10.240
#
v Identifies a DNS server at 10.10.10.240 with UDP port 6000.
# ip name-server 10.10.10.240 6000
#
v Deletes the specified DNS provider.
# no ip name-server 10.10.10.240
#
v Deletes all DNS providers.
# no ip name-server *
#
Chapter 2. Global configuration mode53
iscsi-chap (Type 9235)
Enters iSCSCI CHAP configuration mode.
Syntax
iscsi-chap name
no iscsi-chap name
Parameters
nameSpecifies the name of the iSCSI CHAP.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
The iscsi-chap command enters iSCSCI CHAP configuration mode. While in the
configuration mode, define the credentials for the challenge handshake. During
startup, the firmware uses the CHAP to authenticate the defined user over the
network. After authentication, administrators have access to the iSCSI storage on
the remote server.
Use the no iscsi-chap command to remove an iSCSI CHAP.
Related Commands
cancel, exit, iscsi-hba
Examples
v Enters iSCSCI CHAP configuration mode to create the CHAP-1 iSCSI CHAP.
# iscsi-chap CHAP-1
New iSCSI CHAP configuration
#
v Removes the CHAP-1 iSCSI CHAP.
# no iscsi-chap CHAP-1
iscsi-chap CHAP-1 - Configuration deleted.
#
iscsi-fs-init (Type 9235)
Initializes the iSCSI volume.
Syntax
iscsi-fs-init name
Parameters
nameSpecifies the name of the iSCSI volume to initialize.
Guidelines
The iscsi-fs-init command initializes an existing iSCSI volume. Before the iSCSI
volume can be initialized, use the admin-state command in iSCSI Volume
configuration mode to disable the volume. After the iSCSI volume is initialized, it
must be enabled for further use.
54Command Reference
Related Commands
admin-state (iSCSI Volume)
Examples
v Disables, initializes, and re-enables the Georgia iSCSI volume.
nameSpecifies the name of the iSCSI volume to repair.
Guidelines
The iscsi-fs-repair command repairs the iSCSI volume in case it was corrupted by
an abnormal shutdown of the appliance or other error. Before the iSCSI volume
can be repaired, use the admin-state command in iSCSI Volume configuration
mode to disable the volume. After the iSCSI volume is repaired, it must be enabled
for further use.
Related Commands
admin-state (iSCSI Volume)
Examples
v Disables, repairs, and re-enables the Georgia iSCSI volume.
iscsi1Identifies the existing iSCSI HBA for the eth1 Ethernet interface.
iscsi2Identifies the existing iSCSI HBA for the eth2 Ethernet interface.
Guidelines
The iscsi-hba command enters iSCSI HBA configuration mode for the specified
HBA. Each DataPower appliance has iscsi1 and iscsi2. You cannot rename or
delete either HBA.
Related Commands
cancel, exit
iscsi-target (Type 9235)
Enters iSCSI Target configuration mode.
Syntax
iscsi-target name
no iscsi-target name
Parameters
nameSpecifies the name of the iSCSI target.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
The iscsi-target command enters iSCSI Target configuration mode. While in this
configuration, define the a logical storage volume, or file system, for remote
storage.
Use the no iscsi-target command to remove an iSCSI target.
Related Commands
cancel, exit
iscsi-volume (Type 9235)
Enters iSCSI Volume configuration mode.
56Command Reference
Syntax
iscsi-volume name
no iscsi-volume name
Parameters
nameSpecifies the name of the iSCSI volume to configure.
Guidelines
The iscsi-volume command enters iSCSI Volume configuration mode. While in this
configuration mode, create, partition, and name the logical storage volume.
Use the no iscsi-volume command to remove an iSCSI volume.
Related Commands
cancel, exit
loadbalancer-group
Enters Load Balancer Group configuration mode.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Syntax
loadbalancer-group name
no loadbalancer-group name
Parameters
nameSpecifies the name of the Load Balancer Group.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
After completing configuration of the Load Balancer Group, assign the group to a
specific XML Manager. Assignment of the Load Balancer Group to an XML
Manager makes the group available to the DataPower services that this XML
Manager supports.
Use the no loadbalancer-group command to delete a Load Balancer Group.
Use the exit or cancel command to exit Load Balancer Group configuration mode
and return to Global configuration mode.
Related Commands
cancel, exit, show loadbalancer-group, show loadbalancer-status
locate-device (Type 9235)
Controls the locate LED.
Chapter 2. Global configuration mode57
Syntax
locate-device {on | off}
Parameters
onActivates the locate LED light.
