CPNR 9 1 Cli Ref Guide
CPNR 9 1 Cli Ref Guide
Contents
Use
this online guide after you have installed Network Registrar and
have it running. This guide provides the following
information:
Network
Registrar CLI Introduction
Provides
instructions about how to use the nrcmd program, including batch
and interactive operations,
command syntax, command attribute
guidelines, and navigation.
Gives a
detailed description of all the nrcmd commands and their
attributes, including usage guidelines
and logging
information.
Provides
suggestions about how to create batch files to execute nrcmd
commands.
Describes
status and error codes as well as dump and load formats.
This online
guide uses the following notational conventions in command
syntax:
Square
brackets([ ])—Group optional elements.
Copyright
© 1992--2017 Cisco Systems, Inc. All rights
reserved.
______________________________________________________________________________________
Cisco Prime
Network Registrar CLI Reference Guide
Invoking_the_nrcmd_Command
Batch_Mode
Interactive_Mode
Registry_and_Environment_Variables
Command_Organization
Command_Usage
Saving_Your_Changes
Refreshing_and_Clearing_the_CLI_Cache
Navigation_Keys
About the
nrcmd Program
The nrcmd command line interface (CLI) enables you to
configure and manage your DNS, DHCP, and TFTP servers.
This section
describes how to use the nrcmd CLI. It
specifically describes:
Invoking the
command in batch and interactive modes
Note: On Windows,
if you want to run the nrcmd program from
outside the installed path, you must set the
CNR_HOME environment
variable.
On Windows, you
can invoke the nrcmd command window from the
Start menu:
Start >
Programs > Network
Registrar version > Network
Registrar version CLI
This method
prompts for your user name and password. On Solaris and Linux (as
well as Windows alternatively),
invoke the command from the command
prompt using this syntax:
nrcmd [general-options] [command] [options]
Table 1-1 describes
the general options when invoking from the command
prompt.
Option Description
Cluster (cluster is the name of the machine on which the
Network Registrar
-C
cluster
servers are running). If not specified, the
cluster name defaults to localhost.
-N
user Network Registrar user name
(user).
-P
Network Registrar user password
(password).
password
-h Prints help
text.
-b
< Batch file (file.txt is the file of nrcmd
commands that run in batch mode, read a
file.txt line at a time and with a
new line printed after the
prompt).
Batch Mode
Interactive Mode
This syntax
displays the interactive nrcmd>
prompt, at which you enter a functional command and any optional
parameters:
nrcmd> command
[parameter,parameter
, ...]
system-response
To enter a
series of attribute values, insert commas (,) between them. Do not
add a space after the comma. If the
value is a string containing
one or more space characters, enclose the value in
quotes:
nrcmd> zone
example.com. set
auth-servers=192.168.50.1,10.0.0.1
100
Ok
auth-servers=192.168.50.1,10.0.0.1
To terminate an
interactive session, enter the exit command.
To view the online help, enter the help
command.
The environment
variables that you can set that are recognized by the nrcmd program are CNR_NAME for the name,
CNR_PASSWORD
for the password, and CNR_CLUSTER for the cluster
name.
Command
Organization
The nrcmd commands specify a class of objects, which you
can create, delete, or list. Each of these objects in turn
has
attributes, which you can enable, disable, set, get, and unset,
depending on data type. These objects may also
have common methods,
which are specific to the type of object, and that let you perform
operations on groups of
attributes.
Classes
When you use the nrcmd commands to configure Network Registrar, you
manipulate classes of objects, such as
scopes, zones, and
servers.
delete--Removes an
entry.
Attributes
Add attribute=value
pairs at the end of the create
command.
100 Ok
example.com. (primary):
checkpoint-interval =
checkpoint-min-interval =
defttl = 12h
dynamic = [default=true]
dynupdate-set =
expire = 7d
...
100 Ok
100
Ok
Command Usage
How you
specify a series of arguments depends on the type of command you
are using. The following subsections
describe the differences
between using the create, set, and enable
commands.
Create Keyword
When you use the create keyword and there are required arguments, you
must supply them. You can also supply
additional arguments. You
must supply the required arguments in the specified order; however,
you can specify the
optional arguments in any order with the syntax
attribute=value.
100 Ok
testScope:
addr = 192.168.50.0
bootp = disabled
deactivated =
100 Ok
testScope:
addr = 192.168.50.0
bootp = disabled
deactivated =
Set
Keyword
100 Ok
dns-zone-name=example.com.
100 Ok
auth-servers=192.168.50.1,10.0.0.1
domain-name=example.com.
100 Ok
client-class-name=internal
domain-name=example.com.
Enable Keyword
You use the enable keyword to enable a Boolean attribute. After you
enable one Boolean attribute, you may need to
set its associated
attributes. Use the disable keyword to disable
a Boolean attribute. You can use the unset
keyword to remove the enabled or disabled state of the Boolean
attribute.
Note: You cannot use set and enable on the same command
line.
Attribute Flags
Optional--The attribute is
optional and does not require a value. You can set and reset the
attribute, and you
can use the unset keyword
to make it undefined.
Read-only--The attribute is
immutable and read-only. You can use the gett keyword with the attribute, but
you cannot
set or unset it. Trying to set or unset a read-only attribute
returns the error message 385 - Read-
only
attribute cannot be modified.
Saving Your
Changes
Reloading a
server
Refreshing
and Clearing the CLI Cache
Navigation Keys
Table 1-2 lists
keyboard navigation key combinations that are useful when entering
nrcmd commands.
Key
Combination Action
Table of Contents
Overview
nrcmd
intro
expert
CLI Commands
acl
addr-trap
address-block
admin
auth-server
auth-ad-server
byod
cdns
cdns64
cdnssec
cdns-interface
cdns-redirect
cdns-firewall
ccm
client
client-class
client-class-policy
client-policy
cluster
dhcp
dhcp-address-block
dhcp-address-block-policy
dhcp-dns-update
dhcp-interface
dhcp-listener
dhcp-subnet
dns
dns-enum-config
dns-enum-domain
dns-enum-number
dns-interface
dns-update-map
dns-view
dnssec
dnssec-key
exit
export
extension
failover-pair
group
gss-tsig
ha-dns-pair
help
import
key
ldap
lease
lease-notification
lease6
license
link
link-policy
link-template
link-template-policy
option
option-set
owner
prefix
prefix-policy
prefix-template
prefix-template-policy
policy
region
report
reservation
reservation6
resource
role
router
router-interface
router-login-template
router-type
save
scope
scope-policy
scope-template
scope-template-policy
server
session
snmp
snmp-interface
subnet
sync-from-dns
tenant
tftp
tftp-interface
trap-recipient
update-policy
vpn
zone
zone-dist
zone-template
nrcmd
nrcmd - run the Network Registrar command line interface
Synopsis
Description
Examples
intro
intro - Introduction to nrcmd commands
Synopsis
Description
The nrcmd commands fall into two basic groups: regular and irregular.
The regular commands manipulate configuration objects such as DHCP
Scopes and DNS Zones in a standard fashion. The irregular commands
do everything else that is useful. This page will describe the
general pattern of the regular commands. The behavior of the
irregular commands will be described in their individual man pages.
Regular Command Form
Regular commands provide common functions for creating, deleting,
viewing and editing objects of a given class.
Create
<cmd> <name> create [<required args>] [<prop>=<val>]
Delete
<cmd> <name> delete
List
<cmd> list
The list command lists full details on each object.
<cmd> listnames
The listnames command lists only the names each object.
<cmd> listbrief
The listbrief command lists brief details on each
object (see the conf/nrcmd-listbrief-defaults.txt file
for more details).
<cmd> listcsv
This listcsv command outputs the objects in CSV format.
Note that for most list operations, <prop>=<val> clauses may be
specified to filter the list of returned objects to those where
that property has that value. In addition, the following can be
used:
For string, string (non-null terminated), case-insensitive
strings, and named references, <prop>=<val> does a case-blind
match whereas <prop>=|<val> does a case exact match.
For IPv6 addresses and prefixes, <prop>=<val> does an exact
match, whereas <prop>=|<val> will do a containment match
(i.e., is the object's property value contained by the
specified value).
For flags, <prop>=<val> will match if the flag is set, whereas
<prop>=|<val> will be an exact (binary value) match.
For <prop>=~<val>, <val> is a regular expression and is used to
match against the string representation of the object's
property value. Note that specifying complex expressions may
be difficult due to the limited character set possible for
TCL strings.
There are also three special properties available:
-count-only may be specified to return only the count of the
number of (matching) objects (no objects are printed).
-vpn=<val> can be specified for objects with a vpn-id property
where <val> can be global, all, or a vpn name.
-view=<val> can be specified for objects with a view-id
property where <val> can be default, all, or a view name.
And, -format="<format-string>" may be specified for listbrief to
override the listbrief format definition for the command. See the
conf/nrcmd-listbrief-defaults.txt file for more details on the
syntax of the format-string.
For example, the following command will list all leases across all
VPNs that are in the leased state:
lease listbrief -vpn=all state=leased
The listbrief operation can also be combined with the session log
command (or copy & paste) and the CLI's batch processing
capabilities to perform operations. For example, to force
available all of the unavailable leases on the prefix named
"testing", one could use:
session log force.txt
lease6 listbrief prefix-name=testing state=unavailable \
-format="lease6 <ip6address> force-available"
session log
exit
nrcmd ... -b <force.txt
Note: The above filter syntax is experimental and subject to
change.
Modify
<cmd> <name> set <prop>=<value> [<prop>=<value> ...]
The set command takes two forms: 'set <prop> <value>' for setting
a single property value, and 'set <prop>=<value> ...' for
setting multiple property values in a single command.
For flag properties (AT_FLAGSINT), <prop>=+<value> may be used to
set the flag bits and <prop>=-<value> may be used to clear the
flag bits.
Errors include:
unknown property
- if <prop> is not an property name for the object
invalid format
- if <value> is not in a valid format
invalid value
- if <value> is not semantically valid
<cmd> <name> get <prop>
The get command returns the value of the named property.
<cmd> <name> unset <prop> [<prop> ...]
The unset command makes the named properties have no value.
<cmd> <name> enable <feature>
The enable command sets the value of the named feature to true.
<cmd> <name> disable <feature>
The enable command sets the value of the named feature to false.
<cmd> <name> show
The show command displays the value of the object.
Class Specific Commands (methods)
The configuration behavior of some objects may be enhanced by the
addition of class specific commands to perform a useful action such
as modifying complex properties, or controlling the objects
behavior.
For example, DHCP Scope objects contain lists of address ranges from
which leases may be offered. To manipulate this list of ranges, the
scope command provides the commands: addRange, removeRange, and
listRanges.
Another example is the force-available command provided by the lease
command to tell the DHCP server that a given lease should be forced
into the available state.
Regional Commands
When connected to a regional cluster, many object types support
push, pull, and reclaim. Push distributes an object or all objects
to a list of local clusters. Pull merges a local cluster object or
all objects from its Replica data into the central configuration.
Reclaim removes the object or all objects from a local cluster.
Many of these commands require specifying one of the data
synchronization modes:
Ensure - Ensures that the local cluster has new data without
affecting any existing data.
Replace - Replaces data without affecting other objects unique
to the local cluster.
Exact - Available for all object operations only. Use this
with caution, because it overwrites the data and
deletes any other objects unique to the local cluster
(for push) and regional (for pull).
Licensing
nrcmd requires the current cluster to have a valid license. If the
license is invalid or has expired, only the 'license' command will be
operational; it may be used to establish a new license key.
Return Codes
All nrcmd commands will return a status code as the first line of
output. The status codes are heavily influenced by SMTP and other
line oriented protocols. The first word of the line is a three digit
status code, and the remaining words on the line are descriptive text
that may or may not be constant for a given status code. The first
digit of the status code determines the class of the status:
1xx - the command completed successfully, possibly with warnings
3xx there was some error in processing the command
4xx errors in communicating with the cluster database server
5xx there is was an internal error in the program
Note that it is unwise to check for only 100 as 101 and other return
codes still mean the operation was generally successful.
Property Types
The properties that are manipulated by the set and get command
have specific data types which determine the syntactically valid
values. Some of the common property (or attribute) types are:
AT_STRING - a string, valid inputs are:
* any text
Text strings with embedded spaces and characters
such as brackets (these have special meaning for TCL)
may need to be escaped when specified in a command.
For example:
value=\\"Optional\ items\ are\ in\ \[brackets\]\\"
AT_INT - an integer, valid inputs are:
* decimal digits, or
* 0x followed by hex digits.
AT_BOOL - a boolean value, valid inputs are:
* true, on, enabled, 1, or
* false, off, disabled, 0.
AT_DATE - a date, valid inputs are:
* 'forever'
* +<integer time value>
* a date/time string with the format
"[ddd ]mmm dd hh:mm[:ss] yyyy"
The string form may also need to be escaped when
specified in a command.
For example:
timestamp=\\"Fri\ Jan\ 29\ 11:21:18\ 2016\\"
AT_TIME - a span of time, in seconds, valid inputs are:
* decimal number of seconds
* combination of numbers of weeks, days, hours,
minutes, and seconds for example: 1w2d3h4m5s.
