HP Network Automation Software (NA) CLI/API Command Reference
Software Version: 10.00
Document Release Date: May 2014 Software Release Date: May 2014
New Commands in NA 10.00
Revised Commands in NA 10.00
acquire resource id
add advanced diagnostic
add resource id
add resource id pool
add role
del resource id
del resource id pool
del role
list policies
list resource id
list resource id custom field data
list resource id pool
list resource id pool all
mod advanced diagnostic
mod resource id custom field data
mod resource id pool
mod role
release resource id
show resource id
show resource id custom field data
show resource id pool
show user group
snmp get
snmp set
add authentication
add device
add event rule
add group
add ip (help content only)
add user
add vlan
add vlan trunk
check policy compliance
configure syslog
connect (help content only)
del group
del script
del vlan
del vlan trunk
deploy image
discover driver
discover drivers
get snapshot
import (help content only)
list device group (help content only)
list deviceinfo
list diagnostic (help content only)
list groups (help content only)
list script
list script id
list script mode
list task
list user
mod authentication
mod device
mod ip (help content only)
mod task
mod user
mod vlan
mod vlan trunk
passwd
provision device
run advanced script
run command script
run diagnostic
run script
set core status
show device credentials
show group (help content only)
show script
synchronize
test config
undeploy image
Command comparison is relative to NA 9.20.
Contents
NOTE: Return type of STATUS means that the command returns no Text or ResultSet. Use getReturnStatus() to determine the command results.
NOTE: The Perl API does not exactly match the NA command-line interface documented here. For information about the differences, see “Perl Documentation” in the NA API User Guide.
Acquire a resource identity from a resource identity pool.
Synopsis
acquire resource id [-poolid <Resource identity pool ID>] [-name <Name>] [-id <ID>]
Description
Acquire a resource identity from a resource identity pool. If resource identity ID or name is not provided, the next available resource identity in a pool identified by a pool ID is acquired. Resource identity can be identified either by ID or combination of name and resource identity pool ID. If resource identity ID is specified, name and resource pool ID are ignored.
-poolid - ID of the resource identity pool to acquire a resource identity from.
This command can modify passwords on a specific device or device group, or merely update what the system knows of a device's or network's password information. The -ip option provides information specific to the device. Otherwise, the command adds a network-wide password rule to the system. When using this command to modify passwords on a device, the modification operation is actually a scheduled task.
-loc - The location to which password information should be written. Valid values for this argument are "db", "device", and "group". "db" tells the command that password information should be changed only in the system's database. "device" tells the command that the password changes should be made on the device as well and "group" performs the same function as "device" but across all devices in the group.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: The device to which this password information should apply.
-host - A valid hostname: An existing device to which this password information should apply.
-fqdn - A valid Fully Qualified Domain Name: An existing device to which this password information should apply.
-deviceid - A device ID
-snmpro - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read only community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read only community strings to be, either set on the device, or appended to an existing list of read only community strings (depends on whether or not the -appendsnmpro flag was supplied.)
-snmprw - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read write community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read write community strings to be, either set on the device, or appended to an existing list of read write community strings (depends on whether or not the -appendsnmprw flag was supplied.)
-snmpv3user - When used in conjunction with -loc db, this argument is taken as the username for snmpv3 access.
-snmpv3authpw - When used in conjunction with -loc db, this argument is taken as the authentication password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3authpw with no password value and respond to the command prompt.
-snmpv3encryptpw - When used in conjunction with -loc db, this argument is taken as the encryption password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3encryptpw with no password value and respond to the command prompt.
-user - Username.
-passwd - Password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-connectionmethods - The methods used by the system to connect to devices. Can be telnet, serial_direct, or SSH.
-accessvariables - To override variables in the script, such as prompts.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Use this option only if the argument to the -loc flag is "device".
-appendsnmpro - Supply this option if read only community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-appendsnmprw - Supply this option if read write community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-sync - Indicates that the command should return only after the password change task is complete. Do not use this option with -start.
-group - The group name for performing this command across all devices in a group.
-site - The site partition this rule will be applied to. Default to be global
-rule - the rule name to be added
-rulehostname - Hostname, the rule applies to
-ruledevicegroup - Device group name, the rule applies to
-iprangestart - IP start range, the rule applies to
-iprangeend - IP end range, the rule applies to
Return Type
String
Examples
add authentication -loc db -ip 192.0.2.10 -passwd fish -snmpro public -enablepasswd 31337
add authentication -loc db -ip 192.0.2.10 -passwd old -enablepasswd joshua -snmpro public -snmprw public
add authentication -loc device -ip 192.0.2.10 -passwd limited -enablepasswd full
add authentication -loc device -ip 192.0.2.10 -passwd some -enablepasswd all -snmprw brillig,slithy,toves,gire -appendsnmprw -sync
add authentication -loc device -ip 192.0.2.10 -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
add authentication -loc group -group MyDevices -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
add authentication -loc db -rule "rule 1" -rulehostname DALAB-C2600-NAT
-description - Description for the new command script
-scripttype - Script type (i.e. user defined subcategory)
-mode - Command script mode
-driver - List of applicable drivers - provided as a comma separated list of internal driver names
-script - Script text - may separate commands with '\n'. Commands that require multiple entries before returning to the device prompt can separate each entry with '\\r\\n'.
add device -ip <IP address> [-hostname <Host name>] [-comment <Comment>] [-description <Device name>] [-model <Device model>] [-vendor <Device vendor>] [-domain <Domain name>] [-serial <Serial number>] [-asset <Asset tag>] [-location <Location>] [-status <Status>] [-nopoll <Do not poll>] [-consoleip <Console IP address, if using console server>] [-consoleport <Console Port>] [-tftpserverip <TFTP server IP address, if using NAT>] [-natip <NAT IP address>] [-useconsoleserver <true or false>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>] [-origin <Device Origin>] [-forcesave <true or false>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device will be put in.
-hostname - The device's host name
-comment - Additional information regarding the device.
-description - The descriptive name of the device (informational only).
-model - The device's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-domain - A fully qualified domain name (such as www.google.com).
-serial - The device's serial number.
-asset - The device's asset tag.
-location - The device's location.
-status - 0: Mark this device as managed by the system (Active). 1: Mark this device to be unmanaged by the system(Disable). 3: Mark this device as pre-production.
-nopoll - 0: Mark this device to be polled for changes. 1: Mark this device as not to be polled for changes.
-consoleip - a.b.c.d where 0 <= a,b,c,d <= 255
-consoleport - The port number
-tftpserverip - a.b.c.d where 0 <= a,b,c,d <= 255
-natip - a.b.c.d where 0 <= a,b,c,d <= 255
-useconsoleserver - true, if the device uses a console server. false, if the device does not. If this option is not provided, it is assumed that the device does not use a console server.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP, SNMP,snmp_noauthnopriv, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha_des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes192 , snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.If this option is not provided, the system will try all access methods when attempting to connect to the device.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
-origin - The device's origin.
-forcesave - If true, allow duplicated IP address to be added into the system.
For drivers that support it, add a virtual context to a device
-deviceid - The device ID to add a context to
-contextvariables - A comma separated list of driver specific variables and values that are required to create a context on the given device. These variables can be found using the 'list device context variables' command.
add device template -hostname <Device name> [-driver <Driver name>] [-comment <Comment>] [-description <Description>] [-model <Device model>] [-vendor <Device vendor>] [-location <Location>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>] [-sitename <Site Name>]
Description
-hostname - A valid name
-driver - The driver name in short form
-comment - Additional information regarding the device template.
-description - The descriptive name of the device template (informational only).
-model - The device template's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-location - The device's location.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP, SNMP,snmp_noauthnopriv, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha_des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes192, snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
-sitename - The Site name in which the template belongs to.
Add new event rule. It will subscribe provided host to the system events.
-name - The name identifier for event rule
-action - Event rule action, must be one of the following: snmp, syslog, nnmi-integration and nnmi-snmp. Note the old value "integration" is equivalent to "nnmi-integration".
-receiverhost - A valid hostname or ip address
-receiverport - A numeric port, if not provided, then 162 will be used
-events - List of event types, separated by column. If not provided, then ALL will be used
-community - Community string, if not provided, then public will be used
-eventtemplate - Specify the absolute path to the file which contains the event text template. The file must be directly accessible by the system.
-eventtext - Specify the event text
-site - Name of the site the rule will be added to. The rule will be global if site name is null or not specified
Add images to database. Must specify either driver or model
-site - The site the image will be applicable to. The image will be global if site is not specified.
-imageset - The imageset the images will add to.
-images - The images to add. The paths specified by this option must point to files accessible by the management server. Files must be placed on the management server first.
-driver - The driver the images required.
-model - The device model the images required.