Guidelines
Examples
known-host
off
The locate-device command activates or deactivates the locate LED light on Type
9235 appliances. The locate LED is on the front of the appliance.
v When activated, the locate LED light is illuminated in blue.
v When deactivated, the locate LED light is not illuminated.
Only administrators in the default domain with the appropriate permissions can
control the locate LED.
v Activates the locate LED light.
v Deactivates the locate LED light
Adds or removes an SSH peer as an SSH known host.
(Default) Deactivates the locate LED light.
# locate-device on
#
# locate-device off
#
Syntax
known-host host ssh-rsa key
no known-host host
Parameters
hostSpecifies the fully-qualified host name or IP address for the peer. For
ssh-rsa
keySpecifies the host public key for the peer. For example:
Guidelines
The known-host command adds an SSH peer as an SSH known host.
The no known-host command removes an SSH peer as an SSH known host.
v Removes ragnarok.datapower.com by IP address as an SSH known host.
# no known-host 10.97.111.108
#
ldap-search-parameters
Enters LDAP Search Parameters configuration mode.
Syntax
ldap-search-parameters name
no ldap-search-parameters name
Parameters
nameSpecifies the name of the LDAP Search Parameters object.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
The ldap-search-parameters command enters LDAP Search Parameters
configuration mode. In this configuration, you can create an LDAP Search
Parameters object. This object is a container for that parameters that are used to
perform an LDAP search to retrieve the distinguished name (DN) of the user.
Use the cancel or exit command to leave LDAP Search Parameters configuration
mode and enter Global configuration mode.
Use the no ldap-search-parameters command to delete a LDAP Search Parameters
object.
Related Commands
cancel, exit
load-interval
Specifies the duration of a measurement interval.
Chapter 2. Global configuration mode59
Syntax
load-interval measurement-interval
Parameters
measurement-interval
Specifies the measurement interval in milliseconds. Use an integer in the
range of 500 through 5000. The default is 1000.
Guidelines
The load-interval command specifies the duration of a measurement interval.
During this interval, system load is estimated and expressed as a percentage. Use
this command in conjunction with the show load command to monitor system
load. The greater the percentage the greater the use of system resources.
Related Commands
show cpu, show load
Examples
v Specifies an measurement interval of 2.5 seconds.
# load-interval 2500
#
logging category
Enters Log Category configuration mode or delete a custom logging category.
Syntax
logging category name
no logging category name
Parameters
nameSpecifies the name for a custom logging category.
Guidelines
Use the no logging category command to delete the custom logging category.
Related Commands
cancel, exit
logging event
Adds an event class (a set of related events) and a priority to an existing log.
Syntax
logging event name category priority
no logging event name category
60Command Reference
Parameters
nameSpecifies the name of the existing log to which an event class will be
category
priority
Guidelines
Use the show logging event command to display a list of event classes.
Use the show logging priority command to display a list of event priorities.
added.
Specifies the name of an event-class to add.
Identifies the event priority. The priority indicates that all events that are
greater than or equal to this value are logged. Events use the following
priority in descending order:
v emerg (Emergency)
v alert (Alert)
v critic (Critical)
v error (Error)
v warn (Warning)
v notice (Notice)
v info (Information)
v debug (Debug)
Use the no logging event command to remove an event class from a log.
Related Commands
show logging event, show logging priority
Examples
v Adds all events of critical, alert, or emergency priority to the Alarms log.
# logging event Alarms all critic
#
v Specifies which event classes and which event priorities to add to the CryptoLog
v Removes the schema event class from the CryptoLog log.
# no logging event CryptoLog schema
#
logging eventcode
Adds an event code to the subscription list for a specific log.
Syntax
logging eventcode target event-code
no logging eventcode target event-code
Chapter 2. Global configuration mode61
Parameters
targetSpecifies the name of an existing log target.
event-code
Guidelines
The logging eventcode commands adds an event code to the subscription list for
the specified log target. This command is equivalent to using the event-code
command in Logging configuration mode.
Use the show logging target command to display a list of log targets.
Use the View List of Event Codes from the WebGUI to view a list of all event
codes.
Use the no form of the logging eventcode command to remove an event code
from the inclusion list to the specified log.
Related Commands
logging eventfilter, logging target, event-code (Logging), show logging target
logging eventfilter
Specifies the hexadecimal value of the event code.
Adds an event code to the suppression list for a specific log.
