Configuration Command Reference Guide
Authority configuration is the top-most level in the SSR configuration hierarchy.
Subcommands
command | description |
---|
access-management | Role Based Access Control (RBAC) configuration. |
asset-connection-resiliency | Configure Asset Connection Resiliency |
backwards-compatible-vrf-bgp-tenants | When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3 |
bgp-service-generation | Configure Bgp Service Generation |
cli-messages | Configure Cli Messages |
client-certificate | The client-certificate configuration contains client certificate content. |
clone | Clone a list item |
conductor-address | IP address or FQDN of the conductor |
currency | Local monetary unit. |
delete | Delete configuration data |
district | Districts in the authority. |
dscp-map | Configure Dscp Map |
dynamic-hostname | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'. |
fib-service-match | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. |
forward-error-correction-profile | A profile for Forward Error Correection parameters, describing how often to send parity packets. |
icmp-control | Settings for ICMP packet handling |
idp-profile | User defined IDP profiles. |
ipfix-collector | Configuration for IPFIX record export. |
ipv4-option-filter | Configure Ipv 4 Option Filter |
ldap-server | LDAP Servers against which to authenticate user credentials. |
management-service-generation | Configure Management Service Generation |
metrics-profile | A collection of metrics |
name | The identifier for the Authority. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
password-policy | Password policy for user's passwords. |
pcli | Configure the PCLI. |
performance-monitoring-profile | A performance monitoring profile used to determine how often packets should be marked. |
radius-server | Radius Servers against which to authenticate user credentials. |
rekey-interval | Hours between security key regeneration. Recommended value 24 hours. |
remote-login | Configure Remote Login |
resource-group | Collect objects into a management group. |
router | The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies. |
routing | authority level routing configuration |
security | The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets. |
service | The service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services. |
service-class | Defines the association between DSCP value and a priority queue. |
service-policy | A service policy, which defines parameters applied to services that reference the policy |
session-record-profile | A profile to describe how to collect session records. |
session-recovery-detection | Configure Session Recovery Detection |
session-type | Type of session classification based on protocol and port, and associates it with a default class of service. |
show | Show configuration data for 'authority' |
software-update | Configure Software Update |
step | Configure Step |
step-repo | List of Service and Topology Exchange Protocol repositories. |
tenant | A customer or user group within the Authority. |
traffic-profile | A set of minimum guaranteed bandwidths, one for each traffic priority |
trusted-ca-certificate | The trusted-ca-certificate configuration contains CA certificate content. |
web-messages | Configure Web Messages |
web-theme | Configure Web Theme |
Role Based Access Control (RBAC) configuration.
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
role | Configure Role |
show | Show configuration data for 'access-management' |
token | Configuration for HTTP authentication token generation. |
Configure Role
Usage
configure authority access-management role <name>
Positional Arguments
name | description |
---|
name | A unique name that identifies this role. |
Subcommands
command | description |
---|
capability | The capabilities that this user will be granted. |
clone | Clone a list item |
delete | Delete configuration data |
description | A description about the role. |
exclude-resource | Exclude a resource from being associated with this role. |
name | A unique name that identifies this role. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource | Associate this role with a resource. |
resource-group | Associate this role with a top-level resource-group. |
show | Show configuration data for 'role' |
The capabilities that this user will be granted.
Usage
configure authority access-management role capability [<identityref>]
Positional Arguments
name | description |
---|
identityref | Value to add to this list |
A description about the role.
Usage
configure authority access-management role description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Exclude a resource from being associated with this role.
Usage
configure authority access-management role exclude-resource <id>
Positional Arguments
name | description |
---|
id | Configure Id |
Subcommands
command | description |
---|
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'exclude-resource' |
Configure Id
Usage
configure authority access-management role exclude-resource id [<resource-id>]
Positional Arguments
name | description |
---|
resource-id | The value to set for this field |
A unique name that identifies this role.
Usage
configure authority access-management role name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this role with a resource.