-memory - The minimum system memory required (in bytes) for images.
add ip -ipvalue <Value> [-deviceip <Device IP address>] [-comment <Comment>] [-usetoaccess <Use to Access Device>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-comment - Additional information regarding the device.
-usetoaccess - Use this IP Value to access its device, 1 - yes, 0 - no, default - no
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
Return Type
STATUS
Examples
add ip -deviceip 192.0.2.10 -ipvalue 192.0.2.10 -comment "my own ip"
add ip -deviceip 192.0.2.10 -ipvalue 192.0.2.10 -usetoaccess 0
add ip -deviceid 1401 -ipvalue 192.0.2.10 -usetoaccess 0
Create a resource identity pool associated with a given site.
Synopsis
add resource id pool -name <Name> [-description <Description>] [-site <Site Name>]
Description
Create a resource identity pool associated with a given site.
-name - Name of a resource identity pool to add. The name has to be unique for the site.
-description - Description of resource identity pool to add.
-site - Name of the site the added resource identity pool will be associated with. If the site is not specified, the resource identity pool will be created in the default partition unless the system is partitioned. In such case, the resource identity pool will be created global.
Return Type
VO:ResourceIdentityPoolVO with columns:
createDate
createUserID
description
lastModifiedDate
lastModifiedUserID
name
resourceIdentityPoolID
siteID
Examples
add resource id pool -name VLANs -description "Pool of VLAN names" -site SiteA
-type - Role type must be either MDP (for modify device permission) or VIEW (for view partition permission).
-resources - Comma-separated list of resources to which the user role has access. For role type MDP, specify device group names. For role type VIEW, specify some or all of the partition names under the specified view name.
-viewname - Required for role type VIEW. The device-specific view for this role.
-desc - Optional description string.
Return Type
STATUS
Examples
add role -name operators -type MDP -resources "Labs,WP-Controllers" -desc "Operators for labs and wp controllers"
An email message (containing the system message) will be the result of an added system messages if the system is configured to send email for added events.
-message - The text of the system message
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
Return Type
STATUS
Examples
add system message -ip 192.0.2.10 -message "Connectivity to the border router has been restored."
add system message -message "This is a test of the emergency broadcast system."
-p - Password. To enter the password without displaying it on the command line, omit -p and respond to the password prompt.
-fn - First name
-ln - Last name
-email - Email address
-aaausername - AAA username for this user.
-aaapassword - AAA password for this user. To enter the password without displaying it on the command line, use -aaapassword with no password value and respond to the password prompt.
-useaaaloginforproxy - Whether to user AAA logins for the Proxy Interface for this user (yes|no).
-extauthfailover - Whether to allow external auth failover for this user (yes|no).
Return Type
STATUS
Examples
add user -u johnd -p fish -fn john -ln doe -email johnd@example.net
add user -u johnd -fn john -ln doe -aaausername johnd -aaapassword -useaaaloginforproxy 0
-deviceid - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-vlanid - Vlan ID to add
-vlanname - Name for Vlan added
-addports - Ports that need to be added to the Vlan
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-portname - trunk port name to add
-nativevlanid - specify a native or default vlan id
-addvlanids - vlan ids to add to trunk
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
Modify the comments on, or the display name of, a device access record.
Synopsis
annotate access -id <Device access record ID> [-comment <Comment>] [-name <Name>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>]
Description
-id - Specifies a device access record. Think of this as a "device access record ID".
-comment - Additional information regarding the access record.
-name - An optional name for the access record.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
STATUS
Examples
annotate access -id 2 -comment "Device tainted at this point." -name "Intrusion detected"
It lets users assign an existing command script to a policy rule. Any command script in the system can be assigned as long as they comply the syntax of auto-remediation scripting language and rule definition.
-ruleid - Policy Rule ID
-scriptid - Custom Script ID
Return Type
STATUS
Examples
assign auto remediation script -ruleid 1234 -scriptid 5678
It schedules a check policy compliance task. Note that: Either a device identified by IP (-ip option) or a device group identified by name (-group option) must be provided, and the task will be scheduled for a device or a group of devices. -types option is mandatory and determines what types of policy rules will be checked. Multiple types must be separated by commas. For example: -types "config,level". The options are: 'config', 'diagnostic', 'software', 'level' (for software level)
-ip - Device IP
-group - Device Group
-types - Rule Types (comma saperated list of rule types: config|diagnostic|software|level)
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates that the command should return only after the deploy task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-sessionlog - If true a complete session log will be saved with this task.
-retryCount - The number of times to retry the task if it fails.
-retryInterval - The number of seconds between retries.
-comment - Comment
-priority - Task priority value (1, 2, 3, 4 or 5). Default value is 3. Invalid priority will be changed to an appropriate value automatically.
Have the system configure the specified device to send all syslog messages necessary for the system's change detection facilites to function optimally to the system's syslog server. The configuration operation is atually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-group - A valid group name. Do not use this option with -ip (exactly one of -ip or -group must be specified).
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the Configure Syslog task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel- Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-comment - An optional comment about the Configure Syslog task.
-usesyslogrelay - Indicates to the syslog configuration task that the device currently logs to syslog relay host. Supply this option if you wish to set up forwarding on that relay host rather than have the device log directly to the system's syslog server. The specified IP address is taken to be the IP address of the relay host.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
Return Type
String
Examples
configure syslog -ip 192.0.2.10
configure syslog -ip 192.0.2.10 -priority 3
configure syslog -ip 192.0.2.10 -usesyslogrelay blanka
Connect to a device through the system's Proxy Interface via telnet, ssh, or rlogin. If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-login - Bypass single sign-on and instead take the user to the device login prompt.
-method - Method used to connect to devices outside of the system or for devices in the system when single sign-on is turned off (implies -login option).
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
-info - Dump connection variable information (can set the info prefix following a colon, like "-info:")
-ignoreptyerrors - Ignore pty errors for SSHv2 connections if "-login" option is on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards. The device id can be specified instead by preceding it with a '#'
- Port to use to connect to devices outside of the system.
All the fields on the policy page UI can be passed to the API call. Note that: '-dg' option can take multiple device groups to set the scope of the policy to be created. Device group names must be separated by commas. '-exceptions' option can take multiple devices by either IP addresses or host names separated by commas. Default value -status option is inactive, therefore, a policy created without -status active will be created as inactive. Created policy will not have any rules in it. create policy rule CLI command or API call must be used to create rule(s) after a policy is created.
-name - Policy Name
-site - Site Name
-tag - Policy Tag
-desc - Policy Description
-dg - Policy Scope (comma separated device group names)
-exceptions - Policy Exceptions (comma separated host names or IPs)
create policy rule -policyid <Policy ID> -name <Policy Rule Name> -type <Policy Rule Type (configuration|diagnistic|software)> -devicefamily <Device Family (type 'all' to apply to all device families)> [-drivers <Drivers (comma separated internal names of drivers)>] [-importance <Importance (informationa|low|medium|high|critical)>] [-useblock <Define Block Start/End Patterns (true|false)>] [-textblockstartpattern <Text Block Start Regex Pattern, or null to remove existing>] [-textblockendpattern <Text Block End Regex Pattern, or null to remove existing>] [-desc <Rule Description>] [-details <Detailed Description>]
Description
Note that: To apply to all device families, please use '-devicefamily all' option. Device family name is the internal name. If the name provided is not valid, the command will fail and print valid device family names as reference. If user has only provided the device family name ('-devicefamily' option) but not drivers with '-drivers' option, it will be assumed to be all device drivers. If one or more drivers are provided with '-drivers' option, the scope will be set accordingly. Driver names are internal names in NA. If there is one or more invalid driver names provided, the command will fail and print all valid driver names under the given device family. There is a separate command to create exceptions ('create rule exception' command). Auto-remediation scripts can be assigned to a rule using 'assign auto remediation script' command. The rule created will not have any rule conditions in it, and the boolean expression (rule logic) will be empty. There are other commands to create rule conditions and set the rule logic.
-policyid - Policy ID
-name - Policy Rule Name
-type - Policy Rule Type (configuration|diagnistic|software)
-devicefamily - Device Family (type 'all' to apply to all device families)
-drivers - Drivers (comma separated internal names of drivers)
create rule condition -ruleid <Policy Rule ID> -label <Label (A letter A-Z)> -datamodel <Data Model Element Name> -operator <Operator Name> -operand <Operand (text or regex pattern)> [-exceptionoperand <Except Operand (Second operand, for 'must contain only' operator>] [-regex <Regex (true|false)>] [-exactorder <Exact Order (true|false)>]
Description
Note that: Data model element name provided by '-datamodel' option is the internal name. The list of data model names will be printed if the name provided is not valid. The operator name is also internal name. The list of valid operator names for a given data model element will be printed if the operator name provided is not valid. If the the operator is 'must contain only', the '-exceptionoperand' must be provided. Creating a rule condition will not update the rule logic. User must use 'set rule logic' command to update the rule logic boolean expression accordingly.