Syntax
logging eventfilter target event-code
no logging eventfilter target event-code
Parameters
targetSpecifies the name of an existing log target.
event-code
Guidelines
The logging eventfilter commands adds an event code to the suppression list for
the specified log target. This command is equivalent to using the event-filter
command in Logging configuration mode.
Use the show logging target command to display a list of log targets.
Use the View List of Event Codes from the WebGUI to view a list of all event
codes.
Specifies the hexadecimal value of the event code.
Use the no form of the logging eventfilter command to remove an event code
from the exclusion list of the specified log.
Related Commands
logging eventcode, logging target, event-filter (Logging), show logging target
62Command Reference
logging object
Syntax
Parameters
Guidelines
Adds an object filter to a specific log.
logging object name object class
no logging object name object class
nameSpecifies the name of the existing log to which to add an object filter.
objectIdentifies the object type.
classIdentifies a specific instance of the target class.
Use logging object to enable a finer granularity in specifying log contents. You can
restrict log entries, for example, to those events issued by a specific XSL Proxy or
XML Firewall, or to a set of identified service providers.
Service
ShellAlias
SmtpClientHelper
SNMPSettings
SSHService
SSLProxyProfile
SSLProxyService
Statistics
StylePolicy
StylePolicyAction
StylePolicyRule
SystemSettings
TAM
TCPProxyService
TelnetService
Throttler
TraceTarget
URLMap
URLRefreshPolicy
URLRewritePolicy
User
UserGroup
WebGUI
XMLFirewallService
XMLManager
xmltrace
XPathRoutingMap
XSLCoprocService
XSLProxyService
Use the no logging object command to delete an object filter from an existing log.
Chapter 2. Global configuration mode63
Examples
logging target
Syntax
Parameters
v Adds an object filter to the Alarms log. This log will record only events that are
issued by the Proxy-1 XSL Proxy. Event priority uses the existing configuration
of the Alarms log.
# logging object Alarms XSLProxyService Proxy-1
#
v Deletes an object filter from the Alarms log. This log will record those events set
by the original log configuration.
# no logging object Alarms XSLProxyService Proxy-1
#
Enters Logging configuration mode.
logging target name
no logging target name
nameSpecifies the name of the system log.
loglevel
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
After entering Logging configuration mode, you should first use the type
command to identify the log type.
Additional configuration requirements and options are dependent upon the log
type.
Use the no logging target command to delete an event log.
Related Commands
cancel, exit
Sets the log priority for events to log.
Syntax
loglevel priority
Parameters
priority
Specifies the type of events written to the local system log and can be
expressed as either keyword or integer. Log events are characterized in
descending order of criticality.
v emerg or 0
v alert or 1
64Command Reference
Guidelines
The loglevel command determines which system-generated events to log to the
basic event log. The log priority also functions as filter and determines which
events to forward to a remote syslog daemon. In contrast, syslog specifies the
events that will be forwarded to a remote appliance.
In the absence of an argument, loglevel displays the current log-level.
The log levels can be expressed as character strings or as integer values, with 0
equating to emergency (most critical) and 6 equating to info (least critical).
By default the basic log level is set to notice (5).
When issued with an argument, loglevel specifies that all events of greater or
equal criticality to the argument are logged.
Note: The loglevel, logsize, and syslog commands provide the ability to configure
v critic or 2
v error or 3
v warn or 4
v notice or 5
v info or 6
v debug or 7
a rudimentary basic logging system.
Users, however, are encouraged to use the logging target command to enter
Logging configuration mode. From within this mode, users can exercise
more precise control over log formats and contents.
Related Commands
logsize, show log, syslog
Examples
v Sets the priority to critical, which specifies that critical, alert, and emergency
events are logged.
# loglevel critical
#
v Sets the priority to 2, which specifies that critical, alert, and emergency events
are logged.
# loglevel 2
#
v Sets the priority to debug, which specifies that all events are logged. This setting
is not intended for production environments.
# loglevel 7
#
v Displays the current priority.
# loglevel
loglevel is 7 debug
#
logsize
Sets the size of a basic event log.
Chapter 2. Global configuration mode65
Syntax
logsize size
Parameters
sizeSpecifies the size of the log in lines. The default is 200.
Guidelines
In the absence of an argument, logsize displays the size of the log file in lines.
Note:
The loglevel, logsize, and syslog commands provide the ability to configure
a rudimentary basic logging system.
Use the logging target command to enter Logging configuration mode.
From this mode, define more precise control over log formats and contents.
Related Commands
loglevel, show log
Examples
v Sets the log size to 250 lines.
# logsize 250
#
v Displays the configured log size in lines.