Usage
configure authority access-management role resource <id>
Positional Arguments
name | description |
---|
id | Configure Id |
Subcommands
command | description |
---|
delete | Delete configuration data |
generated | Indicates whether or not the resource was automatically generated |
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'resource' |
Indicates whether or not the resource was automatically generated
Usage
configure authority access-management role resource generated [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Id
Usage
configure authority access-management role resource id [<resource-id>]
Positional Arguments
name | description |
---|
resource-id | The value to set for this field |
Associate this role with a top-level resource-group.
Usage
configure authority access-management role resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Configuration for HTTP authentication token generation.
Subcommands
command | description |
---|
delete | Delete configuration data |
expiration | Minutes after initial authentication that the authentication token is valid. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'token' |
Minutes after initial authentication that the authentication token is valid.
Usage
configure authority access-management token expiration [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Description
Units: minutes
Configure Asset Connection Resiliency
Subcommands
command | description |
---|
delete | Delete configuration data |
enabled | Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'asset-connection-resiliency' |
Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
Usage
configure authority asset-connection-resiliency enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3
Usage
configure authority backwards-compatible-vrf-bgp-tenants [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Bgp Service Generation
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
route-reflector-client-mesh | Generate service-route mesh for route reflector clients. |
security-policy | Security policy to be used instead of 'internal'. |
service-policy | Service policy to be used for generated BGP services. |
show | Show configuration data for 'bgp-service-generation' |
Generate service-route mesh for route reflector clients.
Usage
configure authority bgp-service-generation route-reflector-client-mesh [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Security policy to be used instead of 'internal'.
Usage
configure authority bgp-service-generation security-policy [<security-ref>]
Positional Arguments
name | description |
---|
security-ref | The value to set for this field |
Service policy to be used for generated BGP services.
Usage
configure authority bgp-service-generation service-policy [<service-policy-ref>]
Positional Arguments
name | description |
---|
service-policy-ref | The value to set for this field |
Configure Cli Messages
Subcommands
command | description |
---|
delete | Delete configuration data |
login-message | The message displayed before login through console. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'cli-messages' |
welcome-message | The message displayed after a successful login through console. |
The message displayed before login through console.
Usage
configure authority cli-messages login-message [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The message displayed after a successful login through console.
Usage
configure authority cli-messages welcome-message [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The client-certificate configuration contains client certificate content.
Usage
configure authority client-certificate <name>
Positional Arguments
name | description |
---|
name | An identifier for the client certificate. |
Subcommands
command | description |
---|
content | Client certificate content. |
delete | Delete configuration data |
name | An identifier for the client certificate. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'client-certificate' |
configure authority client-certificate content
Client certificate content.
Usage
configure authority client-certificate content [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
An identifier for the client certificate.
Usage
configure authority client-certificate name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
IP address or FQDN of the conductor
Usage
configure authority conductor-address [<hostv4>]
Positional Arguments
name | description |
---|
hostv4 | Value to add to this list |
Local monetary unit.
Usage
configure authority currency [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Districts in the authority.
Usage
configure authority district <name>
Positional Arguments
name | description |
---|
name | Name of the district. |
Subcommands
command | description |
---|
delete | Delete configuration data |
name | Name of the district. |
neighborhood | Neighborhoods which belong to this district. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this district with a top-level resource-group. |
show | Show configuration data for 'district' |
Name of the district.
Usage
configure authority district name [<non-default-district-name>]
Positional Arguments
name | description |
---|
non-default-district-name | The value to set for this field |
Neighborhoods which belong to this district.
Usage
configure authority district neighborhood [<neighborhood-id>]
Positional Arguments
name | description |
---|
neighborhood-id | Value to add to this list |
Associate this district with a top-level resource-group.
Usage
configure authority district resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Configure Dscp Map
Usage
configure authority dscp-map <name>
Positional Arguments
name | description |
---|
name | The name of the DSCP map |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-prioritization | Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode. |
dscp-traffic-class | Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode. |
name | The name of the DSCP map |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this DSCP map with a top-level resource-group. |
show | Show configuration data for 'dscp-map' |
Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode.