Note that: If regular expression pattern is not provided ('-pattern' option), the device will be excluded completely; otherwise, only the config text matching the pattern will be excluded. If an expiration date is not provided ('-expirationdate' option), the exception will never expire.
del access [-id <Device Access Record ID.>] [-cutoff <Date>]
Description
This command can delete a single access record when provided that record's id (via. the option "-id"), or all access records prior to a given date (via the option "-cutoff"). Provide exactly one of "-id", "-cutoff". Note that deleting access records will cause all configs associated with the deleted access record to also be deleted.
-id - A device access record ID.
-cutoff - YYYY:MM:DD:HH:mm. All access records prior to this date will be deleted.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: The device for which password information should be deleted.
-host - A valid hostname: The device for which password information should be deleted.
-fqdn - A valid Fully Qualified Domain Name: The device for which password information should be deleted.
-deviceid - A device ID
-loc - Location
-site - site of rules to be deleted
-rulename - anme fo rules to be deleted
Return Type
STATUS
Examples
del authentication -ip 192.0.2.10
del authentication -loc db -site SiteA -rulename arule
del device context -deviceid <Device ID> -contextvariables <Context Variables>
Description
For drivers that support it, remove a virtual context from a device
-deviceid - The device ID to remove a context from
-contextvariables - A comma separated list of driver specific variables and values that are required to delete a context on the given device. These variables can be found using the 'list device context variables' command.
Return Type
String
Examples
del device context -deviceid 749 -contextvariables "context_name=foo"
del device data [-id <Config ID>] [-cutoff <Date>]
Description
This command can delete a single device data block when provided that device data id (via. the option "-id"), or all device data prior to a given date (via the option "-cutoff"). Provide exactly one of "-id", "-cutoff".
-id - A config ID
-cutoff - YYYY:MM:DD:HH:mm. All configs prior to this date will be deleted.
del ip -ipvalue <Value> [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Delete the indicated command script, advanced script or diagnostic. The desired script or diagnostic can be specified by ID, or by a combination of name and type. If more than one name match occurs, then an error will be reported and you must specify the unique script desired by ID.
-id - ID of the desired script or diagnostic
-name - Name of the desired script or diagnostic
-type - Type of the desired script or diagnostic - may be command, advanced, diagnostic or advdiagnositic
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-vlanid - Vlan ID to delete
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-portname - trunk port name to delete
-nativevlanid - specify a native or default vlan id
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
Return Type
String
Examples
del vlan trunk -deviceid 2801 -portname xxx -nativevlanid 11
Deploy the specified config to a specified device either right away, or at some point in the future. The deploy operation is actually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-id - The ID of the config to deploy to the specified device.
-configtext - The configuration text to deploy to the specified device.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the deploy task is complete. Do not use this option with -start.
-option - current or startup_reload, as applicable to the device.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
Return Type
String
Examples
deploy config -ip 192.0.2.10 -id 1962 -sync -option current
deploy image -ip <device ip address> [-site <site of imageset>] -imageset <imageset name> -images <images separated by ,> [-reboot <reboot instruction>] [-rebootwait <reboot wait (in seconds)>] [-filesystem <file system of device>] [-pretask <task to run before deployment>] [-posttask <task to run after deployment>] [-verify <true|false>] [-start <Task start date>] [-comment <Snapshot comment>] [-duration <Estimated duration of snapshot task.>] [-sessionlog <true or false>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-retryInterval <Retry count>] [-retryCount <Retry interval>] [-priority <Task priority>] [-bootimage <Boot image filename>] [-bootslot <Boot image filesystem name>] [-osimage <OS image filename>] [-osslot <OS image filesystem name>] [-taskname <Task name>]
Description
Deploy software images to a device.
-ip - ip address of the device the images will deploy to.
-site - partition site which the imageset belongs to. Will look for global imagesets if not specified.
-imageset - imageset name the images from.
-images - images from the imageset to be deployed.
-reboot - wheather to reboot the device after deploy images.
-rebootwait - seconds to wait before reboot.
-filesystem - filesystem name of the device the images will deploy to.
-pretask - name of task before deployment.
-posttask - name of task after deployment.
-verify - verify the image after deployment.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-comment - An optional comment about the snapshot.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-bootimage - Some devices use different files for the boot image (firmware) and for the OS image. In those cases, use this option to identify the boot image.
-bootslot - The filesystem (slot) to receive the boot image. Used in conjunction with the -bootimage option. If no boot slot is specified, the boot image is deployed to the location specified by the -filesystem option.
-osimage - Some devices use different files for the boot image (firmware) and for the OS image. In those cases, use this option to identify the OS image.
-osslot - The filesystem (slot) to receive the OS image. Used in conjunction with the -osimage option. If no OS slot is specified, the OS image is deployed to the location specified by the -filesystem option.
Attempts to match a driver to the specified device.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: The device for which a driver should be discovered.
-host - A valid hostname: The device for which a driver should be discovered.
-fqdn - A valid Fully Qualified Domain Name: The device for which a driver should be discovered.
-deviceid - A device ID
-nosync - Indicates not to wait for command to complete
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-replace - Replace the existing driver. If this option is not specified, no change will be made if device already has driver.
discover drivers [-noskip] [-group <Device group for drivers discovery>] [-priority <Task priority>] [-replace] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>]
Description
Attempts to match a driver to each device that the system recognizes.
-noskip - do not skip devices with known drivers
-group - discover drivers for specified group
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-replace - Replace the existing driver. If this option is not specified, no change will be made if device already has driver.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
Return Type
String
Examples
discover drivers
discover drivers -priority 3
discover drivers -noskip
discover drivers -noskip -replace
discover drivers -runmode synchronous
discover drivers -runmode serial
discover drivers -runmode serial -stoponfailure true
get external credential -category <External redential category>
Description
Get the username and passwords used to log on toexternal applications/websites such as cisco.com and its proxy server.If current user has not defined the external credentials, the return value is null.Otherwise, the return value is a result set that contains following clear text attributes: username password
-category - Specify the type of the credentail to get. Must be an integer value. Supported values: 0, cisco.com; 1, cisco.com proxy
get snapshot [-ip <IP address>] [-group <Groupname>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-rep <Task repeat period>] [-sync] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-start <Task start date>] [-comment <Snapshot comment>] [-duration <Estimated duration of snapshot task.>] [-sessionlog <true or false>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-retryInterval <Retry count>] [-retryCount <Retry interval>] [-priority <Task priority>] [-taskname <Task name>]
Description
Get the config from a specified device either right away, or at some point in the future. The retrieval operation is actually a scheduled task. Using this command, you can set the task to repeat periodically.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-group - A valid group name. Do not use this option with -ip (exactly one of -ip or -group must be specified).
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-comment - An optional comment about the snapshot.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
Return Type
String
Examples
get snapshot -ip 192.0.2.10
get snapshot -ip 192.0.2.10 -priority 3
get snapshot -ip "East Office:192.0.2.10"
get snapshot -host Zangief -start 2004:02:29:23:59 -rep 2days
get snapshot -ip 192.0.2.10 -runmode synchronous
get snapshot -group mygroup
get snapshot -group mygroup -runmode serial
get snapshot -group mygroup -runmode serial -stoponfailure true
import -input <Filename or CSV data> -data <device or auth> [-log <Filename>] [-append <true or false>] [-discoverafter <true or false>] [-configuresyslog <true or false>] [-usesyslogrelay <Hostname>] [-filter <Filename>] [-cleanafter <true or false>] [-deviceorigin <Any String>] [-debug <true or false>]
Description
This command can import into the system device or device password information contained in appropriately formatted CSV files. (Contact customer support for a CSV file format specification.)
-input - Either the name of a file that contains CSV data or the CSV data itself. For a file, include the absolute path. Use the forward slash (/) as the directory separator on all operating systems.
-data - Whether the type of information imported is devices or device authentication.
-log - Command log file.
-append - If true, this command will append to the log file. If false, this command will overwrite the log file. This option is false by default.
-discoverafter - Discover drivers for imported device? This option is false by default.
-configuresyslog - Configure devices to send syslog messages to the system? Valid values are true | false
-usesyslogrelay - The name of a syslog relay host to use
-filter - An application that reads the input file from stdin, and writes a the system compatible CSV file to stdout.
-cleanafter - If true, then after importing data, a process will run on the server that will delete old devices. Devices are deleted according to the current configuration of the system's "deletion-on-import" rules, and the argument to the deviceorigin option. This option is false by default.
-deviceorigin - A description of the source of the data. This is recorded by the system, but is not visible via any UI.
The import filename must contain the absolute path to the file and must be directly accessible by the system.The import file is usually created by exporting policies.