AT_IPADDR - an IP address, valid inputs are:
* dotted quad format, for example: 10.24.1.2
AT_SUBNET - a subnet, valid inputs are an IP address followed
by a slash (/) and a subnet length, for example:
10.24.0.0/16.
AT_IP6ADDR - an IPv6 address, valid inputs are:
* x:x:x:x:x:x:x:x, where the 'x's are one to four
hexadecimal digits of the eight 16-bit pieces of
the address, for example:
2001:DB8:0:0:8:800:200C:417A
* or its compressed form where one or more sets of
runs of zeros is replaced by ::, for example:
2001:DB8::8:800:200C:417A
AT_PREFIX - an IPv6 prefix, valid inputs are an IPv6 address
followed by a slash (/) and a prefix length, for
example: 2001:DB8::/32
AT_IP6 - either an IPv6 address or IPv6 prefix (see above).
AT_MACADDR - a MAC address, valid inputs are:
* raw hex digits, for example: 010203040506
* hex digits separated by ':', '.', or '-', for
example: 01:02:03:04:05:06, 01-02-03-04-05-06,
01.02.03.04.05.06
* type and length, followed by hex digits, for
example: 1,6,ab:01:cd:02:ef:03
AT_RANGEINT - a range restricted integer
AT_RANGETIME - a range restricted time value
AT_ENUMINT - an enumerated integer
AT_FLAGSINT - a bitmask with named bit positions
AT_EXPR - Expressions (see the User Guide for more details).
Note that expressions may be difficult to enter
directly via nrcmd because of TCL character set
limitations. Therefore, it is recommended to define
the expression in a text file and then use the
<attribute>=@<filename> syntax to set the expression
from the contents of the file.
Validation
Data validation will be done at configuration creation and property
modification time. The CLI will check for required valid values when
a configuration object is created, and it will check the validity of
property values when they are set.
Dangling references that are created by deleting a referred-to object,
such as the policy for a scope, or the client class for a client will
not be caught by the CLI.
Examples
Limitations
NRCMD commands are parsed using TCL and this can restrict the
character set available for use, mostly for data values. Sometimes one
can work around this limitation by using the \ before the special
character, but this may not always work. It may be necessary to use
the web UI or, in some cases, special support (such as for AT_EXPR
properties as mentioned above).
expert
Expert mode commands
Synopsis
Description
These commands are available only in expert mode and must be used
with care. To enter expert mode, use:
nrcmd> session set visibility=3
The ccm sync-from-dhcp command can be used to synchronize CCM address
space data from the DHCP server scope data. The ccm sync-to-dhcp
command is obsolete for version 7.2 clusters and later.
The ccm sync-from-dns command can be used to synchronize CCM DNS
zone and RR data or hosts from RR data from DNS. The sync-from-dns,
which is retained for backwards compatibility, is the same as
ccm sync-from-dns ZoneData.
The cdns execute command can only be run from the localhost that is
running the cdns server. The commands supported are as follows:
dump-cache dumps the in-memory cache to the specified file
load-cache loads in-memory cache from a specified file
dump-reqlist dumps the active query request list to the
specified file
flush-reqlist drops all active query requests
The local cluster can only be deleted while in expert mode.
The dhcp setFailoverState command can be used to force failover state
changes. This must be used with extreme care and is not recommended.
The object command can be used to display (or delete) the object with
a specified oid. If -class=<classname> is specified, the DB for that
class is used (the classname must be specified using the correct
case). If -db=<dbid> is specified, the specified DB is used (the dbid
must be specified in uppercase). If neither -class or -db is
specified, the CCM DB is assumed. If -force is specified for a
delete, some checks and actions normally performed when deleting
the object are bypassed.
The server-agent command can be used to manipulate how the cnrservagt
starts servers. Note that once changes are made, Network Registrar
must be restarted before these changes will take effect.
Note: When setting server-agent attributes that contain TCL special
characters (such as $), create a file that contains the desired string
and then set the attribute using:
server-agent <name> set <attribute>=@<file-name>
The dns ha-sync-all-rrs and zone ha-sync-all-rrs commands can be used
to manually schedule HA zone sync for all zones, or a single zone,
respectively. All RRs in the target zone will be overwritten by the
source zone RRs. For example, specifying main-to-backup causes
all RRs on the backup zone to be overwritten by RRs from the main
zone.
zone <name> listRR command will include the RR order and weight
preceding the RR information when executed in expert mode. The RR
list will display each RR using the following format:
<order> <weight> <name> [<ttl>] <class> <type> <data>
zone <name> signZone command can be used
to enable DNSSEC for the zone and add signatures for all RRs of
the zone, when executed in expert mode.
zone <name> removeSignature command can
be used to remove signatures for all RRs of the zone and disable
DNSSEC for the zone, when executed in expert mode.
Examples
Limitations
acl
acl - Manages DNS access control lists which are used to control
zone access for DNS updates, zone transfers and queries
Synopsis
acl list
acl listnames
acl <name> show
acl <name> create "<match-list>"
acl <name> delete
acl <name> get <attribute>
acl <name> set <attribute>=<value>
acl <name> unset <attribute>
acl <name> add "<match-list>"
acl <name> remove "<match-list>"
acl < <name> | all > pull < ensure | replace | exact > <cluster-name>
[-report-only | -report]
acl < <name> | all > push < ensure | replace | exact > <cluster-list>
[-report-only | -report]
acl <name> reclaim <cluster-list> [-report-only | -report]
Description
The acl command is used to manage DNS ACLs which are used to
restrict dynamic DNS updates, zone transfers and queries. Once you
have created the acl object, it can be used with the update-acl,
restrict-xfer-acl and restrict-query-acl on the DNS server or
a zone object.
You can specify the match-list as a comma-separated list of
values, enclosed in quotes, or you can use the add and remove
commands to edit the match list. The add command will add elements
to the end of the list. The remove command will remove the first
matching element in the match-list.
Match list entries can consist of IP node or subnet addresses,
TSIG keys, or ACLs. A TSIG key must also be preceded by the
keyword "key". The "!" notation can be used to negate an entry
in the list.
Note: While match lists are displayed with spaces, spaces should
not be specified in entered lists.
The pull, push and reclaim commands are only available when
connected to a regional cluster. Push and reclaim allow a list
of clusters or "all".
Examples
Status
See Also
key
Attributes
match-list amelist
addr-trap
addr-trap - Configures free-address monitoring by the DHCP server
Synopsis
Description
The addr-trap command configures values that the DHCP server uses
to monitor free-address levels. Use this command with the SNMP
server to provide SNMP notification trap messages as free-address
levels change within the DHCP server.
The pull, push, and reclaim commands are only available when
connected to a regional cluster. For push and reclaim, a list of
clusters or "all" may be specified.
Examples
Status
See Also
scope, trap-recipient
Attributes
enable bool default = on
address-block
address-block - Defines a contiguous block of IP address space
Synopsis
Description
Examples
Status
See Also
subnet, owner, region
Attributes
address subnet required,immutable
description string
forward-zone-name dname
owner oid
Names the owner of this address block. Use the owner field
to group similarly owned address blocks; to limit administrative
access; and to track allocation or delegation for ARIN
reporting purposes.
parent oid
region oid
Names the region associated with this address block. Use the
region field to group similarly located address blocks and to
limit administrative access.
reverse-zone-name dname
sink oid
source oid
type nameref(0)
admin
admin - Creates administrators and assigns them groups and passwords
Synopsis
Description
Examples
Status
See Also
group, role
Attributes
groups nlist(obj(0))
password clrtxt
superuser bool
auth-server
auth-server - configures a External authentication server
Synopsis
Description
Examples
Status
See Also
Attributes
address ipaddr
ip6address ip6addr
key clrtxt
key-secret secret
auth-ad-server
auth-ad-server - Configures an external authentication active directory
(AD) server
Synopsis
Description
Examples
Status
See Also
Attributes
ad-group-name string
ad-user-attr-map string
base-dn string
byod
byod - Configures and controls the BYOD web server
Synopsis
The byod command lets you to configure the BYOD web server in the
Regional cluster.
Examples
Status
See Also
server
Attributes
client-active-period time default = 1w
keystore-passwd clrtxt
theme nameref(0)
cdns
cdns - Configures and controls the DNS Caching server
Synopsis
Description
The cdns command lets you configure the DNS Caching server in the
cluster.
cdns addForwarder <domain> <addr>
cdns removeForwarder <domain> [<addr> ...]
cdns listForwarders
Use the Forwarder commands to specify the addresses of any name
servers that you want your Network Registrar DNS Caching server
to use as forwarders for a specified domain. Network Registrar
forwards recursive queries to these servers.
The addForwarder command adds the address of a forwarding server for
the specified domain. <name> is the domain that this forwarder will
apply to, and <addr> can be an ipv4 or ipv6 address followed by an
optional port number (i.e. <addr>[@<port>]) or the name of a server
(it must be possible to resolve the server name before it is used).
The removeForwarder command removes the forwarder.
The listForwarders command lists the forwarders for this DNS
server.
cdns addException <domain> [prime=on|off] [views=on|off] [<addr> ...]
cdns removeException <domain> [<addr> ...]
cdns listExceptions
Use the exception commands only if you do not want your
DNS Caching server to use the standard name resolution for
querying root name servers for names outside the domain.
Network Registrar sends non-recursive queries to these servers.
The addException command lets you specify the resolution
exception domains and the IP addresses of the associated
servers. The addresses can be ipv4 or ipv6 with an optional
port number (i.e. <addr>[@<port>]) or the name of a server (it
must be possible to resolve the server name before it is used).
If the prime flag is on, the server will query the name server
for an updated list of name servers for the domain. If the views
flag is on, the server will forward view information to the name
server. The server will send non-recursive queries to the
exception servers. This command may also be used to change the
prime and views flags of an existing exception. By default,
these flags are off.
The removeException command removes an entry for exceptional
resolution of addresses within a domain.
The listExceptions command lists the domains that are configured
to have exceptional resolution of their names.
NOTE: If you have a forwarder and exception for the exact same
domain, the DNS Caching server will use the forwarder for queries
on that domain rather than the exception.
cdns addRootHint <name> <addr> [<addr> ...]
cdns removeRootHint <name>
cdns listRootHints
Use the RootHint commands to add or remove the names
and addresses of the root servers. After you specify the
root servers, Network Registrar queries them for their
root name server records. These records are in turn used
to resolve other names. As such, these values need not be
exact, but must be accurate enough for the Network Registrar
DNS Caching server to retrieve the correct information.
The addRootHint command adds the name of a root server and the
root name server address(es). Addresses can be either ipv4 or ipv6
with an optional port number (i.e. <addr>[@<port>]).
The removeRootHint command removes a root server from the list.
The listRootHints command lists the root server information.
cdns flushCache [<domain>]
The flushCache command deletes cached RRs at or below the specified
domain. If no domain is provided, deletes all RRs from the cache.
cdns flushName <name> [<type>|*] [<view>] [<dns64>]
The flushName command will delete RRs from the cache with the
given name and optional type in the specified view and dns64.
If no type or * is provided, removes RRs of type A, AAAA, PTR,
CNAME, MX, SOA, NS, NAPTR, SRV and DNAME. If no view or dns64
is specified, the default view and no dns64 is used.
cdns serverLogs show
cdns serverLogs nlogs=<nlogs> logsize=<logsize>
The serverLogs show command displays the number of log files
and the maximum size for each file.
The serverLogs command allows setting the two server logging
parameters, nlogs and logsize. Either or both may be specified
in the command, and changes will only occur to the one(s)
specified. When setting logsize, a suffix of K or M indicates
units of thousands or millions.
cdns serverLogs nlogs=6 logsize=500K
cdns serverLogs logsize=5M
Note: For these changes to take effect you must save the changes
and restart the server Agent.
cdns getStats [category [total | sample]]
The getStats command displays the requested DNS Caching server
statistics, either since the last reload or for the last sample
period. Available categories are: all, server, and top-names.
The top-names option shows the most active DNS query names.
cdns resetStats
The resetStats commands returns the DNS Caching server activity
counters (statistics) to zero.
Examples
Status
See Also
server
Attributes
acl-blacklist amelist
Sets the access blacklist for the server. Packets from clients on this
list will be ignored.
acl-do-not-query amelist
Determines whether the CDNS server logs sample and/or total statistics
when it logs activity-summary information. Note, activity-summary must
be specified in the log-settings in order for this setting to take
effect.
Limits the time negative responses are stored in the cache beyond the
limit specified in its SOA record in the authority section.
Sets the time to live maximum for RRsets and messages in the cache.
If the maximum kicks in, responses to clients still get decrementing
TTLs based on the original (larger) values. When the internal TTL
expires, the cache item has expired. Can be set lower to force the
resolver to query for data often, and not trust (very large) TTL
values.
Sets the time to live minimum for RRsets and messages in the cache.
If the minimum kicks in, the data is cached for longer than the
domain owner intended, and thus less queries are made to look up the
data. Zero makes sure the data in the cache is as the domain owner
intended, higher values, especially more than an hour or so, can lead
to trouble as the data in the cache does not match up with the actual
data any more.