# logsize 250
#
matching
Enters Matching Rule configuration mode.
Syntax
matching name
no matching name
Parameters
nameSpecifies the name of the Matching Rule.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
Use the cancel or exit command to leave Matching Rule configuration mode and
enter Global configuration mode.
A Matching Rule contains one or more shell-style match patterns that are used to
evaluate candidate HTTP headers and URLs. These rules are used in the
66Command Reference
Related Commands
memoization
Syntax
Parameters
implementation of Processing Policy objects. A Processing Policy uses Matching
Rule objects to determine whether a candidate XML document is subject to specific
processing instructions in the policy.
Refer to Appendix B, “Processing Policy procedures,” on page 999 for procedural
details about the creation and implementation of Matching Rule and Processing
Policy objects.
Use the no matching command to delete a Matching Rule.
cancel, exit
Enables the optimization of XPath expressions for a specific XML Manager.
memoization XML-manager
no memoization XML-manager
XML-manager
Guidelines
Memoizing an XPath expression adds a transparent caching wrapper to the
expression, so that expression values that have already been calculated are
returned from a cache rather than being recomputed each time. Memoization can
provide significant performance gains for computing-intensive calls.
Memoization is enabled by default, and should rarely, if ever, be disabled. It is
possible, however, that with certain style sheets, memoization could inflict a
performance penalty. The identification of such style sheets is largely a matter of
trial and error.
Use the no memoization command to disable XPath expression optimization.
Examples
v Disables XPath optimizations for the mgr1 XML Manager.
# no memoization mgr1
XML memoization successfully disabled
XML memoization successfully updated
#
v Restores the default condition by enabling XPath optimizations for the mgr1
XML Manager.
# memoization
XML memoization successfully enabled
XML memoization successfully updated
#
Specifies the name of an XML manager.
Chapter 2. Global configuration mode67
message-matching
Enters Message Matching configuration mode.
Syntax
message-matching name
no message-matching name
Parameters
nameSpecifies the name of the traffic-flow definition.
Guidelines
The message-matching command create a traffic-flow definition that describes a
traffic stream to be subject to administrative monitoring and control.
When in Message Matching configuration mode, you can specify traffic stream
characteristics in terms of traffic origin (IP address), HTTP header content, SSL
identity, or requested documents.
Use the cancel or exit command to leave Message Matching configuration mode
and enter Global configuration mode.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Related Commands
message-type
Syntax
Parameters
Guidelines
Use the no message-matching command to delete a traffic-flow definition.
cancel, exit, reset
Enters Message Type configuration mode.
message-type name
no message-type name
nameSpecifies the name of the message class.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
The message-type command creates a message class consists of one or more
traffic-flow definitions that were created previously with the message-matching
command. It identifies a set of traffic streams that are subject to specific,
rules-based administrative monitoring and control.
68Command Reference
metadata
Use the cancel or exit command to leave Message Type configuration mode and
enter Global configuration mode.
Use the no message-type command to delete a message class.
Related Commands
cancel, exit
Enters Processing Metadata configuration mode.
Syntax
metadata name
no metadata name
Parameters
nameSpecifies the name of the Processing Metadata object.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
mkdir
Guidelines
While in Processing Metadata configuration mode you define the contents of the
Metadata Processing object, a list or manifest, of metadata items that are returned
in an XML nodeset to the object using the Metadata. This is typically an AAA
Policy.
Use the cancel or exit command to leave Processing Metadata configuration mode
and enter Global configuration mode.
Use the no metadata command to delete a Processing Metadata object.
Related Commands
cancel, exit
Creates a subdirectory.
Syntax
mkdir local:///subdirectory
Parameters
local:///subdirectory
The subdirectory to create in the local: directory.
Guidelines
The mkdir command creates subdirectories in the local: directory on the
DataPower appliance. You can create subdirectories for application-specific files
such as style sheets and schemas.
Chapter 2. Global configuration mode69
Related Commands
Examples
monitor-action
Syntax
Use the rmdir command to delete subdirectories.
rmdir
v Creates the stylesheets subdirectory of the local: directory.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
A monitor action is a control procedure that specifies an action or set of actions to
take when a monitored message class exceeds a configured threshold.
Use the cancel or exit command to leave Message Filter Action configuration mode
and enter Global configuration mode.
Use the no monitor-action command to delete a control procedure.
cancel, exit, monitor-count, monitor-duration
Enters Message Count Monitor configuration mode.
Syntax
monitor-count name
no monitor-count name
70Command Reference
Parameters
nameSpecifies the name of the monitor.