-filename - Specify the absolute path to the import file. If the path contains spaces, you must quote the argument.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those access records created on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: "
-end - Display only those access records created on or before the given date. Values for this option have the same format as for the option -start.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those configs stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those configs stored on or before the given date. Values for this option have the same format as for the option -start.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those configs stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those configs stored on or before the given date. Values for this option have the same format as for the option -start.
-size - Display the size (in bytes) of each config
-ids - List only configs in this comma-separated list of IDs.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those configs stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those configs stored on or before the given date. Values for this option have the same format as for the option -start.
list device context variables -deviceid <Device ID> -action <Action>
Description
Adding device contexts requires device specific parameters. This command lists the device context variables needed to perform a context addition or removal. For example, one device might require a context name and a config location, while a different device might require a context name and a slot number. This command will list what is needed for the device you are working on. This information is then used as input into the add device context command.
-deviceid - The deviceID to get context variable names for
-action - The action to get context variable names for (add or remove)
Return Type
String
Examples
list device context variables -deviceid 749 -action add
List device groups that contain one or more devices.
Synopsis
list device group [-software <Software Version>] [-vendor <Device Vendor>] [-type <Device Type>] [-model <Device Model>] [-family <Device Family>] [-parent <Parent Device Group Name>]
Description
Lists the device groups that match the specified device criteria. If no argument is provided, lists all device groups that contain at least one device.
-software - List only device groups for devices running this software
-vendor - List only device groups for devices with this vendor name
-type - List only device groups for devices of this type (Router, Switch, etc.)
-model - List only device groups for devices of this model ("2500 (3000 series)", BIG-IP, etc.)
-family - List only device groups for devices in this device family ("Cisco IOS", F5, etc.)
-parent - List only device groups that are direct descendants of this parent device group name
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in. One of -ip, -host, -fqdn, or -deviceid is required.
-host - A valid hostname. One of -ip, -host, -fqdn, or -deviceid is required.
-fqdn - A valid Fully Qualified Domain Name. One of -ip, -host, -fqdn, or -deviceid is required.
-deviceid - A device ID. One of -ip, -host, -fqdn, or -deviceid is required.
-start - Display only those diagnostics stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those diagnostics created on or before the given date. Values for this option have the same format as for the option -start.
Return Type
Collection:DeviceDataVO with columns:
blockFormat
blockSize
blockType
changedBy
comments
createDate
customModel
dataBlock
deviceAccessLogID
deviceDataID
deviceID
lastModifiedDate
maskedSize
sourceDeviceDataID
variableData
Examples
list diagnostic -ip 192.0.2.10 -diagnostic "vlan report"
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: Display only those events associated with the specified device.
-host - A valid hostname: Display only those events associated with the specified device.
-fqdn - A valid Fully Qualified Domain Name: Display only those events associated with the specified device.
-deviceid - A device ID
-type - A valid event type: Display only events of this type.Values for this option may one of the following:Approval No Longer RequiredApproval RequestApproval GrantedApproval Task ChangedApproval Task DeletedApproval DeniedApproval Task TimeoutApproval OverrideCommand Authorization ErrorCommand Script ModifiedUser Authentication ErrorConfiguration Policy AddedConfiguration Policy Non-ComplianceConfiguration Policy ChangedConfiguration Policy Pattern TimeoutConfiguration Rule AddedConfiguration Rule ChangedDevice Access FailureDevice AddedDevice Password ChangeDevice BootedDevice Command Script FailedDevice Command Script Completed SuccessfullyDevice Configuration ChangeDevice Configuration Change - No UserDevice Configuration Deployment FailureDevice Configuration DeploymentDevice Data FailureDevice DeletedDevice Diagnostic ChangedDevice Diagnostic FailedDevice Diagnostic Completed SuccessfullyDevice Flash Storage Running LowGroup ModifiedGroup AddedGroup DeletedDevice InaccessibleDevice EditedLast Used Device Password ChangedDevice ManagedDevice Missing from ImportDevice Permissions - ModifiedDevice Reservation ConflictDevice SnapshotDevice Software ChangeDevice Startup/Running Config DifferenceDevice UnmanagedDiagnostic ModifiedSoftware Vulnerability DetectedEmail Report SavedExternal Directory Server Authentication ErrorLicense Almost ExceededLicense Almost ExpiredLicense ExceededLicense ExpiredModule AddedModule ChangedModule RemovedMonitor OkayMonitor ErrorDevice Permissions - New DeviceDevice Password Change FailureConcurrent Telnet/SSH Session OverrideReserved Device Configuration ChangedScheduled for Deploy Configuration EditedScheduled for Deploy Password ModifiedServer StartupSession Data CapturedSoftware Update FailedSoftware Update SucceededSummary Reports GeneratedPending Task DeletedTask StartedTicket CreatedUser LoginUser LogoutUser AddedUser DeletedUser Permission ChangedUser Message
-start - Display only events after this date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those ICMPTest models stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those ICMPTest models stored on or before the given date. Values for this option have the same format as for the option -start.
List all configs for which the ShowInterfaces model may be shown.
Synopsis
list int [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-start <Date>] [-end <Date>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those ShowInterfaces models stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those ShowInterfaces models stored on or before the given date. Values for this option have the same format as for the option -start.
list ip [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
Lists ip addresses for specific device.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those ShowOSPFNeighbors models stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those ShowOSPFNeighbors models stored on or before the given date. Values for this option have the same format as for the option -start.
List ports (or interfaces) for a specific device in the system.
Synopsis
list port [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
Ports are ports and interfaces found on the devices in their configuration or within ancillary commands that detail specifics of the ports and interfaces. The values returned have been processed by the device drivers.
-ip - List all device ports on the device with this IP address
-host - List all device ports on the device with this hostname
-fqdn - List all device ports on the device with this Fully Qualified Domain Name
-deviceid - List all device ports on the device with this device ID
list port channels [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
List all resource identity pools associated with a given site.
Synopsis
list resource id pool [-site <Site Name>]
Description
List all resource identity pools associated with a given site.
-site - Name of the site the resource identity pools to be listed are associated with. If the site is not specified, the resource identity pools associated with the default partition will be listed unless the system is partitioned. In such case, only the global resource identity pools will be listed.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those routing tables stored on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those routing tables stored on or before the given date. Values for this option have the same format as for the option -start.
List command scripts, advanced scripts and/or diagnostics.
Synopsis
list script [-type <Type>] [-scripttype <Script Type>] [-name <Name>] [-mode <Mode>] [-ids <Script ID List>] [-sitename <Site Name>]
Description
-type - Type of the desired script or diagnostic - may be command, advanced, diagnostic or advdiagnositic
-scripttype - User defined script type (i.e. subcategory) - applies only to command scripts and advanced scripts
-name - Script name
-mode - Script mode - for command scripts and diagnostics the script's level of device access (such as Cisco IOS enable); for advanced scripts the device family (such as Cisco IOS)
-ids - List only scripts in this comma-separated list of IDs.
-sitename - Site Name of the site the script belongs to.
Return Type
Collection:CustomScriptVO with columns:
createDate
createUserID
customScriptID
description
lastModifyDate
lastModifyUserID
name
parameters
script
scriptMode
scriptType
siteID
taskType
variableData
Examples
list script
list script -type diagnostic
list script -type advanced -scripttype "Core Provisioning Scripts"
List command script IDs, advanced scripts and/or diagnostics.
Synopsis
list script id [-type <Type>] [-scripttype <Script Type>] [-name <Name>] [-mode <Mode>] [-id <ID>]
Description
-type - Type of the desired script or diagnostic - may be command, advanced, diagnostic or advdiagnositic
-scripttype - User defined script type (i.e. subcategory) - applies only to command scripts and advanced scripts
-name - Script name
-mode - Script mode - for command scripts and diagnostics the script's level of device access (such as Cisco IOS enable); for advanced scripts the device family (such as Cisco IOS)
-id - Script ID
Return Type
Collection:IntegerVO
Examples
list script id
list script id -type diagnostic
list script id -type advanced -scripttype "Core Provisioning Scripts"
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those interceptor log records created on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those interceptor log records created on or before the given date. Values for this option have the same format as for the option -start.
list system message [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-start <Date>] [-end <Date>]
Description
Lists all system messages unless you include one of the options. Including one of the device options displays all system messages associated with the specified device.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those system messages created on or after the given date.Values for this option may be in one of the following formats:YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30YYYY-MM-DD e.g. 2002-09-06YYYY/MM/DD e.g. 2002/09/06YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30Or, one of: now, today, yesterday, tomorrowOr, in the format: e.g. 3 days ago is a positive integer. is one of: seconds, minutes, hours, days, weeks, months, years;. is one of: ago, before, later, after.
-end - Display only those system messages created on or before the given date. Values for this option have the same format as for the option -start.