Controls which packet protocol to answer and issue, UDP, TCP, or both.
Specifies the UDP and TCP port number that the DNS caching server
uses to listen for queries.
Sets the time to live for entries in the host entries in the remote
name server cache. They contains roundtrip timing and EDNS support
information.
cdns64
cdns64 - Controls and configures DNS64 processing in the DNS
Caching server
Synopsis
Description
The cdns64 command lets you create and edit DNS64 objects. The
dns64 attribute would be enable by-default on DNS64 object creation.
The DNS Caching servers must be reloaded for changes to take effect.
The pull, push and reclaim commands are only available when
connected to a regional cluster. Push and reclaim allow a list
of clusters or "all".
Examples
Status
See Also
Attributes
acl-match-clients amelist default = any
priority priority
cdnssec
cdnssec - Controls and configures DNSSEC processing in the DNS
Caching server
Synopsis
Description
Examples
nrcmd> cdnssec create
nrcmd> cdnssec enable dnssec
nrcmd> cdnssec set trust-anchor-file=example.com.anchor
Status
See Also
Attributes
auto-trust-anchor-file nlist(obj(0)) default = root.anchor
Defines files with a trust anchor for one zone each, which is
tracked with RFC5011 probes. The probes are several times per
month, thus the machine must be online frequently. The initial
file can be one with contents as described in trust-anchor-file.
The file is written to when the anchor is updated, so the
server must have write permission. The files must be in the
data/cdns directory.
domain-insecure nlist(obj(0))
Sets whether the DNS caching server should fetch the DNSKEYs
earlier in the validation process, when a DS record is encountered.
This lowers the latency of requests. It does use a little more CPU.
Also if the cache is set to 0, it is no use.
trust-anchor-file nlist(obj(0))
Defines a file with trusted keys for validation. Both DS and DNSKEY
entries can appear in the file. The format of the file is the
standard DNS Zone file format. Default is no trust anchor file. The
files must be in the data/cdns directory.
cdns-interface
cdns-interface - Configures the DNS Caching server's network interfaces
Synopsis
Description
Examples
Status
See Also
Attributes
address subnet
ip6address prefix
Specifies the IPv6 address and prefix length for one or more
DNS interfaces.
port rangeint(1-65535)
Specifies the UDP and TCP port number the DNS server listens on.
If no port is specified, will use the port configured on the
Caching DNS Server.
cdns-redirect
cdns-redirect - Controls and configures DNS redirect processing in the DNS
Caching server
Synopsis
Description
Examples
Status
See Also
Attributes
a-response ipaddr
aaaa-response ip6addr
domains nlist(obj(0))
rpz-override-redirect dname
rpz-server-addrs nlist(obj(0))
Specifies the zone name to use for Response Policy Zone rule
processing. Only applies to rpz actions.
cdns-firewall
cdns-firewall - Controls and configures DNS firewall processing in the DNS
Caching server
Synopsis
Description
Examples
Status
See Also
Attributes
a-response ipaddr
aaaa-response ip6addr
domains nlist(obj(0))
rpz-override-redirect dname
rpz-server-addrs nlist(obj(0))
rpz-zone-name dname
Specifies the zone name to use for Response Policy Zone rule
processing. Only applies to rpz actions.
ccm
ccm - Configures and controls the CCM server
Synopsis
Description
Examples
Status
See Also
server
Attributes
addrutil-poll-interval rangetime(0-1y) default = 60m
addrutil-poll-offset rangetime(0-24h)
Specifies the maximum age for subnet and prefix utilization data.
Old data that exceeds this age will be trimmed at the next
addrutil-trim-interval.
Changes to this setting will take effect on the next server restart.
Sets the maximum amount of time CCM will wait for a request
over an incoming SCP connection. If set to 0, there is no
idle timeout and CCM will wait forever.
Also, see unauth-idle-timeout.
lease-hist-poll-offset rangetime(0-24h)
This interval specifies how often to trim the old lease history data.
If set to 0 no automatic lease history trimming occurs.
If lease history collection and polling are enabled and this parameter
is set to 0, the lease history database will continue to grow without
bound. Changes to this setting will take effect on the next server
restart.
Indicates the default mode that web UI and CLI clients use for local
edits:
2 dhcp
If set, scope and reservation edits are forwarded to the DHCP
server after being saved to the configuration database. If
unset, a DHCP reload is required before the changes will
take effect.
3 dns
If set, zone and RR edits are forwarded to the DNS server
after being saved to the configuration database. If unset, a
'Zone Distribution Sync' function is required to update the
DNS server; a DNS server reload is also required for zone
changes to take effect.
The default mode is applied only when the client requests the server
default, or does not request a specific edit mode.
This specifies how many threads that the poller will create.
Changes to this setting will take effect on the next server restart.
Indicates the default mode that web UI and CLI clients use for
regional edits:
1 admin
When set, indicates that regional admin edits, including
password changes made by individual users, will be
automatically synchronized with all local clusters.
2 dhcp
If set, reservation edits are forwarded to the local cluster
or failover pair after being saved to the configuration
database. If unset, push operations are required to update the
local cluster(s).
3 dns
If set, zone and RR edits are forwarded to the primary DNS
server after being saved to the configuration database. If
unset, a 'Zone Distribution Sync' function is required to
update the DNS server.
The default mode is applied only when the client requests the
server default, does not request a specific edit mode.
Sets the maximum amount of time CCM will wait for a request over an
incoming SCP connection before the user has been authenticated (see
idle-timeout for the time used after a user has authenticated). If
set to 0, the idle-timeout is used.
client
client - Creates clients and assigns them to client-classes
Synopsis
Description
Examples
Status
See Also
client-class
Attributes
action flags(exclude=1, deprecated-one-shot=2, deprecated-use-release-grace-period=3, none=32)
Describes the action the DHCP server takes for this client.
1 exclude - causes the server to ignore all
communication from this client.
2 deprecated-one-shot - now deprecated.
3 deprecated-use-release-grace-period - now deprecated.
32 none
If you specify the exclude action in the default client
entry, then any client not specifically registered through
the client command cannot communicate with the server.
Note: The deprecated flags (2,3) are now available through
the policy command attributes inhibit-all-renews and
release-grace-period.
add-to-environment-dictionary string
authenticate-until date
client-class-name nameref(0)
default-vpn nameref(0)
domain-name string
Gives the domain name (which must be a zone) to use when performing
DNS updates. Places the client's A record in this DNS domain.
This feature is maintained for compatibility with prior versions.
Additional options to specify the forward zone are provided on
the client policy (or embedded policy) and its referenced
DNSUpdateConfig objects.
embedded-policy obj(0)
host-name string
over-limit-client-class-name string
override-vpn nameref(0)
policy-name nameref(0)
reserved-addresses nlist(obj(0))
reserved-ip6addresses nlist(obj(0))
reserved-prefixes nlist(obj(0))
selection-criteria nlist(obj(0))
Lists selection tags for this client. All the criteria in this
list must appear in the scope/prefix selection tags for a
scope/prefix to be considered acceptable to this client.
unauthenticated-client-class-name string
user-defined string
userid string
client-class
client-class - Creates client-classes
Synopsis
Description
Examples
Status
See Also
Attributes
action flags(exclude=1, deprecated-one-shot=2, deprecated-use-release-grace-period=3, none=32)
add-to-environment-dictionary string
client-lookup-id expr
Specifies the key value used to lookup the specified client in the
client database, using an expression that evaluates to a string
or a blob that is a valid string. The lookup can be local or through
LDAP.
default-vpn nameref(0)
domain-name string
Sets the domain name, which must be a zone, for performing DNS
updates. Places the client's A record in this DNS domain.
This feature is maintained for compatibility with prior versions.
Additional options to specify the forward zone are provided on
the client-class's policy (or embedded policy) and its
referenced DNSUpdateConfig objects.
embedded-policy obj(0)
host-name string
limitation-id expr
over-limit-client-class-name string
override-client-id expr
override-vpn nameref(0)
policy-name nameref(0)
selection-criteria nlist(obj(0))
Lists the selection tags for this client-class. All the criteria
in this list must appear in the scope/prefix selection tags for a
scope/prefix to be considered acceptable to this client-class.
unauthenticated-client-class-name string
user-defined string
v6-client-lookup-id expr
Specifies the key value used to lookup the DHCPv6 client in the
client database, using an expression that evaluates to a string
or a blob that is a valid string. The lookup can be local or through
LDAP.
v6-override-client-id expr
Synopsis
Description
Examples
Status
See Also
policy, client-policy, dhcp-address-block-policy,
link-policy, link-template-policy, prefix-policy,
prefix-template-policy, scope-policy, scope-
template-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
client-policy
client-policy - Adds DHCP policy information to a client object
Synopsis
Description
Examples
Status
See Also
policy, client-class-policy, dhcp-address-block-policy, link-policy, link-template-policy, prefix-policy,
prefix-template-policy, scope-policy,
scope-template-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
cluster
cluster - Configures the local and remote clusters
Synopsis
Description
Examples
Status
See Also
Attributes
addrutil-poll-interval rangetime(0-1y)
addrutil-poll-offset rangetime(0-24h)
Provides a fixed time of day for subnet utilization polling.
This time is interpreted as a time of day offset, with 0 being
12 midnight, provided the polling interval is less than 24 hours,
and the offset value is less than the polling interval. If the offset
value is greater than the polling interval, or the interval is
greater than 24 hours, the offset will be ignored.
The scheduler for polling will ensure that the first polling event
occurs at the offset time. For example, if you set the interval to
4 hours and the offset to 2am, the polling would occur at 2am, 6am,
10am, 2pm, 6pm and 10pm.
addrutil-poll-retry rangeint(0-4)
admin string
fqdn dname
http-port int
https-port int
ip6address ip6addr
ipaddr ipaddr
lease-hist-poll-interval rangetime(0-1y)
Specifies how often to collect the lease history from the DHCP
server for this cluster. If set to 0, polling does not occur.
lease-hist-poll-offset rangetime(0-24h)
lease-hist-poll-retry rangeint(0-4)
password clrtxt
password-secret secret
Sets the identifier of the secret representing the password that
authenticates the identity stored in the admin attribute.
product-version pcv
Displays the cluster product version number in major, minor, rev form.
This value is updated when the cluster is resynchronized.
remote-id short
scp-port int
shared-secret secret
dhcp
dhcp - Configures and controls the DHCP server
Synopsis
dhcp disable <attribute>
dhcp enable <attribute>
dhcp get <attribute>
dhcp set <attribute>=<value> [<attribute>=<value> ...]
dhcp unset <attribute>
dhcp show
dhcp getStats [[all | server [,] failover [,] dhcpv6 [,] top-utilized] [total | sample]]
dhcp resetStats
dhcp getScopeCount [vpn <name> | all]
dhcp getPrefixCount [vpn <name> | all]
dhcp attachExtension <extension-point> <extension-name> [sequence number]
dhcp detachExtension <extension-point> [sequence number]
dhcp listExtensions
dhcp getRelatedServers [column-separator=<string> | full]
dhcp getRelayState [all] [full]
dhcp updateSms [all]
dhcp serverLogs show
dhcp serverLogs nlogs=<nlogs> logsize=<logsize>
dhcp limitationList <ipaddr> [<limitation-id>] show
Description
The dhcp command lets you configure the DHCP server in a cluster.
dhcp getStats [[all | server [,] failover [,] dhcpv6] [total | sample]]
dhcp resetStats
The getStats command retrieves statistics from a running DHCP
server. You can supply one or more specific categories of
statistics counters, or the keyword all to retrieve all supported
categories. If collection of sample counters is enabled in the
server, you can retrieve the most recent sample counters instead
of the running totals by specifying sample after the categories.
The resetStats command resets the running totals counters.
dhcp attachExtension <extension-point> <extension-name> [sequence number]
dhcp detachExtension <extension-point> [sequence number]
dhcp listExtensions
Use the commands attachExtension, detachExtension,
and listExtensions to configure the extensions points in the
server.
You can associate multiple extensions with each extension
point, and each executes in the order specified by the sequence
number used when the attachment was made. If no sequence number
is used with attachExtension and detachExtension, it defaults
to 1. If multiple extensions are configured for a given point,
listExtensions shows the sequence numbers associated with each.
Sequence numbers must be in the range 1-32.
The available extension points are:
The attachExtension command sets the specified extension point
(and optional sequence position) to call the named extension. If
the extension point is already configured (for a given sequence
position) to call an extension, Network Registrar overwrites it
with the new value.
The detachExtension command removes any extension configuration
from the specified extension point and sequence number.
The listExtensions command shows the current configurations for
each extension point.