Usage
configure authority dscp-map dscp-prioritization <priority>
Positional Arguments
name | description |
---|
priority | The priority assigned to the incoming DSCP value. |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-range | Configure Dscp Range |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
priority | The priority assigned to the incoming DSCP value. |
show | Show configuration data for 'dscp-prioritization' |
Configure Dscp Range
Usage
configure authority dscp-map dscp-prioritization dscp-range <start-value>
Positional Arguments
name | description |
---|
start-value | Lower DSCP number. |
Subcommands
command | description |
---|
delete | Delete configuration data |
end-value | Upper DSCP number. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-range' |
start-value | Lower DSCP number. |
Upper DSCP number.
Usage
configure authority dscp-map dscp-prioritization dscp-range end-value [<dscp-end-value>]
Positional Arguments
name | description |
---|
dscp-end-value | The value to set for this field |
Lower DSCP number.
Usage
configure authority dscp-map dscp-prioritization dscp-range start-value [<dscp>]
Positional Arguments
name | description |
---|
dscp | The value to set for this field |
The priority assigned to the incoming DSCP value.
Usage
configure authority dscp-map dscp-prioritization priority [<priority-id>]
Positional Arguments
name | description |
---|
priority-id | The value to set for this field |
Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode.
Usage
configure authority dscp-map dscp-traffic-class <traffic-class>
Positional Arguments
name | description |
---|
traffic-class | The traffic-class assigned to the incoming DSCP value. |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-range | Configure Dscp Range |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-traffic-class' |
traffic-class | The traffic-class assigned to the incoming DSCP value. |
Configure Dscp Range
Usage
configure authority dscp-map dscp-traffic-class dscp-range <start-value>
Positional Arguments
name | description |
---|
start-value | Lower DSCP number. |
Subcommands
command | description |
---|
delete | Delete configuration data |
end-value | Upper DSCP number. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-range' |
start-value | Lower DSCP number. |
Upper DSCP number.
Usage
configure authority dscp-map dscp-traffic-class dscp-range end-value [<dscp-end-value>]
Positional Arguments
name | description |
---|
dscp-end-value | The value to set for this field |
Lower DSCP number.
Usage
configure authority dscp-map dscp-traffic-class dscp-range start-value [<dscp>]
Positional Arguments
name | description |
---|
dscp | The value to set for this field |
The traffic-class assigned to the incoming DSCP value.
Usage
configure authority dscp-map dscp-traffic-class traffic-class [<traffic-class-id>]
Positional Arguments
name | description |
---|
traffic-class-id | The value to set for this field |
The name of the DSCP map
Usage
configure authority dscp-map name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this DSCP map with a top-level resource-group.
Usage
configure authority dscp-map resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'.
Usage
configure authority dynamic-hostname [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
When creating FIB entries by matching route updates to service addresses, consider the specified service addresses.
Usage
configure authority fib-service-match [ best-match-only | any-match ]
Positional Arguments
name | description |
---|
best-match-only | This is the default value, and legacy behavior. When comparing prefixes from a route update to addresses configured in services, only addresses with the longest prefix match for a particular route are considered. In cases of transport overlap, services are visited in alphabetical order. |
any-match | All service addresses that match the route update are considered when creating the FIB entries, including those with prefixes shorter than the update or those that do not have the best match service address. The transports from the service with the longest prefix are considered first. This minimizes missed entries, but may result in a higher FIB usage. |
A profile for Forward Error Correection parameters, describing how often to send parity packets.
Usage
configure authority forward-error-correction-profile <name>
Positional Arguments
name | description |
---|
name | The name of the Forward Error Correction profile |
Subcommands
command | description |
---|
delete | Delete configuration data |
mode | Whether to dynamically adjust forward error correction to account for observed loss. |
name | The name of the Forward Error Correction profile |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
ratio | The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted. |
show | Show configuration data for 'forward-error-correction-profile' |
Whether to dynamically adjust forward error correction to account for observed loss.
Usage
configure authority forward-error-correction-profile mode [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
The name of the Forward Error Correction profile
Usage
configure authority forward-error-correction-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted.
Usage
configure authority forward-error-correction-profile ratio [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Settings for ICMP packet handling
Subcommands