This command behaves differently depending on the options you give it. The command by itself returns a list of all tasks. Each option filters the returned list of tasks, causing it to return a subset of the total list.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: Display only those tasks associated with the specified device.
-host - A valid hostname: Display only those tasks associated with the specified device.
-fqdn - A valid Fully Qualified Domain Name: Display only those tasks associated with the specified device.
-deviceid - A valid device ID: Display only those tasks associated with the specified device.
-start - YYYY:MM:DD:HH:mm: Display only those tasks whose schedule date falls on or after the given date.
-end - YYYY:MM:DD:HH:mm: Display only those tasks whose schedule date falls on or before the given date
-parentid - a task ID: Display only those tasks whose parent is the task specified by the given Task ID.
list topology graph [-deviceids <List of Device IDs>] [-deviceportids <List of Device Port IDs>] [-serverids <List of Server IDs>] [-serverportids <List of Server Interface IDs>] [-deviceid <A Device ID>]
Description
-deviceids - A comma separated list of device IDs
-deviceportids - A comma separated list of device port IDs
-serverids - A comma separated list of server IDs
-serverportids - A comma separated list of server interface IDs
list trunk port [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Modify the indicated advanced diagnostic. The desired diagnostic can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique diagnostic desired by ID.
-id - ID of the advanced diagnostic to edit
-name - Name of the advanced diagnostic to edit
-newname - New name for the diagnostic being modified
-description - New description for the diagnostic being modified
-family - New device family for the diagnostic being modified
-language - New language for the diagnostic being modified - must be a supported language such as Expect or Perl
-parameters - New command line parameters for the diagnostic being modified
-script - New script text
-sitename - Site name
Return Type
STATUS
Examples
mod advanced diagnostic -id 22 -newname "Set Duplex" -description "Sets the interface duplex configuration" -sitename "Default Site"
Modify the indicated advanced script. The desired script can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique script desired by ID.
-id - ID of the advanced script to edit
-name - Name of the advanced script to edit
-newname - New name for the script being modified
-description - New description for the script being modified
-scripttype - New script type (i.e. user defined subcategory)
-family - New device family for the script being modified
-language - New language for the script being modified - must be a supported language such as Expect or Perl
-parameters - New command line parameters for the script being modified
This command can modify passwords on a specific device, across all devices in a device group, or merely update what the system knows of the device's password information. When using this command to modify passwords on a device or device group, the modification operation is actually a scheduled task.
-loc - The location to which password information should be written. Valid values for this argument are "db", "device", and "group". "db" tells the command that password information should be changed only in the system's database. "device" tells the command that the password changes should be made on the device as well and "group" performs the same function as "device" but across all devices in the group.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: An existing device to which this password information should apply.
-host - A valid hostname: An existing device to which this password information should apply.
-fqdn - A valid Fully Qualified Domain Name: An existing device to which this password information should apply.
-deviceid - A valid device ID: An existing device to which this password information should apply.
-snmpro - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read only community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read only community strings to be, either set on the device, or appended to an existing list of read only community strings (depends on whether or not the -appendsnmpro flag was supplied.)
-snmprw - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read write community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read write community strings to be, either set on the device, or appended to an existing list of read write community strings (depends on whether or not the -appendsnmprw flag was supplied.)
-snmpv3user - When used in conjunction with -loc db, this argument is taken as the username for snmpv3 access.
-snmpv3authpw - When used in conjunction with -loc db, this argument is taken as the authentication password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3authpw with no password value and respond to the command prompt.
-snmpv3encryptpw - When used in conjunction with -loc db, this argument is taken as the encryption password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3encryptpw with no password value and respond to the command prompt.
-user - Username.
-passwd - Password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-connectionmethods - The methods used by the system to connect to devices. Can be telnet, serial_direct, or SSH.
-accessvariables - To override variables in the script, such as prompts.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Use this option only if the argument to the -loc flag is "device".
-appendsnmpro - Supply this option if read only community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-appendsnmprw - Supply this option if read write community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-sync - Indicates that the command should return only after the password change task is complete. Do not use this option with -start.
-group - The group name for performing this command across all devices in a group.
-site - The site partition this rule belongs to. Default to be global
-rulename - The password rule name to apply the access variables to
-rulehostname - Hostname, the rule applies to
-ruledevicegroup - Device group name, the rule applies to
-iprangestart - IP range start (range), the rule applies to
-iprangeend - IP range end (range), the rule applies to
Return Type
String
Examples
mod authentication -loc db -ip 192.0.2.10 -passwd fish -snmpro public -enablepasswd 31337
mod authentication -loc device -ip 192.0.2.10 -passwd limited -enablepasswd full
mod authentication -loc device -ip 192.0.2.10 -passwd some -enablepasswd all -snmprw brillig,slithy,toves,gire -appendsnmprw -sync
mod authentication -loc device -ip 192.0.2.10 -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
mod authentication -loc group -group MyDevices -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
mod authentication -loc db -rulename "rule 1" -rulehostname DALAB-C2600-NAT
mod authentication -loc db -rulename "rule 2" -ruledevicegroup DeviecGroup1
mod authentication -loc db -site DefaultSite -rulename "rule 3" -iprangestart 172.30.1.1 -iprangeend 172.30.1.5
mod authentication -loc db -ip 192.0.2.10 -passwd -enablepasswd -snmpro public
Modify the indicated command script. The desired script can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique script desired by ID.
-id - ID of the command script to edit
-name - Name of the command script to edit
-newname - New name for the script being modified
-description - New description for the script being modified
-scripttype - New script type (i.e. user defined subcategory)
-mode - New command script mode
-driver - New list of applicable drivers - provided as a comma separated list of internal driver names
mod device [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-hostname <New Hostname>] [-comment <Comment>] [-description <Device name>] [-model <Device model>] [-vendor <Device vendor>] [-domain <Domain name>] [-serial <Serial number>] [-asset <Asset tag>] [-location <Location>] [-status <Status>] [-nopoll <Do not poll>] [-newIP <New IP address>] [-consoleip <Console IP address, if using console server>] [-consoleport <Console Port>] [-tftpserverip <TFTP server IP address, if using NAT>] [-natip <NAT IP address>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-useconsoleserver <true or false>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-hostname - The device's new host name
-comment - Additional information regarding the device.
-description - The descriptive name of the device (informational only).
-model - The device's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-domain - A fully qualified domain name (such as www.google.com).
-serial - The device's serial number.
-asset - The device's asset tag.
-location - The device's location.
-status - 0: Mark this device as managed by the system (Active). 1: Mark this device to be unmanaged by the system(Disable). 3: Mark this device as pre-production.
-nopoll - 0: Mark this device to be polled for changes. 1: Mark this device as not to be polled for changes.
-newIP - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device will be put in. This is the new IP address of the device.
-consoleip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with REALM_NAME:, where REALM_NAME is the name of the Realm the address is in. To remove this IP, supply empty string "" as argument.
-consoleport - The port number
-tftpserverip - a.b.c.d where 0 <= a,b,c,d <= 255. To remove this IP, supply empty string "" as argument.
-natip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with REALM_NAME:, where REALM_NAME is the name of the Realm the address is in. To remove this IP, supply empty string "" as argument.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-useconsoleserver - true, if the device uses a console server. false, if the device does not.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP,SFTP, SNMP, snmp_noauthnopriv, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha_des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes192, snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.If this option is not provided, the system will try all access methods when attempting to connect to the device.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
Return Type
STATUS
Examples
mod device -ip 192.0.2.10 -newIP 192.0.2.10
mod device -ip 192.0.2.10 -newIP "West Site:192.0.2.10"
mod device -ip "East Site:192.0.2.10" -newIP "West Site:192.0.2.10"
mod device -ip 192.0.2.10 -nopoll 1 -comment "enabled polling by change detection."
mod device -ip 192.0.2.10 -customname Owner -customvalue Bob
mod device -ip 192.0.2.10 -customnames "Owner,Location" -customvalues "Bob,'Seattle, WA'"
mod device template -templateid <Device Template ID> [-hostname <Device name>] [-newdriver <Driver name>] [-comment <Comment>] [-description <Description>] [-model <Device model>] [-vendor <Device vendor>] [-location <Location>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>] [-sitename <Site Name>]
Description
-templateid - A device template ID
-hostname - A valid name
-newdriver - The new device driver name in short form
-comment - Additional information regarding the device template.
-description - The descriptive name of the device template (informational only).
-model - The device template's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-location - The device's location.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP, SNMP,snmp_noauthnopriv, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha_des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes192, snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
-sitename - The Site name in which the template belongs to.
Return Type
STATUS
Examples
mod device template -templateid 801 -comment "Test Comment"
mod device template -templateid 801 -customname Owner -customvalue Bob
mod device template -templateid 801 -accessmethods FTP,SSH
-configtext - A valid configuration text in double quotes
-configfile - Specify the absolute path to the file which contains the device template configuration. The file must be directly accessible by the system.