You can put the DHCP server into import mode by enabling the
import-mode feature and then restarting the server. You take the
server out of import-mode by disabling the feature and restarting
the server. You can use import mode to exclude all DHCP lease
requests except for the specially tagged ones that come from the
CLI during lease import (see the import command).
dhcp getRelatedServers [column-separator=<string>]
The dhcp getRelatedServers command displays a table with the
following information for each associated failover, DNS or LDAP
server:
Type
Main, Backup, DNS or LDAP
Name
DNS host name
Address
IP Address in dotted octet format
Communications
OK or INTERRUPTED
Requests
Number of outstanding requests
<cluster-name> State
Failover state of this server
Partner State
Failover state of partner
dhcp getRelatedServers full
The full list of related servers objects is displayed (rather
than a table).
dhcp getRelayState [all] [full]
Only useful if failover is being used and the health-checking
feature has been enabled. Reports on the state of communications
between the failover partner and each relay agent. If all is
not specified, only the relays that appear to be having
communications issues with the failover partner are reported
(i.e., those in the interrupted state). If full is specified,
the objects are displayed (rather than a table).
dhcp updateSms [all]
The dhcp updateSms command initiates SMS processing. To send all
leases to SMS, use the argument all; otherwise, only the new
leases activated since the last time the command ran successfully
are sent. To run this command, turn on sms-network-discovery and
set sms-library-path. The command returns an error if
sms-network-discovery is not turned on or if it is unable to load
SMS library or if the optional argument string is invalid,
otherwise it returns success to indicate SMS processing started
successfully.
dhcp serverLogs show
The serverLogs show command displays the number of log files and
the maximum size for each file.
The serverLogs command allows setting the two server logging
parameters, nlogs and logsize. Either or both may be specified
in the command, and changes will only occur to the one(s)
specified. When setting logsize, the value may be suffixed with
K or M to signify units of thousands or millions. Note that in
order for these changes to take effect you must save the changes
and restart the server Agent.
dhcp serverLogs nlogs=6 logsize=500K
dhcp serverLogs logsize=5M
dhcp getScopeCount [vpn <name> | all]
dhcp getPrefixCount [vpn <name> | all]
The getScopeCount command displays the scopes, networks, and VPNs
for the current VPN, all VPNs, or a specific VPN.
The getPrefixCount command displays the prefixes, links, and VPNs
for the current VPN, all VPNs, or a specific VPN.
dhcp limitationList <ipaddr> [<limitation-id>] show
Lists DHCP clients and leases that are associated by a common
limitation-id for the client (see the client command). Use this
command when a DHCP client is denied service because the number of
existing clients with a common limitation-id equals the allowed
limitation-count, as set for a policy (see the policy command).
It then determines which existing clients with that limitation-id
have active leases.
If you specify both the ipaddr and limitation-id arguments, the
ipaddr determines the network in which to search, and does not
have to be an actual IP address that the DHCP server could
allocate. In this case, the limitation-id must be a blob in
nn:nn:nn format (such as 01:02:03) or a string in string format.
If you omit the limitation-id, the ipaddr must be the IP address
of a currently active lease, and the limitation-id used for the
command will be the one associated with that lease.
If you want to determine the existing clients and leases using up
the limitation-count for a particular limitation-id because the
following message appeared in the DHCP server log:
Warning Server 0 05646 Could not add Client MAC:
'1,6,01:02:03:04:0c:03' with limitation-id: 01:02:03
using Lease: 10.0.0.23, already 3 Clients with that id.
No over-limit client class specified! Dropping packet!
Use the lease specified in "... using Lease 10.0.0.23" as the
<ipaddr>, and the limitation-id specified in "... with
limitation-id 01:02:03" as the <limitation-id>:
nrcmd> dhcp limitationList 10.0.0.23 01:02:03 show
The result would be a list of 3 leases with the client's MAC
address, the client last transaction time, and the client's host
name.
Examples
Status
See Also
server
Attributes
activity-summary-interval time default = 60s
addr-blocks-default-selection-tags nlist(obj(0))
Controls whether or not DHCP server will add the client to the
client-cache during DHCPREQUEST (REQUEST, RENEW and REBIND in
case of DHCPv6) message processing. Default, false (disable).
If true, DHCP server will add the client to the client-cache
during DHCPREQUEST (REQUEST, RENEW and REBIND in case of DHCPv6)
message processing.
If false, the DHCP server will not add the client to the
client-cache during DHCPREQUEST (REQUEST, RENEW and REBIND in
case of DHCPv6) message processing. It will only add the client
to the client-cache during DHCPDISCOVER (SOLICIT for DHCPv6)
processing.
Adding the client to the client-cache can improve performance
when the server receives multiple messages from a client within
a short period, such as would be expected for
DHCPDISCOVER/DHCPOFFER, DHCPREQUEST/DHCPACK (or
SOLICIT/ADVERTISE, REQUEST/REPLY) sequences.
Controls how the DHCP server uses the client and client-class
configuration objects to affect request processing. Default is
false (disabled).
client-class-lookup-id expr
default-free-address-config nameref(0)
Specifies the type of resource record (RR) the server uses to identify
clients in DNS updates to avoid client naming conflicts.
1 - txt The server will use the TXT RR in DHCPv4 DNS updates.
This setting is used for backwards compatibility as
pre-8.2 versions of CNR only support using TXT RRs
for DHCPv4. This setting must be used if any pre-8.2
clusters are involved in doing DNS updates to the
zone(s).
2 - dhcid The server will use the DHCID RR for DHCPv4 DNS
updates. This setting should be used to support dual
stack clients and can only be used if all DHCP
servers doing DNS updates to the zone(s) for this
configuration support and are configured to use the
DHCID RR.
3 - transition-to-dhcid The server will use the DHCID RR for
new entries in DNS and update existing entries to use
the DHCID RR on the next DNS update done.
This setting is required for a period of time to
transitioning existing zones (which used TXT RRs) and
this can only be done when all servers doing DNS
updates have been upgraded to support use of the
DHCID RR (8.2 and later). See below on how to
expedite this transition.
4 - regress-to-txt The server will use the TXT RR for new
entries in DNS and upgrade existing entries to use
the TXT RR on the next DNS update done. This setting
is provided for use in cases where zones were prematurely
transitioned to use the DHCID RR. See below on how to
expedite this transition.
For the "transition-to-dhcid" and "regress-to-txt", it is recommend to
use the following procedure to expedite the transition to the new RR
type as quickly as possible:
1. Set the dns-client-identify attribute to "transition-to-dhcid"
(or "regress-to-txt").
2. Note the value of the force-dns-update attribute.
3. Enable the force-dns-update attribute (set it to true), if not
already enabled.
4. Reload the server.
5. After a period of time of at least the longest lease time
configured in the server (for the leases in the zones being
updated), set the dns-client-identify attribute to "dhcid"
(or "txt") and restore the force-dns-update attribute to its
earlier value if it was changed.
This attribute will provide the default value to "dns-client-identity"
attribute present in DNS Update Config settings
docsis-version-id-missing string
Sets the time, in seconds, that a packet can age and still be
processed.
The server attempts to read as many packets as possible from
the UDP input queue, and then process them quickly. If the
server is very busy, it can sometimes become flooded with
packets. This could delay processing some packets.
In the DHCP protocol, however, some clients automatically
retry packets that have not been processed in a few seconds
--so allowing the server to process packets that are
older than a small number of seconds. This can increase
congestion without providing any real value for the clients.
The drop-old-packets parameter is the number of seconds that
a packet can age and still be processed by the DHCP server.
If a packet is more than the value of drop-old-packets old
when processed by the DHCP server, the server drops the packet.
Sets the value of the extension callback trace logging level, which
can be useful in developing and debugging extensions. Default is 0.
The range is from 0 through 4, with more tracing at higher levels
(higher levels also included tracing at lower levels). The levels
are approximately as follows, depending on the language the extension
is implemented in:
0 - All: No tracing
1 - DEX: log() callback with invalid eLevel traced
TCL: Some callbacks with invalid arguments traced
2 - All: Not used (same as 1)
3 - DEX: put/putBytes failures traced
TCL: Unknown methods, wrong number of arguments, and
put/putBytes callbacks traced
4 - All: Callbacks traced (success with results or failure)
Note: This attribute can be updated dynamically and does not require
a DHCP server reload.
gss-tsig-config nameref(0)
ignore-cisco-options nlist(obj(0))
ignore-requests-for-other-servers bool
initial-environment-dictionary string
lease-retention-min-age time
log-format flags(header-in-packet-detail=1)
default =
Controls how the DHCP server logs certain data to the log files.
Possible flags are:
header-in-packet-detail
Controls the format of packet-detail logging. If unset, the
server uses a new, higher performance format, if such logging
is enabled. The new format does not include the log line header
for each line, and will not intermix packet detail with other
log messages. (This is the same format used by the DNS server
for packet-detail logging.)
If set, the traditional format for DHCP packet formatting is
used, which includes the log line header for each line and
could intermix packet detail for different packets and other
log messages.
The new format is highly recommended, except where applications
that parse this information require the traditional format.
Determines which events to log in the log files. Default flags are
default, incoming-packets, and missing-options.
Logging additional detail about events can help analyze a problem.
However, leaving detailed logging enabled for a long period
can fill up the log files.
Possible flags are:
activity-summary
This setting will cause a summary message to appear every
1 minute. It is useful when many of the no-xxx log settings
are enabled, to give some idea of the activity in the server
without imposing the load required for a log message
corresponding to each DHCP message. The time period for
these messages can be configured with the DHCP server
property activity-summary-interval.
client-criteria-processing
This setting will cause a log message to be output whenever a
scope is examined to find an available lease or whenever a
scope is examined to determine if a lease is still acceptable
for a client who already has one. It can be very useful when
configuring or debugging client-class scope criteria
processing. It causes moderate amount of information to be
logged and should not be left enabled as a matter of course.
client-detail
This setting will cause a single line to be logged at the
conclusion of every client-class client lookup operation. This
line will show the composite of the data found for the client
as well as the data that found in the client's client-class.
It is useful when setting up a client-class configuration and
for debugging problems in client-class processing.
default
The default gives a low level of logging in several parts of
the DHCP server. If you unconfigure the default, even this
logging will not appear.
dns-update-detail
This setting causes the server to log a message as it sends
each dns update and as it receives replies to update messages.
dropped-waiting-packets
If the value of max-waiting-packets is non-zero packets may
be dropped if the queue length for any IP address exceeds the
value of max-waiting-packets. If dropped-waiting-packets
is set, the server will log a message whenever it drops a
waiting packet from the queue for an IP address.
failover-detail
This setting causes the server to log a single message for
most failover transactions. The information logged is very
useful for understanding how failover is operating, and should
be included if at all possible when sending requests for
support regarding failover issues.
incoming-packet-detail
This setting will cause the contents of every DHCP packet
received by the DHCP server to be interpreted in a human
readable way and printed in the log file. This enables the
built-in DHCP packet sniffer for input packets. The log files
will fill up (and turn over) very rapidly when this setting is
enabled. This setting also causes a significant performance
impact on the DHCP server and should not be left enabled as a
matter of course.
incoming-packets
This setting (on by default) will cause a single line message
to be logged for every incoming packet. This is especially
useful when initially configuring a DHCP server or a BOOTP
relay, in that an immediate positive indication exists that
the DHCP server is receiving packets.
ldap-create-detail
This setting will cause log messages to appear whenever the
dhcp server initiates an lease state entry create or delete
to LDAP server, receives response and retrieves result or
error messages.
ldap-query-detail
This setting will cause log messages to appear whenever the
dhcp server initiates a query to LDAP server, receives response
and retrieves result or error messages.
ldap-update-detail
This setting will cause log messages to appear whenever the
dhcp server initiates an update lease state to LDAP server,
receives response and retrieves result or error messages.
leasequery
This setting will cause log messages to appear when leasequery
packets are processed without internal errors and result in
an ACK or a NAK.
minimal-config-info
This setting will reduce the number of configuration messages
printed when the server starts or reloads. In particular,
it will not log a message for every scope.
missing-options
This setting (on by default) will cause a message to be logged
whenever an option requested by a DHCP client has not been
configured in a policy and therefore cannot be supplied by the
DHCP server.
no-dropped-bootp-packets
This setting will cause the single line message normally
logged for every BOOTP packet that is dropped to not appear.
no-dropped-dhcp-packets
This setting will cause a single line message normally logged
for every DHCP packet that is dropped due to DHCP
configuration to not appear. (See no-invalid-packets for
messages associated with packets dropped because they are
invalid.)
no-failover-activity
This setting will cause normal activity and some warning
messages logged for failover to not appear. Serious error
log messages will continue to appear independent of this
log-setting.
no-failover-conflict
This setting will cause conflicts between failover partners
to not be logged.
no-invalid-packets
This setting will cause a single line message normally logged
for every DHCP packet that is dropped due being invalid to
not appear. (See no-dropped-dhcp-packets for messages
associated with packets dropped due to DHCP server
configuration.)
no-reduce-logging-when-busy
Normally, the DHCP server will reduce logging when it becomes
very busy (i.e., when it has used over 2/3 of the available
receive buffers (itself a configurable value)). It will set
no-success-messages, no-dropped-dhcp-packets,
no-dropped-bootp-packets, no-failover-activity,
no-invalid-packets, and clear everything else except
activity-summary. If no-reduce-logging-activity is set, then
the server will not do this. It will restore the previous
settings when the server becomes unbusy (i.e., when it has
used only 1/3 of the available receive buffers).
no-success-messages
This setting will cause the single line message that is
normally logged for every successful outgoing DHCP response
packet to not appear. It affects logging only for successful
outgoing DHCP response packets.
no-timeouts
This setting will cause messages associated with timeout
of leases or offers not to appear in the log file.
outgoing-packet-detail
This setting will cause the contents of every DHCP packet
transmitted by the DHCP server to be interpreted in a human
readable way and printed in the log file. This enables the
built-in DHCP packet sniffer for output packets. The log files
will fill up (and turn over) very rapidly when this setting is
enabled. This setting also causes a significant performance
impact on the DHCP server and should not be left enabled as a
matter of course.
unknown-criteria
This setting will cause a single line log message to appear
whenever a client entry is found which specifies selection
criteria that is not found in any scope appropriate for that
client's current network location.
v6-lease-detail
This setting causes the server to log individual messages
regarding DHCPv6 leasing activity (in addition to or in
place of a single message per client transaction depending
on no-success-messages, or client timeout event depending on
no-timeouts).