Guidelines
A monitor count is an incremental, or counter-based, monitor that consists of a
target message class, a configured threshold, and a control procedure that is
triggered when the threshold is exceeded.
Use the cancel or exit command to leave Message Count Monitor configuration
mode and enter Global configuration mode.
Use the no monitor-count command to delete an incremental monitor.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Syntax
monitor-duration name
no monitor-duration name
Parameters
nameSpecifies the name of the duration monitor.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
A duration, or time-based, monitor consists of a target message class, two
thresholds, and a control procedure that is triggered when either threshold is
exceeded.
Use the cancel or exit command to leave Message Duration Monitor configuration
mode and enter Global configuration mode.
Use the no monitor-duration command to delete a duration monitor.
Related Commands
cancel, exit, monitor-action, monitor-count, show message-durations, show
message-duration-filters
move
Moves a file from one directory to another.
Chapter 2. Global configuration mode71
Syntax
move [-f] source-URL destination-URL
Parameters
-fOverwrites an existing file, if one of the same name already exists.
source-URL and destination-URL
Guidelines
You can use the move command to transfer a file to or from a directory. However,
you cannot use the move command to copy a file from the private cryptographic
area (such as the cert: directory).
In the absence of this argument, an attempt to save a file with the same
name as an existing file results in a prompt that requests confirmation to
overwrite the existing file.
Specifies the URLs that identify the source file and target destination,
respectively. These arguments take the following form:
directory:///filename
directory
Specifies a directory on the appliance. Refer to “Directories on the
appliance” on page xxii for details.
filename
Specifies the name of a file in the specified directory.
mpgw
Related Commands
copy, delete, dir
Examples
v Moves a file from the config: directory to the store: directory.
nameSpecifies the name of the Multi-Protocol Gateway.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
72Command Reference
mtom
Guidelines
Use the no mpgw command to delete a Multi-Protocol Gateway.
Related Commands
cancel, exit
Enters MTOM Policy configuration mode.
Syntax
mtom name
no mtom name
Parameters
nameSpecifies the name of the MTOM Policy.
The name can contain a maximum of 128 characters. For restrictions, refer
to “Object name conventions” on page xxiv.
Guidelines
While in MTOM (SOAP Message Transmission Optimization Mechanism) Policy
configuration mode you define an MTOM Policy, which provides a mechanism for
optimizing the transmission and wire format of an XML/SOAP message.
Optimization is performed by selecting elements with base 64 encoded character
data. The selected elements are decoded and attached as MIME attachment parts
before transmission. Decoding before transmission reduces the overhead that is
associated with base 64 encoded data.
network
Use the cancel or exit command to leave MTOM Policy configuration mode and
enter Global configuration mode.
Use the no mtom command to delete an MTOM Policy.
Related Commands
cancel, exit
Enters Network Settings configuration mode.
Syntax
network
no network
Guidelines
While in Network Settings configuration mode, you can enable or disable the
generation of certain Internet Control Message Protocol (ICMP) replies and control
the retry and intervals of these messages. By default the appliance replies to the
corresponding ICMP requests.
Chapter 2. Global configuration mode73
nfs-client
You can also control routing behavior, interface isolation and ECN settings.
Use the cancel or exit command to leave Network Settings configuration mode
and enter Global configuration mode.
Use the no network command to reset network settings to their defaults.
Related Commands
cancel, exit
Enters NFS Client Settings configuration mode.
Syntax
nfs-client
no nfs-client
Guidelines
While in NFS Client configuration mode, you configure NFS client global settings,
which are employed in all application domains. By default, the NFS Client is
disabled.
Use the cancel or exit command to leave NFS Client configuration mode and enter
Global configuration mode.
Use the no nfs-client command to disable the NFS client.
Related Commands
cancel, exit
nfs-dynamic-mounts
Enters NFS Dynamic Mounts configuration mode.
Syntax
nfs-dynamic-mounts
no nfs-dynamic-mounts
Guidelines
While in NFS Dynamic Mounts configuration mode, you configure NFS dynamic
mounts settings, which are employed within the current application domain. By
default, the NFS dynamic mounts are disabled; once in NFS Dynamic Mounts
configuration mode, use the admin-state command to enable dynamic mounts and
other commands to specify operational properties.
Use the cancel or exit command to leave NFS Dynamic Mounts configuration
mode and enter Global configuration mode.
Use the no nfs-dynamic-mounts command to restore the NFS dynamic mount
default settings.
74Command Reference
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.