Return Type
STATUS
Examples
mod device template config -templateid 801 -configtext "$var1"
mod device template config -templateid 801 -configile /usr/home/config.txt
Modify the indicated diagnostic script. The desired diagnostic can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique diagnostic desired by ID.
-id - ID of the diagnostic to edit
-name - Name of the diagnostic to edit
-newname - New name for the diagnostic being modified
-description - New description for the diagnostic being modified
-mode - New command script mode
-driver - New list of applicable drivers - provided as a comma separated list of internal driver names
-script - New diagnostic script text
-sitename - Site name
Return Type
STATUS
Examples
mod diagnostic -id 22 -newname "Show IP CEF" -description "Gather IP CEF information" -sitename "Default Site"
mod diagnostic -name "Extended Ping To Core" -mode "Cisco IOS enable" -driver "CiscoIOSGeneric,CiscoIOSSwitch" -script "extended ping 192.0.2.10"
mod group -type <Type> -name <Name> [-newname <New name>] [-comment <Comment>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-shared <Shared>]
Description
Modify the comments associated with and/or the name of a group.
-type - The type of the group. "device" is currently the only valid argument to this option.
-name - The name of the group to be modified.
-newname - The new name for the modified group. Do not use this option unless you also use -name.
-comment - Additional information regarding the group.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-shared - 1 if the group is shared, 0 if it is not.
Return Type
STATUS
Examples
mod group -name "mystery routers" -type device -comment "removing these devices is a bad idea, but we don't really know what purpose they serve."
mod group -type device -name "border routers" -newname "defunct"
mod group -type device -name "border routers" -customname Location -customvalue Earth
mod ip -ipvalue <Value> [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-comment <Comment>] [-usetoaccess <Use to Access Device>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-comment - Additional information regarding the device.
-usetoaccess - Use this IP Value to access its device, 1 - yes, 0 - no, default - no
Return Type
String
Examples
mod ip -deviceip 192.0.2.10 -ipvalue 192.0.2.10 -comment "my own ip"
mod ip -deviceip 192.0.2.10 -ipvalue 192.0.2.10 -usetoaccess 0
mod ip -deviceid 1401 -ipvalue 192.0.2.10 -usetoaccess 0
mod module -id <Module ID> [-comment <Comment>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>]
Description
-id - The ID of a module
-comment - Additional information about the module.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
It modifies an existing policy. Note that the policy must be identified by either policy ID or policy name. Please also see the description for 'create policy' command.
-name - Policy Name
-policyid - Policy ID
-site - Site Name
-newname - New Name
-tag - Policy Tag
-desc - Policy Description
-dg - Policy Scope (comma separated device group names)
-exceptions - Policy Exceptions (comma separated host names or IPs)
-status - Policy Status (active|inactive)
-cve - CVE
-aurl - Vendor Advisory URL
-surl - Vendor Solution URL
-ddate - Disclosure Date
-solution - Solution
Return Type
ConfigPolicyVO with columns:
CVE
comments
configPolicyID
configPolicyName
createDate
description
disclosureDate
inUse
lastModifiedDate
lastModifiedUserID
scope
siteID
solution
status
tag
ticketNumber
vendorAdvisoryURL
vendorSolutionURL
Examples
mod policy -name "test policy" -desc "only for testing" -dg "Seattle,Dallas" -exceptions "switch11,10.255.40.11"
mod port -id <Port ID> [-comment <Comment>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>]
Description
-id - The ID of a port
-comment - Additional information about the port.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
mod resource id custom field data [-fielddataid <Custom field data ID>] [-resourceidentityid <Resource Identity ID>] [-fieldname <Custom field name>] [-data <Custom field data>]
Description
Modify custom field data for a resource identity. Resource identity custom field data can be identified either by a custom field data ID (-fielddataid) or a combination of custom field name (-fieldname) and resource identity ID (-resourceidentityid). If resource identity custom field data ID is specified, custom field name and resource identity ID are ignored. If custom field data is not specified, the field value is set to null.
-fielddataid - ID of the custom field data.
-resourceidentityid - ID of the associated resource identity.
-fieldname - Name of the custom field.
-data - New value for modifying the custom field data. If the -data option is not specified, the custom field value is set to null.
Return Type
STATUS
Examples
mod resource id custom field data -fielddataid 321 -data BLDG7
mod resource id custom field data -resourceidentityid 201 -fieldname vlanid -data VLAN22
Change an existing user role of type modify device partition or view partition permission.
Synopsis
mod role -name <Role name> -resources <Resources> [-viewname <Device view name>] [-desc <Description>]
Description
Change an existing user role of type modify device partition or view partition permission.
-name - Role name.
-resources - Comma-separated list of resources to which the user role has access. This value overwrites the existing configuration. For role type MDP, specify device group names. For role type VIEW, specify some or all of the partition names under the specified view name.
-viewname - Optional for role type VIEW. Changes the device-specific view for this role.
-desc - Optional description string.
Return Type
STATUS
Examples
mod role -name operators -resources "Labs"
mod role -name "Junior Admins" -resources "partition X" -viewname View2
mod rule condition -rcid <Rule Condition ID> [-operator <Operator Name>] [-operand <Operand (text or regex pattern)>] [-exceptionoperand <Except Operand (Second operand, for 'must contain only' operator>] [-regex <Regex (true|false)>] [-exactorder <Exact Order (true|false)>]
Description
It modifies an existing rule condition that is identified by rule condition ID (use 'list rule condition' command to see IDs). Note that data model element name cannot be modified. Please also see the description for 'create rule condition' command.
mod task -id <Task ID> [-comment <Comment>] [-retryInterval <Retry interval>] [-expensive] [-notexpensive] [-days <Days>] [-retryCount <Retry count>] [-repeatType <Repeat type>] [-duration <Duration>] [-start <Start>] [-repeatInterval <Repeat interval>] [-approve <Approval comment>] [-reject <Reason the task is not approved>] [-override <Reason for overriding approval process>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-sessionlog <true or false>] [-priority <Task priority>] [-coreid <Core ID>] [-taskname <Task name>]
Description
-id - The task ID of the task to modify.
-comment - Additional information about the task.
-retryInterval - The number of seconds between retries.
-expensive - Mark the task as expensive. Do not use this option with -notexpensive.
-notexpensive - Mark the task as not expensive. Do not use this option with -expensive.
-days - This argument differs depending on the task.For weekly tasks, -days should be a comma-separated list of weekdays. Each item in the list is a day of the week upon which the task should be run. Valid weekdays are: sun, mon, tue, wed, thur, fri, sat.For monthly tasks, -days should be a single integer between 1 and 31, corresponding to the day of the month upon which the task should be run.
-retryCount - The number of times to retry the task if it fails.
-repeatType - The metric by which a task repeats. Valid values are 1: once, 2: periodically, 3: daily, 4: weekly, 5: monthly. If you modify this value, then modify -repeatInterval or -days accordingly.
-duration - Estimated duration the task will run(in minutes)
-start - YYYY:MM:DD:HH:mm. The first date the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-repeatInterval - This option differs depending on the task.For Periodic tasks, this is the period in minutes.For Monthly tasks, each bit of the integer (except the last) represents a day, but we recommend using the -days option to modify the days on which a monthly task runs.This option is invalid with all other tasks.
-approve - Approve the task
-reject - Reject the task
-override - Override the approval requirement
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-sessionlog - If true a complete session log will be saved with this task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-coreid - Core ID
-taskname - Task name
Return Type
STATUS
Examples
mod task -id 7097 -repeatType 4 -days mon,wed,thur
mod user -u <Username> [-p <Password>] [-fn <First name>] [-ln <Last name>] [-email <Email address>] [-priv <User Privilege>] [-newusername <Username>] [-aaausername <Username>] [-aaapassword <AAA Password>] [-useaaaloginforproxy <Use AAA Logins for Proxy (yes|no)>] [-extauthfailover <Allow External Auth Failover (yes|no)>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-status <Enable or Disable the user (enable|disable)>] [-view1partition <view1partitionname>] [-view2partition <view2partitionname>] [-view3partition <view3partitionname>]
Description
-u - Username
-p - Password. To enter the password without displaying it on the command line, use -p with no password value and respond to the password prompt.
-fn - First name
-ln - Last name
-email - Email address
-priv - User Privilege (1=Limited Access,2=Full Access,3=Power User,4=Admin)
-newusername - New username for this user.
-aaausername - AAA username for this user.
-aaapassword - AAA password for this user. To enter the password without displaying it on the command line, use -aaapassword with no password value and respond to the password prompt.
-useaaaloginforproxy - Whether to user AAA logins for the Proxy Interface for this user (yes|no).