Note: This attribute can be updated dynamically and does not require
a DHCP server reload.
Controls how the server uses the user-class-id option. Values are:
0 none Ignores the user class-id(default)
1 map-as-tag Maps the user-class-id to selection-tags
2 map-as-class Maps user-class-id directly to a
client-class name
3 append-to-tags Appends the user-class-id to the
selection-tags
Controls the number of times that the DHCP server can attempt
adding a host into DNS, even if the DHCP server detects that the
hostname is already present in DNS. The DHCP server attempts
to modify the hostname in order to resolve a conflict on each
failed update.
Controls the number of times that the DHCP server can try to
send dynamic updates to a DNS server.
Sets the time to live (TTL) ceiling, in seconds, for DNS records
added through dynamic updates. When the DHCP server adds a DNS
record, it uses a TTL of the minimum of either this ceiling or one
third the lease time.
Sets the number of buffers the server allocated for sending and
receiving ICMP ping messages. See the 'ping-clients' and
scope 'ping-clients' attribute.
Minimum value for time to live (TTL) in seconds, for DNS records
added through dynamic updates. When the DHCP server adds a DNS
record, the TTL value will be min-dns-ttl if one third the lease
time is less than the min-dns-ttl value.
sms-library-path string
sms-site-code string
Specifies the site code name of the SMS server that receives
discovery records when you use the updateSMS keyword.
For proper functioning, make sure that you initialize this
attribute to the appropriate site code.
The default value is an empty string, but this prohibits data
discovery to complete successfully. So, you must provide the
site code.
traps-enabled flags(all=1, server-start=2, server-stop=3, free-address-low=4, free-address-high=5, dns-queue-size=6, other-server-down=7, other-server-up=8, duplicate-
address=9, address-conflict=10, failover-config-error=11, free-address6-low=12, free-address6-high=13, duplicate-address6=14, duplicate-prefix6=15, address6-
conflict=16, prefix6-conflict=17)
default =
v6-client-class-lookup-id expr
dhcp-address-block
dhcp-address-block - Defines a contiguous range of IP address space
from which the DHCP server may allocate subnets
Synopsis
Description
Status
See Also
dhcp-subnet
Attributes
address subnet required
Sets the default subnet size for allocations from this address
block.
embedded-policy obj(0)
Displays the embedded policy object for this DHCP address block.
Read-only. Use the dhcp-address-block-policy command to set the
embedded policy.
name string
segment-name string
Designates the LAN segment name for this DHCP address block. To group
multiple, logical IP subnets on a single, physical network, give each
DHCP address block the same segment-name string. The server ignores
character case when comparing values.
selection-tags string
Lists tag strings that are compared with incoming selection tags in
an allocation request. All tags in the request must match a DHCP
address block's selection tags for that block to satisfy the request.
Separate multiple tags with a comma (do not include commas in tag
names).
Sets the VPN identifier for the VPN that contains this address-block.
dhcp-address-block-policy
dhcp-address-block-policy - Edits a DHCP policy embedded in an
address-block
Synopsis
Description
Examples
Status
See Also
policy, client-policy, client-class-policy, link-policy,
link-template-policy, prefix-policy, prefix-template-policy,
scope-policy, scope-template-
policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
inhibit-renews-at-reboot bool default = false
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
Identifies the IP address of the next server in the client boot
process. For example, this might be the address of a TFTP server
used by BOOTP clients. The server returns this address in the
'siaddr' field of its replies.
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
dhcp-dns-update
dhcp-dns-update - Configures a DNS Update object for DHCP
Synopsis
Description
Examples
Status
See Also
policy
Attributes
backup-server-addr ipaddr
Specifies the backup DNS server address that receives DNS updates
if the server specified in server-addr is down.
backup-server-ip6address ip6addr
Specifies the backup DNS server IPv6 address that receives DNS updates
if the server specified in server-ip6address is down.
backup-server-key nameref(0)
Specifies the TSIG key used to process all dynamic DNS updates for
backup-server-addr or backup-server-ip6address.
dns-host-bytes rangeint(1-4)
forward-zone-name dname
host-name-generator expr
max-dns-ttl time
Indicates the maximum number of seconds the DHCP server keeps DNS
records it acquired through dynamic updates. This value sets a
a ceiling (or time to live) on how long to keep DNS updates.
When the DHCP server adds a DNS record, it uses a TTL of one
third the lease time if it is between min-dns-ttl and
max-dns-ttl values. If one third of the lease time is greater
than max-dns-ttl, the TTL value is set to max-dns-ttl.
When this value is unset, the DHCP server max-dns-ttl setting
will apply.
min-dns-ttl time
Indicates the minimum number of seconds the DHCP server keeps the
DNS records acquired through dynamic updates. This value sets the
shortest allowable time (or time to live) to keep DNS updates.
When the DHCP server adds a DNS record, it uses a TTL of one
third the lease time if it is between min-dns-ttl and
max-dns-ttl values. If one third of the lease time is smaller
than min-dns-ttl, the TTL value will be set to min-dns-ttl.
reverse-zone-name dname
reverse-zone-prefix-length rangeint(0-124)
server-addr ipaddr
Specifies the DNS server address that receives dynamic DNS updates.
server-ip6address ip6addr
Specifies the DNS server IPv6 address that receives dynamic DNS
updates.
server-key nameref(0)
Specifies the TSIG key used to process all dynamic DNS updates for
server-addr or server-ip6address.
Identifies the stem of the default host name to use if clients do not
supply host names.
Controls whether the DNS server receives updates for BOOTP clients.
If the server is replying to a BOOTP request, and is offering a
lease configured to perform DNS updates, it checks
this attribute before beginning the DNS update. This attribute allows
an administrator to prevent DNS updates for BOOTP clients, while
allowing updates for DHCP clients. If not configured, the server
setting is used (which defaults to true).
Controls what the DHCP server appends to the synthetic name stem when
synthesizing the fully-qualified domain name for a client. This
option is used when client does not supply any hostname in its
request.
address:
Identifies the v4 address of client.
client-id:
Client-id or DUID given by DHCPv4 client in its request
(Option 61).
hashed-client-id:
The hashed client id. The rightmost 64-bits of the SHA-256 hash
over the client id appended with the forward zone name
(in DNS wire format) is used to generate a 13-character base 32
encoded string.
v6-host-name-generator expr
Controls what the DHCP server appends to the synthetic name stem
when synthesizing the fully-qualified domain name for a client:
duid
The raw client DUID. This is formatted as a hexadecimal
string with a hyphen as separator between each octet.
hashed-duid
The hashed client DUID. The rightmost 64-bits of the SHA-256
hash over the client's DUID appended with the forward zone
name (in DNS wire format) is used to generate a 13-character
base 32 encoded string. This is the default method and the
fallback method if the configured type is not possible
(that is, the option needed to generate the selected type
does not exist for the client).
cablelabs-device-id
The Cablelabs CL_OPTION_DEVICE_ID option data is used, if
available. This is formatted as a hexadecimal string with a
hyphen as separator between each octet. This might be used
for names generated for DOCSIS 3.0 cable modems.
cablelabs-cm-mac-addr
The Cablelabs CL_CM_MAC_ADDR option data is used, if
available. This is formatted as a hexadecimal string with
a hyphen as separator between each octet. This might be
used for names generated for CPEs behind a customer's
DOCSIS 3.0 cable modem (if the customer has multiple CPEs,
a name collision and disambiguation will likely result).
Note: Several of these methods may cause privacy concerns if
the DNS is accessible from the Internet.
view-id int
dhcp-interface
dhcp-interface - Configures the DHCP server's network interfaces
Synopsis
Description
Examples
Status
See Also
Attributes
address subnet
ip6address prefix
dhcp-listener
dhcp-listener - Configures a TCP dhcp-listener for DHCP.
Synopsis
Description
Examples
Status
See Also
Attributes
address ipaddr
ip6address ip6addr
port short
Specifies the port number on which the DHCP server listens for
TCP connections. The default port is the server-port for DHCPv4
and v6-server-port for DHCPv6.
dhcp-subnet
dhcp-subnet - Describes a contiguous range of IP address space
which the DHCP server has allocated to a client.
Synopsis
Description
Examples
Status
See Also
dhcp-address-block
Attributes
address subnet immutable
all-vpns bool
client-domain-name string
Displays the domain name the client specified in its messages (if
any).
client-host-name string
Displays the host name that the client specified (if any).
client-id blob
client-last-transaction-time date
Displays the time when the client last contacted the DHCP server.
client-mac-addr macaddr
Displays the MAC address which the client presented to the DHCP
server.
expiration date
high-water int
Displays the highest utilization level recorded since the last time
that statistics were retrieved.
in-use-addresses int
last-transaction-time date
Displays the time at which the client last communicated with the
server about this subnet. Read only.
relay-agent-option blob
selection-tags string
state enumint(none=0, available=1, other-available=2, offered=3, leased=4, expired=5, released=6, unavailable=7, pending-available=8)
unusable-addresses int
dns
dns - Configures and controls the DNS server
Synopsis
dns setPartnerDown
dns rollover-ksk [tenant-id=<value>] [next-key=<keyname>]
Description
The dns command lets you configure the DNS server in the cluster.
dns findRR -name <fqdn>|<addr>
dns findRR [-namePrefix <namePrefix>] [-rrTypes <rrTypeList>]
[-protected | -unprotected] [-zoneType forward | reverse
| primary | secondary | ALL]
Use the findRR commands to display the resource records for a
specific domain name; or to display those matching a name prefix,
a list of resource record types--whether protected or unprotected--and
certain zone types.
dns rebuildRR-Indexes
The rebuildRR-Indexes command rebuilds the resource record
indexes.
dns forceXfer secondary
The forceXfer command forces full zone transfers for every zone
whose type matches the type (primary or secondary) specified in
the command, regardless of the SOA serial numbers, to synchronize
DNS data store. If a normal zone transfer is already in progress,
the forceXfer command schedules a full zone transfer for that
zone immediately after the normal zone transfer finishes.
Note: The option for primary is not yet available.
dns scavenge
The scavenge command causes scavenging to occur on all primary
zones that have scavenge enabled.
dns serverLogs show
dns serverLogs nlogs=<nlogs> logsize=<logsize>
The serverLogs show command displays the number of log files
and the maximum size for each file.
The serverLogs command allows setting the two server logging
parameters, nlogs and logsize. Either or both may be specified
in the command, and changes will only occur to the one(s)
specified. When setting logsize, a suffix of K or M indicates
units of thousands or millions.
dns serverLogs nlogs=6 logsize=500K
dns serverLogs logsize=5M
Note: For these changes to take effect you must save the changes
and restart the server Agent.
dns getStats [performance | query | errors | security | maxcounters |
ha | ipv6 | dns-pn | cache | datastore | top-names |
dns-hhc | all] [total | sample ]
The getStats command displays the requested DNS server
statistics, either since the last reload or for the last sample
period.
dns resetStats
The resetStats commands returns the DNS activity counters
(statistics) to zero.
dns getUtilization
The getUtilization command can be used to get the count
of total number of A and AAAA record for all zones.
dns getZoneCount [forward | reverse | primary | secondary | ALL]
dns getRRCount [zone <name> | forward | reverse | primary | secondary | ALL]
The getZoneCount and getRRCount commands display the number of
zones or resource records for the requested zones. By default,
all published zones are reported.
dns setPartnerDown
The setParterDown command notifies the DNS server that its High
Availability DNS partner server is down. This command is only
allowed once the DNS server is in Communications Interrupted
state. Once in Partner Down state, the DNS server no longer
persists changes that need to be merged with it's DNS HA
partner and must send FULL zone synchronization when the
partner comes back online.
dns rollover-ksk
The rollover-ksk command is used to start the Key Signing Key
rollover process. The tenant-id must be specified to rollover
a tenant Key Signing Key. next-key=<keyname> can
be used to specify the new Key Signing Key. Otherwise, a new
Key Signing Key will be generated internally.
Examples
Status
See Also
server
Attributes
activity-counter-log-settings flags(performance=3, query=4, errors=5, security=6, maxcounters=7, ha=8, ipv6=9, db=10, system=11, push-notifications=12, host-health-
check=13, top-names=14, cache=15)
default = performance,query,errors,maxcounters,system
Determines whether the DNS server logs sample and/or total statistics
when it logs activity-summary information. Note, activity-summary must
be specified in the log-settings in order for this setting to take
effect.
Allows ANY query requests from clients listed in this access control
list. This list can contain hosts, network addresses and/or other
ACLs. Request from clients matching this acl will be allowed ANY
query.
gss-tsig-config nameref(0)
Enables DNS Hybrid mode which allows CDNS and ADNS to run on
the same OS.
Specifies the UDP and TCP port number that the DNS server
uses to listen for queries.
Controls how the DNS server sends NOTIFY packets for zones
that have changed.
You must also set these attributes or accept their defaults:
notify-min-interval, notify-rcv-internal, notify-send-stagger,
and notify-wait.
Possible settings are:
disabled
Notifications will be turned off.
notify-all
Notifications will be sent to all NS and notify-list servers.
notify-ns
Notifications will only be sent to NS servers.
notify-list
Notifications will only be sent to the notify-list servers.
With the notify attribute enabled for secondary zones, sets the
minimum amount of time between complete processing of one
notification (serial number testing and/or zone transfer), and
the start of processing of another notification. ,
default 5s.
notify-source-address ipaddr
notify-source-ip6address ip6addr
Specifies the port number that the DNS server uses to send
notify requests to other servers.
A value of 0 (default) indicates that DNS should choose a random port.
If the value is set to be the same as the query-source-port, DNS will
log a warning and choose a random port.
packet-log-settings flags(all-in=1, all-out=2, query-in=3, query-out=4, update-in=5, update-out=6, notify-in=7, notify-out=8, xfr-in=9, xfr-out=10, ha-in=11, ha-out=12, ha-
heartbeat-in=13, ha-heartbeat-out=14, ha-frameack-in=15, ha-frameack-out=16, push-notifications-in=17, push-notifications-out=18)
default = all-in,all-out
Specifies the access control list (ACL) for DNS Push Notifications.
The list can consist of one or more comma-separated IP addresses,
subnet/prefix addresses and/or named ACL references.
Specifies the maximum time to live for each DNS Push Notification
connection. Once the TTL has been reached, the connection is
forced close.
Specifies the UDP and TCP port number the DNS server
uses to send queries to other servers. Default is port 53.
Ensures that the server does not reset the scavenging time with
every server restart. Within this interval, Network Registrar
ignores the time between when a server went down and its restart.
This interval is normally short. The value can range from two
hours to one day. With any time longer than that set,
Network Registrar recalculates the scavenging period
to allow for record updates that cannot take place while the
server is stopped. You can also set this attribute on a zone,
and the value set on the zone overrides the server setting.
Default is 2h.
server-log-settings flags(config=1, config-detail=2, activity-summary=3, server-operations=4, query=5, update=6, notify=7, xfr-in=8, xfr-out=9, ha=10, scp=11,
scavenge=12, db=13, tsig=14, push-notifications=15, dnssec=16, host-health-check=17)
default = config,activity-summary,server-operations,update,xfr-in,xfr-
out,ha,scp,scavenge
Determines which events to log in the DNS log files. Default flags are
activity-summary, config, update, xfr-in, xfr-out, scp, scavenge,
server-operations and ha.
Logging additional detail about events can help analyze a problem.
However, leaving detailed logging enabled for a long period
can fill up the log files.
The possible settings are:
host-health-check
This setting enables logging associated with DNS Host
Health Check.
activity-summary
This setting enables logging of DNS statistic messages
at the interval specified by activity-summary-interval.
The type of statistics logged can be controlled with
activity-counter-log-settings and activity-summary-type.
config
This setting enables logging of DNS server configuration
and de-initialization messages.
config-detail
This setting enables logging of detailed configuration
messages (i.e. detailed zone configuration logging).
db
This setting enables logging of database processing
messages. Enabling this flag provides insight into
various events in the server's embedded databases.
dnssec
This setting enables log messages associated with
DNSSEC processing.
ha
This setting enables logging of HA DNS messages.
notify
This setting enables logging of messages associated
with NOTIFY processing.
push-notifications
This setting enables logging associated with DNS Push
Notifications.
query
This setting enabled logging of messages associated
with QUERY processing.
scavenge
This setting enables logging of DNS scavenging messages.
scp
This setting enabled logging associated with SCP messages
handling.
server-operations
This setting enables logging of general server events,
such as those pertaining to sockets and interfaces.
tsig
This setting enables logging of events associated Transaction
Signature (TSIG).
update
This setting enables logging of DNS Update message processing.
xfr-in
This setting enables logging of inbound full and incremental
zone transfers.
xfr-out
This setting enables logging of outbound full and incremental
zone transfers.
transfer-source-address ipaddr
transfer-source-ip6address ip6addr
dns-enum-config
dns-enum-config - Configures DNS ENUM defaults in the
DNS authoritative servers.
Synopsis
dns-enum-config show
dns-enum-config get <attribute>
dns-enum-config set <attribute>=<value>
dns-enum-config unset <attribute>
dns-enum-config addService <type> <subtype> <URI>
[<order> [preference]]
dns-enum-config removeService <type> <subtype> <URI>
dns-enum-config listServices
Description
This command is used to configure DNS ENUM defaults for the DNS
authoritative servers.
Examples
Status
See Also
Attributes
default-services nlist(obj(0))
number-prefix string
zone-template nameref(0)
dns-enum-domain
dns-enum-domain - Configures ENUM domain in the DNS authoritative
servers.
Synopsis
Description
This command is used to configure ENUM domain for the DNS servers.
The DNS servers must be reloaded for changes to take effect.
Examples
See Also
Attributes
description string
nameservers nlist(obj(0))
person dname
Sets the serial number for the domain. Note this value will
only be applied to the SOA record if it is greater than the
current serial number.
zone-template nameref(0)
dns-enum-number
dns-enum-number - Configures ENUM number in the DNS authoritative
servers.
Synopsis
This command is used to configure ENUM number for the DNS servers.
The DNS servers must be reloaded for changes to take effect.
The pull, push and reclaim commands are only available when
connected to a regional cluster. Push and reclaim allow a list
of clusters or "all".
Examples
Status
See Also
Attributes
description string
ported-nameserver dname
Specifies the nameserver for a ported number that has been delegated.
zone-template nameref(0)
dns-interface
dns-interface - Configures the DNS server's network interfaces
Synopsis
Description
Examples
Status
See Also
Attributes
address subnet
ip6address prefix
Specifies the IPv6 address and prefix length for one or more
DNS interfaces.
Specifies the UDP and TCP port number the DNS server listens on.
dns-update-map
dns-update-map - Configures a DNS update map of the DHCP and DNS
server configurations needed to perform DNS updates
Synopsis
Description
The dns-update-map command lets you define and manage DNS update
configuration maps. A DNS update map defines an update relationship
between a DHCP policy and a list of DNS zones. The update map is
designed to coordinate:
- DNS servers or Highly Available (HA) DNS server pairs
- DNS update ACLs or update policies
- DHCP servers or failover server pairs
- DHCP policy selection
An update map applies to all primary zones that the DNS server
manages, and all scopes that the DHCP server manages.
The push command is only available when connected to a regional
cluster.
Examples
Status
See Also
dhcp, failover-pair, dns, ha-dns-pair, dhcp-dns-update, acl, update-policy
Attributes
dhcp-client-class nameref(0)
dhcp-named-policy nameref(0)
dns-update-acl amelist
dns-update-policy-list nlist(obj(0))
dns-view
view - Controls and configures DNS Views in the DNS Authoritative
and Caching servers
NOTE: The dns-view command is a synonym for view command.
Synopsis
Description
The view command is used to control and manage DNS Views for the DNS
servers. The DNS servers must be reloaded for changes to take effect.
The pull, push, and reclaim commands are only available when
connected to a regional cluster. For push and reclaim, a list of
clusters or "all" may be specified.
Examples
Status
See Also
Attributes
acl-match-clients amelist default = any
dnssec
dnssec - Controls and configures DNSSEC processing in the
Authoritative DNS server
Synopsis
Description
Examples
Status
See Also
Attributes
description string
Specifies the time interval for the Zone Signing Key (ZSK)
rollover process. It determines the lead time for the new key
prior to the current key deactivation-date.
Configured interval should be more than maximum TTL of the zones
plus the propagation delay, to avoid bogus zone information.
dnssec-key
dnssec-key - Manage Authoritative DNSSEC Key objects
Synopsis
Description
Status
See Also
Attributes
activation-date date immutable
Specifies the activation date and time for this key. Beginning at
this date and time, the key will be used to sign RRSets.
Specifies the deactivation date and time for this key. Until this
date and time, the key will be used to sign RRSets.
This attribute must be 0 for Key Signing Keys. Key Signing Keys
remain active until the key rollover process is initiated.
Indicates this key is enabled and will be used to sign the zones.
Specifies the date and time this Zone Signing Key is scheduled to
be removed. If 0, automatic removal is disabled and the key must
be deleted by user action.
This attribute must be 0 for Key Signing Keys. Key Signing Keys
remain active until the key rollover process is initiated. When
the rollover process is complete, the key can be deleted by user
action.
exit
exit - Exits the current nrcmd session.
Synopsis
exit
Description
The exit command lets you exit the current nrcmd session. If you have
unsaved changes, they will be flushed to the database before the session
exits.
Examples
Status
See Also
save(nrcmd)
export
export - exports configuration information to a file
Synopsis
Description
The export command lets you export data in one of several common
formats.
export leases [ -client | -server ]
[ -vpn <vpn-name> ]
[ -time-ascii | -time-numeric ] <file>
Use the export leases command to export leases to a file.
If -client is specified (or -server is not specified), only
leased leases are exported.
If -server is specified the export includes expired and leased
leases. And when connected to a pre-7.2 cluster, the file is
created in the DHCP server's log directory and the server
performs the export to the file.
The optional time-ascii and time-numeric keywords specify how
to output date/time fields to the text file. The default is
time-ascii.
If no vpn is specified, the current-vpn of the session is used.
When specifying a <vpn-name> to any export command which
supports it, the name "global" (with or without the quotes)
will specify the global (i.e., unnamed or default) vpn. The
name "all" (also with or without the quotes) will specify
that all vpn (including the global one) should be exported.
export zone <zone name> {-protected | -unprotected | -all} [<file>]
Use the export zone command to export the resource
records in the specified zone. BIND can parse the format of
the output.
export zonenames {forward | reverse | both} [<file>]
Use the export zonenames command to export the list of zones
that match a given criteria.
export hostfile [<file>]
Use the export hostfile command to export the CCM DNS
information in the cluster in a UNIX hostfile format.
export keys <file>
export key <keyname> <filename>
You can use the export command to export the TSIG keys that
are configured on a cluster with the export keys command.
You can also specify to export a single key with the export
key <keyname> command. These commands will generate key
definitions in BIND syntax so they may be either imported
into other clusters or BIND configurations.
export option-set <option-set name> <filename>
The export option-set command writes out a text file that
may be loaded into a running server with the option-set
import command.
export dnssec-ds <zone name> <filename>
Use the export dnssec-ds command to export the Delegation
Signer (DS) record of a signed zone to the specified file.
This command is applicable only for primary zones.
Examples
Status
See Also
session current-vpn
extension
extension - Integrates user-written DHCP extensions into the DHCP server
Synopsis
extension list
extension listnames
extension listbrief
extension <name> create <lang> <file> <entry> [<attribute>=<value>...]
extension <name> delete
extension <name> get <attribute>
extension <name> set <attribute>=<value> [<attribute>=<value> ...]
extension <name> unset <attribute>
extension <name> show
Description
Examples
Create a tcl script, sample1, that does something.
nrcmd> extension sample1 create tcl sample1.tcl sample_ext
Status
See Also
dhcp AttachExtension
Attributes
entry string required
init-args string
init-entry string
Specifies the name of the init entry point. If set, the server
calls this function when the server loads the module.
failover-pair
failover-pair - configures a DHCP failover relationship
Synopsis
The failover-pair command lets you define and manage the failover
relationship between a main and backup server.
Either the main and backup clusters or the main and backup server
IP addresses can be specified with the create command. If the
main-server and backup-server addresses are set, the cluster
addresses will only be used for synchronization of the server
configuration. The referenced clusters must be configured with
appropriate connection credentials for the sync and
pollLeaseHistory commands to be successful.
The pollLeaseHistory and getLeaseHistoryState commands are only
available when connected to a regional cluster.
failover-pair <name> setPartnerDown [<date>]
The setPartnerDown command notifies the DHCP server that its
failover partner server is down. The date specified represents a
time equal to or later than the last known time the partner
server could have been operational. If no date is specified, the
last known time of contact with the partner server is used.
The partner server's available IP addresses will be available to
the remaining server to lease once the MCLT has elapsed from the
time that is used by the setPartnerDown command. These IP
addresses will continue to be in state other-available, but the
remaining server will be able to allocate them to clients once
the MCLT has elapsed.