-extauthfailover - Whether to allow external auth failover for this user (yes|no).
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-status - enable or disable
-view1partition - partition the user belongs to in the first view
-view2partition - partition the user belongs to in the second view
-view3partition - partition the user belongs to in the third view
Return Type
STATUS
Examples
mod user -u johnd -p new -fn Johnathan -email jdoe@example.net
mod user -u johnd -p new -fn Johnathan -email jdoe@example.net -priv 2
mod user -u -customname Title -customvalue Engineer
mod user -u johnd -status disable
mod user -u johnd -view1partition "Default Site" -view2partition Fedex -view3partition Security
mod user -u johnd -fn john -ln doe -aaausername johnd -aaapassword -useaaaloginforproxy 0
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-vlanid - Vlan ID to edit
-renameto - New Vlan name
-addports - Ports that need to be added to the Vlan
-removeports - Ports that need to be removed from the Vlan
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-portname - trunk port name to edit
-nativevlanid - specify a native or default vlan id
-addvlanids - vlan ids to add to trunk
-removevlanids - vlan ids to remove from trunk
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
Run a ping command from the server to the sepecified device.
Synopsis
os ping
Description
The ping command is an OS command. All ping options that are available at the OS level are supported. Users should be able to enter any host name or address. The behavior is that it simply passes the string to the OS, executes it as a command and returns the results of the executed command.
Run a traceroute command from the server to the sepecified device.
Synopsis
os traceroute
Description
The traceroute command is an OS command. All traceroute options that are available at the OS level are supported. Users should be able to enter any options the command supported. The behavior is that it simply passes the command to the OS, executes it and returns the results of the executed command.
Run a ping command from the server to the sepecified device.
Synopsis
os-ping
Description
The ping command is an OS command. All ping options that are available at the OS level are supported. Users should be able to enter any host name or address. The behavior is that it simply passes the string to the OS, executes it as a command and returns the results of the executed command.
Causes a series of ping commands to be executed on a device. One ping command is executed for each target host specified. This series of commands may by run on the device immediately, or scheduled to run sometime in the future. Via this command, the task scheduled can be set to repeat periodically. Note that if not scheduled as a task, this command may take some time to complete.
-source - Can be an IP address (a.b.c.d where 0 <= a,b,c,d <= 255), or a valid hostname, or a valid Fully Qualified Domain Name.
-sourcegroup - A valid group name. Exactly one of -source or -sourcegroup must be specified.
-dest - A comma separated list of devices. Devices may be specified in any way that is understood by the ping program on the device specified by the option "-source".
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes, the two integers don't have to be the same. This option should not be used unless -async is also supplied.
-async - Indicates that the ping operation should be scheduled on the system as a task. The start time for the task will be immediatly unless an alternate start data is provided by means of the -start option.
-start - YYYY:MM:DD:HH:mm. The date on which the task will first be run. This option should not be used unless -async is also supplied.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
port scan -deviceip <Device IP address> -deviceid <Device ID> [-start <Task start date>] [-rep <Task repeat period>] [-sync <true or false>] [-priority <Task priority>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-deviceid - A device ID
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
provision device -ip <IP address> -templateid <Device Template ID> -priority <Task priority> [-name <A used defined name for the task>] [-start <Task start date>] [-variables <Variable List>] [-ignorevariables] [-comment <Comment>] [-duration <Duration>] [-sessionlog <true or false>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-retryCount <Retry count>] [-retryInterval <Retry interval>] [-nocompliance] [-setactive] [-copydata] [-rep <Task repeat period>] [-taskname <Task name>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-templateid - Device template ID to provision the device.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-name - A User defined name for indetyfying the task.
-start - YYYY:MM:DD:HH:mm. The first date the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-variables - A list of variables to be replaced in the script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''"
-ignorevariables - Mark the config variables as ignored that are not passed in the variables argument to the command.
-comment - Additional information about the provision device task.
-duration - Estimated duration the task will run(in minutes)
-sessionlog - If true a complete session log will be saved with this task.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-retryCount - The number of times to retry the task if it fails.
-retryInterval - The number of seconds between retries.
-nocompliance - If passed policy compliance will not be checked before provisioning.
-setactive - Set device as active upon success.
-copydata - Copy additional information from device template to device.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
Load any new content packs (such as scripts or policies) that have been installed on the server since the last time it was restarted or content was reloaded.
It removes the auto-remediation script assignment from a rule identified by rule ID. Note that neither the script nor the policy rule will be deleted from the system; they both will be kept in the system.
-ruleid - Policy Rule ID
-scriptid - Custom Script ID
Return Type
STATUS
Examples
remove auto remediation script -ruleid 1234 -scriptid 5678
Connect to a device through the system's Proxy Interface via telnet (bypassing single sign-on). If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards.
- Port to use to connect to devices outside of the system.
Runs an existing advanced script, specified by name, against a device or group of devices. The proper variant of the script will be applied to each device. If no variant of the script supports a given device, that device will be skipped. The script is run as a system task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A valid group name. Either a device or a group must be specified, but not both (exactly one of -ip, -hostname, -fqdn or -group must be specified).
-name - Name of the advanced script to run
-parameters - Command line parameters for the advanced script to run
-variables - A list of variables to be replaced in the script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''"
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-nowait - Indicates that the task should not wait if there is another task currently running against the same device.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-sessionlog - If true, session log will be enabled for this task.
Runs an existing command script, specified by name, against a device or group of devices. The proper variant of the script will be applied to each device. If no variant of the script supports a given device, that device will be skipped. The script is run as a system task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A valid group name. Either a device or a group must be specified, but not both (exactly one of -ip, -hostname, -fqdn or -group must be specified).
-name - Name of the command script to run
-variables - A list of variables to be replaced in the script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''"
-linebyline - Indicates that line by line deployment is preferred, rather than file-based deployment
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-nowait - Indicates that the task should not wait if there is another task currently running against the same device.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-sessionlog - If true, session log will be enabled for this task.
Run the specified diagnostic on a specified device either right away, or at some point in the future. The run diagnostic operation is actually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A name of a device group (mutually exclusive with -ip, -host, or -fqdn)
-diagnostic - A diagnostic to run. Built-in diagnostics are 'NA Routing Table', 'NA Interfaces' and 'NA OSPF Neighbors'.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the deploy task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-comment - An optional comment about the diagnostic.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
Return Type
String
Examples
run diagnostic -ip 192.0.2.10 -diagnostic "vlan report" -sync
run diagnostic -ip 192.0.2.10 -diagnostic "NA Routing Table" -start 2004:02:29:23:59
Runs a NA task which spawns a new process that executes a command external to NA.
-app - The command to execute.
-start - YYYY:MM:DD:HH:mm The time when the command will be executed. Do not use this option with -sync.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates that the CLI command should return only after the task is complete. Do not use this option with -start.
-comment - Comments to be attached to the task that runs to execute the command.
-startdir - The working directory of the process in which the command is executed.
-resultfile - The file to contain the output of the command.
-errorifnonzero - If true the task will be marked FAILED or WARNING if the command returns a non zero result code.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
Run the specified command script on a specified device either right away, or at some point in the future. The run script operation is actually a scheduled task. If no mode is specified the first supported enable, supervisor, provisioning or root mode will be used.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A name of a device group (mutually exclusive with -ip, -host, or -fqdn)
-mode - A command script mode to run the script in.
-script - A script to run, may separate commands with '\n'. Commands that require multiple entries before returning to the device prompt can separate each entry with '\\r\\n'.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the deploy task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-nowait - Indicates that the task should not wait if there is another task currently running against the same device.
-comment - An optional comment about the script being run.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-disablesessionlogging - Indicates that the session should not be logged.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-linebyline - if true, enable line by line mode for the script execution
set core status -coreid <Core ID> -status <Status (inactive|active)>
Description
The status can be set to either 'active' or 'inactive'. Setting a core to 'inactive' completely excludes it from the Horizontal Scalability environment. It is recommended to power down inactive cores to reduce energy consumption. The 'standby' and 'normal' options have been deprecated. It is no longer necessary to restart any cores for this change to take effect.
set policy rule logic (boolean expression or IF-THEN-ELSE statement)
Synopsis
set policy rule logic -ruleid <Policy Rule ID> -boolexpr <Boolean Expression or IF-THEN-ELSE Rule Logic>
Description
It must be called to set the rule logic after rule conditions are created, deleted, or desired to be changed. Note that no other API call will change the rule logic.