If the MCLT has not passed since the partner server went down,
you can make that partner's leases available to the remaining
server to lease to new clients immediately, though there is risk
to this approach. To make these leases immediately available,
you would enter a time on the setPartnerDown command which was
more than the MCLT prior to the current time. This will allow
the remaining server to immediately lease all available leases to
DHCP clients. Should you do this, you will incur a risk that
there will be some doubly allocated IP addresses, since some
address allocations made by the partner server to DHCP clients
may not have been communicated to the remaining server prior to
it going down. These IP addresses may then be allocated to other
DHCP clients by the remaining server. We do not recommend this
approach -- but if you are out of addresses, it is certainly
preferable to disabling failover altogether.
The time value should be entered using the local time of the
nrcmd process. Formats for the date are:
-<num><value>
where <num> is a decimal number and <value> is one of 's',
'm', 'h', 'd', 'w', in which 's' is seconds, 'm' is minutes,
'h' is hours, 'd' is days and 'w' is weeks.
<month> <day> <hour>:<minute>[:<second>] <year>
where <month> is the name or first three letters of the name
of the month, <hour> is the hour on a 24- hour clock, and
<year> is the fully-specified year or a two-digit
representation in which 98 = 1998, 99 = 1999 and all other two
digit values XX = 20XX.
failover-pair <name> getStatus
This displays the failover-pair's related server object (same as
dhcp getRelatedServers full, but without any other servers).
failover-pair <name> pollLeaseHistory
failover-pair <name> getLeaseHistoryState
These commands are only available when connected to a regional
cluster and can be used to initiate a lease history poll
operation or examine the lease hsitory state.
failover-pair <name> rebalancePool
This command can be used to initiate a pool rebalance process.
Examples
Status
See Also
cluster
Attributes
backup oid(0)
backup-ip6address ip6addr
Controls the IPv6 address used for the failover protocol on the
backup server. If this value is unset, the address specified for
the backup cluster is used. Cisco recommends setting this value
only if the server is configured with different addresses for
configuration management and clients requests.
This value may be set to 0::0 to disable use of IPv6 for
failover communication.
If both IPv4 and IPv6 addresses are available, the servers will
try both transports for the TCP connection and use whichever
comes up first.
backup-server ipaddr
Controls the IPv4 address used for the failover protocol on the
backup server. If this value is unset, the address specified for
the backup cluster is used. Cisco recommends setting this value
only if the server is configured with different interfaces for
configuration management and clients requests.
This value may be set to 0.0.0.0 to disable use of IPv4 for
failover communication.
If both IPv4 and IPv6 addresses are available, the servers will
try both transports for the TCP connection and use whichever
comes up first.
dynamic-bootp-backup-pct percent
main oid(0)
Identifies the cluster with the main server for a failover pair.
main-ip6address ip6addr
Controls the IPv6 address used for the failover protocol on the
main server. If this value is unset, the address specified for
the main cluster is used. Cisco recommends setting this value
only if the server is configured with different addresses for
configuration management and clients requests.
This value may be set to 0::0 to disable use of IPv6 for
failover communication.
If both IPv4 and IPv6 addresses are available, the servers will
try both transports for the TCP connection and use whichever
comes up first.
main-server ipaddr
Controls the IPv4 address used for the failover protocol on the
main server. If this value is unset, the address specified for
the main cluster is used. Cisco recommends setting this value
only if the server is configured with different interfaces for
configuration management and clients requests.
This value may be set to 0.0.0.0 to disable use of IPv4 for
failover communication.
If both IPv4 and IPv6 addresses are available, the servers will
try both transports for the TCP connection and use whichever
comes up first.
Sets whether health checking is enabled and for which protocols when
failover communication is in the normal state. It can be set to
disabled (default), v4-only, v6-only, or both.
Sets the minimum time a client must report in the DHCPv4 secs field
or DHCPv6 elapsed time (8) option before the server will respond for
its partner when the communication between the partner and relay is
determined to be down.
If set to 0 (not recommended), the server will respond to all
requests.
Sets the health check partner request count. This is the number of
(DHCPv4) DHCPDISCOVER or (DHCPv6) Solicit requests the partner could
have responded to before this server starts responding to client
requests that it would normally not respond to.
Sets the health check restart time (in seconds). When no (DHCPv4)
DHCPDISCOVER or (DHCPv6) Solicit requests to which the partner would
respond are received for this interval of time, the times and counts
for the monitored relay will be restarted. This is to assure that the
health check is based on very recent data.
rhc-server-preference decimal-byte
Sets the health check unresponsive time (in seconds). This is the
minimum amount of time over which this server must fail to receive a
(DHCPv4) DHCPREQUEST or (DHCPv6) Request packet addressed to another
server before it starts responding to requests on behalf of its
partner as it assumes there are communication issues between the
relay and that partner.
Sets the minimum interval between logging of warning messages when the
server is responding for its partner because of likely communication
issues between its partner and a relay agent.
scopetemplate oid
group
group - Configures a named group of administrators
Synopsis
group <name> create [<attribute>=<value>]
group <name> delete
group list
group listnames
group listbrief
group <name> show
group <name> set <attribute>=<value> [<attribute>=<value> ...]
group <name> get <attribute>
group <name> unset <attribute>
group <name> enable <attribute>
group <name> disable <attribute>
group < <name> | all > pull < ensure | replace > <cluster-name>
[-report-only | -report]
group < <name> | all > push < ensure | replace | exact > <cluster-list>
[-omitrelated] [-report-only | -report]
group <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
admin, role
Attributes
desc string
gss-tsig
gss-tsig - configure a GSS-TSIG objects
Synopsis
gss-tsig list
gss-tsig listnames
gss-tsig listbrief
gss-tsig <name> show
gss-tsig <name> create
[<attribute>=<value>...]
gss-tsig <name> delete
gss-tsig <name> get <attribute>
gss-tsig <name> set <attribute>=<value>
[<attribute>=<value> ...]
gss-tsig <name> unset <attribute>
gss-tsig < <name> | all > pull < ensure | replace | exact >
<cluster-name> [-report-only | -report]
gss-tsig < <name> | all > push < ensure | replace | exact >
<cluster-list> [-report-only | -report]
gss-tsig <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
Attributes
name string required,unique
The maximum number of times that a TKEY RRs will be exchanged between
a client and the server during a particular key negotiation to prevent
endless looping as per RFC 2930. Default value is 5.
The server and client will maintain some required data in TKEY table
when performing TKEY negotiation. This attribute bounds the TKEY table
by defining the maximum number of key records. The new TKEY query
negotiation will fail when TKEY table hit this maximum size.
Default size is 32767.
This attribute will define the interval to purge expired key records
in TKEY table. Default value is 60 sec.
ha-dns-pair
ha-dns-pair - configure a High Availability DNS relationship
Synopsis
Description
Examples
Status
See Also
cluster
Attributes
backup oid(0)
ha-dns-backup-address ipaddr
The IP address to use for the HA DNS protocol on the backup server.
If this value is unset, the address specified for the backup cluster
will be used. In general, it should only be set if the server is
configured with different interfaces for configuration management
and update requests. The HA DNS protocol should always be
configured with the interface used to service updates.
ha-dns-backup-ip6address ip6addr
Specifies the IPv6 address to use for the HA DNS protocol on the
backup server. If this value is unset, the address specified for
the backup cluster will be used. In general, it should only be set
if the server is configured with different interfaces for
configuration management and update requests. The HA DNS protocol
should always be configured with the interface used to service
updates. If both IPv4 and IPv6 addresses are configured, the IPv6
address will be used.
ha-dns-backup-mname dname
Specifies the DNS name of the HA backup server. When set and
ha-dns-soa-mname-update is enabled, the SOA MNAME field for
all HA primary zones is set to this FQDN when the HA backup
server is accepting updates.
DNS clients can perform SOA queries to determine which server
should handle update requests. The SOA MNAME change is also
propagated to secondary servers via zone transfers and notifies.
ha-dns-main-address ipaddr
The IP address to use for the HA DNS protocol on the main server.
If this value is unset, the address specified for the main cluster
will be used. In general, it should only be set if the server is
configured with different interfaces for configuration management
and update requests. The HA DNS protocol should always be
configured with the interface used to service updates.
ha-dns-main-ip6address ip6addr
Specifies the IPv6 address to use for the HA DNS protocol on the
main server. If this value is unset, the address specified for the
main cluster will be used. In general, it should only be set if the
server is configured with different interfaces for configuration
management and update requests. The HA DNS protocol should always be
configured with the interface used to service updates. If both
IPv4 and IPv6 addresses are configured, the IPv6 addresses will
be used.
ha-dns-main-mname dname
Specifies the DNS name of the HA main server. When set and
ha-dns-soa-mname-update is enabled, the SOA MNAME field for
all HA primary zones is set to this FQDN when the HA main
server is accepting updates.
DNS clients can perform SOA queries to determine which server
should handle update requests. The SOA MNAME change is also
propagated to secondary servers via zone transfers and notifies.
Controls whether or not the HA DNS servers will update the MNAME
field of the SOA records on their primary HA zones when failing
over. The ha-dns-main-mname and ha-dns-backup-mname attributes
must also be set for the change to occur.
main oid(0)
help
help - provides online help
Synopsis
help
help <cmd> [<section> ...]
Description
Examples
nrcmd> help
100 Ok
... displays the list of commands
nrcmd> help dns
100 Ok
... displays the contents of the dns page
nrcmd> help dns synopsis
100 Ok
SYNOPSIS
dns
help <cmd> [<section> ...]
Status
See Also
intro
import
import - loads server configuration information from a file
Synopsis
Description
The import command lets you import lease information into the
DHCP server configuration or BIND configuration information
into the DNS server configuration.
import leases <file>
Before you can import leases, you need to perform several
configuration steps:
1. Configure scopes in the DHCP server for the leases
that are going to be imported. (see the scope command.)
2. If the host names for the leases are going to be dynamically
entered into DNS as part of the import, configure zones in the
DNS server to allow dynamic updates. (see the zone command)
3. Set the DHCP server to import mode so that it will not
respond to other lease requests during the lease importing.
(see the dhcp command)
After the leases have been imported, take the DHCP server out of
import mode so that it will respond to other lease requests.
import named.boot <file>
Imports an existing BIND 4.x.x configuration into DNS by parsing
the BIND named.boot file and reading the zone data from the
associated BIND zone files.
import named.conf <file> <protected | unprotected>
Imports an existing BIND 8 or BIND 9 configuration into DNS
by parsing the BIND named.conf file and reading the zone data
from the associated BIND zone files. If no name-protection
option is specified, the default is protected.
import keys
Imports TSIG keys into the Cluster configuration by reading
in key data from a file. This file can be generated by running
the key generator utility (cnr_keygen). The keys are written in
BIND syntax and therefore can also be copied from a valid BIND
configuration.
import option-set
Imports an option-set from specified file. Compatible files can
be generated using the 'export option-set' command.
Examples
Status
See Also
key
key - Manage TSIG key objects
Synopsis
key list
key listnames
key listbrief
key <name> show
key <name> create <secret> [<attribute>=<value>...]
key <name> delete
key <name> get <attribute>
key <name> set <attribute>=<value> [<attribute>=<value> ...]
key <name> unset <attribute>
key < <name> | all > pull < ensure | replace | exact >
<cluster-name> [-report-only | -report]
key < <name> | all > push < ensure | replace | exact >
<cluster-list> [-report-only | -report]
key <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
Attributes
algorithm enumstr(hmac-md5=1)
default = hmac-md5
id int
security-type enumstr(TSIG=1)
default = TSIG
The time stamp fudge factor (amount that the time values can
differ).
ldap
ldap - Specifies the LDAP remote server's properties
Synopsis
ldap list
ldap listnames
ldap listbrief
ldap <name> create <hostname> [<attribute>=<value>...]
ldap <name> delete
ldap <name> get <attribute>
ldap <name> set <attribute>=<value> [<attribute>=<value> ...]
ldap <name> unset <attribute>
ldap <name> disable <attribute>
ldap <name> enable <attribute>
ldap <name> show
ldap <name> setEntry <dictionary> <key>=<value>
ldap <name> getEntry <dictionary> <key>
ldap <name> unsetEntry <dictionary> <key>
Description
The ldap command configures the LDAP servers that the DHCP server
should communicate with. The DHCP server can read client configuration
information from or write lease information to an LDAP enabled
directory.
Use the setEntry, getEntry, and unsetEntry commands to set, query, and
clear elements of the various dictionary properties in the LDAP server
configuration. These dictionary properties provide a convenient
mapping from strings keys to string values.
The dictionary values for the setEntry command are:
create-dictionary
create-string-dictionary
env-dictionary
query-dictionary
update-dictionary
v6-create-dictionary
v6-create-string-dictionary
v6-update-dictionary
Examples
Status
See Also
Attributes
can-create bool default = disabled
create-dictionary dict
create-object-classes string
create-string-dictionary dict
dn-attribute string
dn-create-format string
dn-format string
env-dictionary dict
password string
Sets the password of a user with access to the parts of the directory
that DHCP uses. Because you can configure LDAP servers to allow
anonymous access, this is optional.
port int
query-dictionary dict
Maps LDAP attributes and DHCP attribute names. The server attempts
to retrieve all LDAP attributes specified in the dictionary. When a
query succeeds, the values for any ldap attributes that it returns
are set in the corresponding client-entry attribute.