-ruleid - Policy Rule ID
-boolexpr - Boolean Expression or IF-THEN-ELSE Rule Logic
Return Type
ConfigRuleVO with columns:
appliesToEntireDeviceFamily
blockEndPattern
blockStartPattern
comments
conditions
configPolicyID
configRuleID
configRuleName
createDate
description
deviceFamily
evaluationLogic
importance
inUse
lastModifiedDate
lastModifiedUserID
ruleType
scope
ticketNumber
Examples
set policy rule logic -ruleid 1234 -boolexpr "A"
set policy rule logic -ruleid 1234 -boolexpr "(A and B) or C"
set policy rule logic -ruleid 1234 -boolexpr "IF A THEN (B or C)"
If the -ip flag is given, show the BasicIP model for the most recent config for the specified device.If the -id flag is given, show the BasicIP model for the specified config.Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
The passwords are populated in following algorithm: 1) If device has a LastAuthentication records, the passwords will be retrieved from that record, otherwise: 2) If device has device specific passwords defined(on Edit Device page), the device specific passwords will be returned 3) Otherwise, the first applicable device password rule will be usedThe return value may contain some or all of following attributes, depending on the device setting:usernamepasswordenable_passwordread_communitywrite_communitysnmpv3_usersnmpv3_authpasswordsnmpv3_privpassword
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-protocol - A valid protocol (SNMP or CLI)
Return Type
Map
Examples
show device credentials -ip 192.0.2.10
show device credentials -ip "East Site:192.0.2.10"
show device credentials -ip 192.0.2.10 -protocol snmp
If the -ip flag is given, show the DeviceInformation model for the most recent config for the specified device.If the -id flag is given, show the DeviceInformation model for the specified config.Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
If the -ip flag is given, show the ICMPTest model for the most recent config for the specified device.If the -id flag is given, show the ICMPTest model for the specified config.Include exactly one of the -id or -ip option.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
show int [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-id <Config ID>]
Description
Output the raw diagnostic data from the ShowInterfaces model. To see the fully parsed interface values, see the show port command.If the -ip flag is given, show the ShowInterfaces model for the most recent config for the specified device.If the -id flag is given, show the ShowInterfaces model for the specified config.Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
show ip -ipvalue <Value> [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
If the -ip flag is provided, show the ShowOSPFNeighbors model for the most recent config for the specified device.If the -id flag is given, show the ShowOSPFNeighbors model for the specified config.Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Ports are ports and interfaces found on the devices in their configuration or within ancillary commands that detail specifics of the ports and interfaces. The values returned have been processed by the device drivers.
show resource id [-name <Name>] [-poolid <Resource identity pool ID>] [-id <ID>]
Description
Show resource identity information. Resource identity can be identified either by ID or combination of name and resource identity pool ID. If resource identity ID is specified, name and resource pool ID are ignored.
-name - Name of the resource identity to show.
-poolid - ID of the resource identity pool the resource identity to be shown is associated with.
show resource id pool [-name <Name>] [-site <Site Name>] [-id <ID>]
Description
Show resource identity pool information. Resource identity pool can be identified either by ID or name and site. If ID is specified, name and site are ignored.
-name - Name of resource identity pool to show.
-site - Name of the site the resource identity pool to be shown is associated with. If a name of resource identity pool is specified but site is not specified, the resource identity pool is assumed to be associated with the default partition unless the system is partitioned. In such case, the resource identity pool is assumed to be global.
If the -ip flag is given, show the most recent routing table captured for the specified device.If the -id flag is given, show the specified routing table.Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Output the indicated command script, advanced script or diagnostic. The desired script or diagnostic can be specified by ID, or by a combination of name and type. If more than one name match occurs, then an error will be reported and you must specify the unique script desired by ID.
-id - ID of the desired script or diagnostic
-name - Name of the desired script or diagnostic
-type - Type of the desired script or diagnostic - may be command, advanced, diagnostic or advdiagnositic
Return Type
CustomScriptVO with columns:
createDate
createUserID
customScriptID
description
lastModifyDate
lastModifyUserID
name
parameters
script
scriptMode
scriptType
siteID
taskType
variableData
Examples
show script -id 5
show script -name "Edit Port Duplex" -type command
-u - The user name for whom information will be displayed \\n NOTE: If user name contains '\' escape charater , the input needs to be escaped properly, for example if user name is like "Domain\User" then the input needs to be "Domain\\User"
-id - The user id for whom information will be displayed
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
show vtp [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Have the the system client execute all commands contained within a text file.
Synopsis
source
Description
This command has no options but takes one argument: the name of the file to "source". The source file should contain only valid CLI commands each separated by one newline.
Connect to a device through the system's Proxy Interface via ssh (bypassing single sign-on). If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards.
- Port to use to connect to devices outside of the system.
Synchronize a device's startup configuration so it matches its running configuration. The synchronize operation is actually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A name of a device group (mutually exclusive with -ip, -host, or -fqdn)
-skipinsync - Indicates that the command should skip any device that the system indicates already has matching startup and running configs. Possible values are true or false.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the synchronize task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-comment - An optional comment about the synchronize task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
Connect to a device through the system's Proxy Interface via telnet (bypassing single sign-on). If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards.
- Port to use to connect to devices outside of the system.
Test policy compliance for a device configuration script.
Synopsis
test config [-family <Device Family>] -script <Configuration Script> [-policy <Policy Name>] [-group <Device Group>] [-device <Device Name or Device IP address>]
Description
This command is used to verify whether a configuration script is in compliance with applicable policies.
-family - The device family for the configuration script to be tested("Cisco IOS", F5, etc.)
-script - The configuration script to be tested.
-policy - The name of the policy for which the script will be test against.
-group - Specify a device group name. The test will be performed against the policies that are applicable to the group.If both -policy and -group are used, -group argument will be ignored.If none of -policy and -group is used, test will be performed against all applicable policies.
-device - The name or IP address of the device to test the script against. If device is specified, the values for the -family and -group options are ignored.
Return Type
String
Examples
test config -family "Cisco IOS" -script "version 12.1 ...."
test config -script "version 12.1 ...." -device 16.78.58.34
* Note this command is intended for API use since it is difficult to input the entire configuration script in the command line.
Causes a series of traceroute commands to be executed on a device. One traceroute command is executed for each target host specified. This series of commands may by run on the device immediately, or scheduled to run sometime in the future. Via this command, the task scheduled can be set to repeat periodically. Note that if not scheduled as a task, this command may take some time to complete.
-source - Can be an IP address (a.b.c.d where 0 <= a,b,c,d <= 255), or a valid hostname, a valid Fully Qualified Domain Name.
-sourcegroup - A valid group name. Exactly one of -source or -sourcegroup must be specified.
-dest - A comma separated list of devices. Devices may be specified in any way that is understood by the traceroute program on the device specified by the option "-source".
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes, the two integers don't have to be the same. This option should not be used unless -async is also supplied.
-async - Indicates that the traceroute operation should be scheduled on the system as a task. The start time for the task will be immediatly unless an alternate start data is provided by means of the -start option.
-start - YYYY:MM:DD:HH:mm. The date on which the task will first be run. This option should not be used unless -async is also supplied.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
undeploy image -ip <device ip address> -images <images separated by ,> [-reboot <reboot instruction>] [-rebootwait <reboot wait (in seconds)>] [-filesystem <file system of device>] [-pretask <task to run before delete>] [-posttask <task to run after delete>] [-start <Task start date>] [-comment <Snapshot comment>] [-duration <Estimated duration of snapshot task.>] [-sessionlog <true or false>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-retryInterval <Retry count>] [-retryCount <Retry interval>] [-priority <Task priority values>] [-taskname <Task name>]
Description
delete software images from device.
-ip - ip address of the device the images will be deleted.
-images - images to be deleted.
-reboot - wheather to reboot the device after deleting images.
-rebootwait - seconds to wait before reboot.
-filesystem - name of filesystem of the device the images will be deleted.
-pretask - name of task before delete.
-posttask - name of task after delete.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-comment - An optional comment about the snapshot.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
Adobe® is a trademark of Adobe Systems Incorporated.
AMD is a trademark of Advanced Micro Devices, Inc.
Intel and Intel Itanium are trademarks of Intel Corporation in the U.S. and other countries.
Microsoft® and Windows® are U.S. registered trademarks of Microsoft Corporation.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Red Hat® is a registered trademark of Red Hat, Inc. in the United States and other countries.
UNIX® is a registered trademark of The Open Group.
Oracle Technology — Notice of Restricted Rights
Programs delivered subject to the DOD FAR Supplement are ‘commercial computer
software’ and use, duplication, and disclosure of the programs, including
documentation, shall be subject to the licensing restrictions set forth in the
applicable Oracle license agreement. Otherwise, programs delivered subject to
the Federal Acquisition Regulations are ‘restricted computer software’ and use,
duplication, and disclosure of the programs, including documentation, shall be
subject to the restrictions in FAR 52.227-19, Commercial Computer
Software-Restricted Rights (June 1987). Oracle America, Inc., 500 Oracle Parkway,
Redwood City, CA 94065.
For the full Oracle license text, see the license-agreements directory on the NA product DVD.