Specifies the number of seconds the DHCP server waits for a response
to individual LDAP Query requests. After a query request times out,
the DHCP server will drop the request and not process it again on
another LDAP connection or LDAP Server. A query-timeout value of 3
seconds is a good value.
Note: The timeout attribute configures the timeout for LDAP
Update and Create requests.
referral-attr string
referral-filter string
search-filter string
search-path string
Controls the number of seconds the DHCP server waits for a response
to an individual LDAP update or create request. If an LDAP request
times out, the DHCP server resubmits it to other LDAP connections.
Further, if the DHCP server receives no response (that is, a result
for an LDAP update or create) from an LDAP connection for the timeout
seconds, DHCP marks this LDAP connection as 'Inactive' and tears down
the connection, then reconnects. A timeout value of 10 seconds is a
good value for LDAP create and update operations.
Note: You can configure a separate timeout for LDAP query operations
using the query-timeout attribute.
update-dictionary dict
update-search-attribute string
update-search-filter string
update-search-path string
username string
Designates a user with access to the parts of the directory that DHCP
uses. Because you can configure LDAP servers to allow anonymous
access, this is optional.
v6-create-dictionary dict
v6-create-string-dictionary dict
v6-dn-attribute string
v6-update-dictionary dict
v6-update-search-attribute string
lease
lease - Manage DHCP lease objects
Synopsis
Description
The lease command lets you view and manipulate current DHCP leases
in the cluster.
When you specify the lease on which one of these commands is to
operate, you may optionally specify a <vpn-name> in which the
<ip-address> is to be found. You may specify the name of a
currently defined vpn as the <vpn-name>, or use the reserved vpn
name "global" (without the quotes) to specify the operation on
leases which are not in any explicitly defined vpn. If you do
not specify a <vpn-name>, then the session's current-vpn is used
as a default.
lease list [-vpn=<vpn-name>] [-count-only]
lease list -macaddr <mac-address> [-vpn=<vpn-name>]
lease list -subnet <ip-address> <mask>
lease list -lansegment <ip-address> <mask>
lease [<vpn-name>/]<ip-address> [show]
The list command lists leases in the DHCP server. Only the
leases in the current-vpn or specified vpn-name are listed.
<vpn-name> may be "all" (without the quotes) to request leases
in all vpns. If -count-only is specified, only the count of
the number of leases is returned (no leases are displayed).
The list -subnet command lists all leases in a subnet
(scopes whose address and mask match the query).
The list -lansegment command lists all leases in a LAN
segment, meaning all leases in scopes whose address and mask
match the query, as well as leases in secondary scopes whose
primary scope's address and mask match the query.
The list -macaddr command lists all leases that are associated
with the specified MAC address.
Note: The list -macaddr command for Network Registrar 6.3
and earlier clusters can be extremely slow. In release 7.0
and later, performance is improved. The recommended syntax
is -macaddr=<mac-address>.
lease [<vpn-name>/]<ip-address> activate
lease [<vpn-name>/]<ip-address> deactivate
The activate and deactivate commands tell the DHCP server
to make the specified lease active or inactive. An inactive
lease is not given out, even if it is in the available state.
Making a currently leased lease inactive does not affect its
behavior until it has expired and become available again.
lease [<vpn-name>/]<ip-address> force-available
The force-available command forces the specified lease into the
available state.
lease [<vpn-name>/]<ip-address> macaddr
The macaddr command provides the MAC address associated with
the specified lease.
lease [<vpn-name>/]<ip-address> get-scope-name
The get-scope-name command provides the scope to which the
lease belongs.
Examples
Status
See Also
session current-vpn
Attributes
address ipaddr
binding-end-time date
binding-start-time date
Within the DHCP lease database, shows the time at which a
lease binding began.
client-binary-client-id blob
client-dns-name string
Displays the client DNS name, which the DHCP server attempted
(possibly successfully) to enter into the DNS server for
a specified client.
This attribute is related to the client-host-name, but may not be
identical due to name collisions in the DNS server database.
client-domain-name string
Displays the domain (if any) to which the client DNS name belongs.
client-duid blob
client-host-name string
Displays the DNS name that the client requested the DHCP server
to place in the DNS server.
client-last-transaction-time date
Displays the time when the client most recently contacted the
DHCP server.
client-mac-addr macaddr
Displays the MAC address which the client presented to the DHCP
server.
client-os-type string
client-override-client-id blob
client-vendor-class option
client-vendor-info option
expiration date
failover-expiration-time date
fwd-dns-update-config-name nameref(0)
giaddr ipaddr
If present, the contents of the last received non-zero giaddr
field. This represents the relay agent through which the client
and server last communicated.
lease-renewal-time date
limitation-id blob
parameter-request-list option
relay-agent-auth blob
relay-agent-circuit-id blob
relay-agent-device-class int
relay-agent-option option
relay-agent-radius-class string
relay-agent-radius-options blob
relay-agent-radius-pool-name string
relay-agent-radius-session-timeout int
relay-agent-radius-user string
relay-agent-radius-v6-pool-name string
relay-agent-radius-vendor-specific blob
relay-agent-remote-id blob
relay-agent-server-id-override ipaddr
relay-agent-subscriber-id string
relay-agent-v-i-vendor-class blob
relay-agent-vpn-id blob
reservation-lookup-key blob
Specifies the lookup key of the lease reservation for this lease.
reservation-lookup-key-type int
reservation-relay-agent-option option
rev-dns-update-config-name nameref(0)
scope-name nameref(0)
start-time-of-state date
state-expiration-time date
Identifies the time that we believe that the client's lease period,
grace period, or release grace period will expire. A failover
partner cannot, on its own, act on this time until the
failover-expiration-time has also expired.
user-defined-data string
vendor-class-id string
vendor-specific-information blob
Displays the identifier of the DHCP VPN that contains this lease.
lease-notification
lease-notification - Reports scopes with few free leases
Synopsis
lease-notification available=<number>|<percentage>
[config=config file>]
[leasing-only]
[scopes=<scope name>|<address range>
[,<scope name>|<address range>,...]]
[[recipients=<recipient>[,<recipient>,...]]
[mail-host=<name> [errors-to=<recipient>]] ]
[vpn=<vpn-name>]
Description
available
Specifies either a number or percentage of available addresses.
If the number or percentage of available addresses is equal to
or less than the specified value for the scopes being checked,
Network Registrar generates a report listing information about
the scopes that reach or exceed the available value.
config
Specifies a configuration file. If you don't specify a configur-
ation file, Network Registrar searches for the default .nrconfig
file.
errors-to
If you specify a mail-host, you may also specify the email
address of the sender of the email in order to provide a return
path for bounced email. The default value is "postmaster".
leasing-only
Specifies that only scopes that can currently offer leases
are reported.
mail-host
On NT, you must specify a mail-host. On Solaris the mail
host is generally already configured for the sendmail program.
You can verify that your Solaris system is properly configured
by issuing the command "date | mail <your-email-address>" and
observing whether or not the date is emailed to you.
recipients
If you specify the email addresses of one or more recipients,
Network Registrar sends an email report to those addresses.
Otherwise, Network Registrar directs the report to standard
output.
scopes
The scopes to check either by name or as a range or ranges of
addresses. Network Registrar checks any scope containing any
address that falls with in a range of address. If you don't
list any scopes or addresses, Network Registrar checks all
scopes managed by the specified cluster.
vpn
The VPN from which to select scopes to examine when executing
this command. If no VPN name is specified, then the
current VPN of the session is used. If the reserved VPN name
"global" is used, then the global (or unnamed) VPN is used.
If the reserved VPN name "all" is used, then all scopes from
all vpns are examined.
Examples
Status
See Also
report, export addresses, session current-vpn
lease6
lease6 - Manage DHCP lease6 objects
Synopsis
Description
The lease6 command lets you view and manipulate the current DHCPv6
leases in the cluster.
When you specify the lease on which one of these commands is to
operate, you may optionally specify a <vpn-name> in which the
<ipv6-address> is to be found. Specify the name of a currently
defined vpn as the <vpn-name>; or use the reserved vpn name
"global" (without the quotation marks) to specify the operation
on leases which are not in any explicitly defined VPN. If you do not
specify a vpn-name, the current VPN of the session is used.
lease6 list [-duid=<client-id>]
[-lookup-key=<lookup-key> [-blob|-string]]
[-macaddr=<mac-addr>] [-cm-macaddr=<mac-addr>]
[-vpn=<vpn-name>] [-count-only]
The list command lists DHCPv6 leases in the DHCP server. Only
the leases in the current VPN or specified vpn-name are listed.
The vpn-name may be "all" (without the quotation marks) to
request leases in all VPNs. If -count-only is specified, only
the count of the number of leases is returned (no leases are
displayed). If a filter (-duid, -lookup-key, -macaddr, or
-cm-macaddr) is specified, only the leases matching the filter
are displayed.
lease6 [<vpn-name>/]<ipv6-address> activate
lease6 [<vpn-name>/]<ipv6-address> deactivate
The activate and deactivate commands tell the DHCP server to make
the specified lease active or inactive. An inactive lease is not
given out, even if it is in the available state. Making a currently
leased lease inactive will not affect its behavior until it has
expired and become available again.
lease6 [<vpn-name>/]<ipv6-address> force-available
The force-available command forces the specified lease into the
available state.
lease6 [<vpn-name>/]<ipv6-address> reconfigure
The reconfigure command initiates sending the client a Reconfigure
message (if the client and server negotiated to allow reconfigure).
Examples
Status
See Also
session
Attributes
binding-end-time date
Within the lease database, this holds the time when a lease binding
ended.
binding-flags flags(virtual-binding=9)
binding-iaid int
binding-rebinding-time date
Displays the earliest time when the server requested the client
to issue a Rebind request for the binding.
binding-renewal-time date
Displays the earliest time when the server requested the client
to issue a Renew request for the binding.
binding-start-time date
Within the lease database, holds the time when a lease binding
began.
Specifies the type of binding for the lease. The type number matches
the DHCPv6 option number.
client-active-leases int
client-class-name nameref(0)
Displays the most recently derived class name for the client.
client-id blob
client-last-transaction-time date
Provides the lookup key for the client - it is either the client
identifier (DUID) or the v6-override-client-id expression.
client-lookup-key-type int
client-oro option6
client-reconfigure-key blob
client-reconfigure-key-generation-time date
client-relay-address ip6addr
client-relay-message msg6
client-user-defined-data string
client-vendor-class nlist(obj(0))
Displays the most recently received client vendor class data. Each
group of data bytes starts with the 4-byte enterprise-number
followed by the vendor-class-data bytes (if any).
client-vendor-info nlist(obj(0))
cm-mac-address macaddr
Specifies the cable modem MAC address for this lease, if applicable.
creation-time date
Records the original source of the lease data and the machine
from which the data was retrieved.
0 unknown
4 main-main
20 main-main-active
28 main-main-history
Indicates the data originated on the main server and
was retrieved from the main server.
5 backup-main
21 backup-main-active
29 backup-main-history
Indicates the data originated on the backup server and
was retrieved from the main server.
6 main-backup
22 main-backup-active
30 main-backup-history
Indicates the data originated on the main server and
was retrieved from the backup server.
7 backup-backup
23 backup-backup-active
31 backup-backup-history
Indicates the data originated on the backup server and
was retrieved from the backup.
The suffix -active denotes the data was returned from
the active portion of the lease-state database while
-history indicates that the data was from the history
portion of the lease-state database.
When viewing leases with the UIs, you will see all four
values routinely, especially if load-balancing is enabled.
When looking at lease history records, main-main and
backup-backup are the usual values, but in cases where the
lease history poller has determined that some data may be
missing, then main-backup and backup-main can appear as
well.
dns-update-flags flags(forward-uptodate=1, reverse-uptodate=2, update-pending=3, add-pending=4, delete-pending=5, synthesized-name=6, using-requested-fqdn=7)
The dns update flags maintained for the lease / fqdn binding.
excluded-prefix ip6
failover-expiration-time date
Specifies the lifetime that this server has acked to the failover
partner. Usually, this server must wait for this time to have
expired before it can act on the state-expiration-time.
forward-dnsupdate nameref(0)
fqdn dname
ip6address ip6
name-number int
preferred-lifetime date
Sets the time at which the address or prefix that was last
communicated to the client is no longer preferred.
prefix-name nameref(0)
reservation-cm-mac-address macaddr
reservation-lookup-key blob
Specifies the lookup key of the lease reservation for this lease.
reservation-lookup-key-type int
reverse-dnsupdate nameref(0)
start-time-of-state date
Sets the time when the state last changed to its current value.
state enumint(available=1, offered=2, leased=3, expired=4, unavailable=5, released=6, other-available=7, pending-available=8, revoked=10, pending-delete=11)
state-expiration-time date
valid-lifetime date
Sets the time at which the address or prefix that was last
communicated to the client is no longer valid.
license
license - Views and updates license information
Synopsis
Description
Examples
Status
See Also
The "Network Registrar CLI Introduction" section describes how licenses are used in nrcmd.
link
link - configures IPv6 network links for use in DHCPv6
Note: dhcp-link is a synonym for compatibility with earlier
versions.
Synopsis
link list
link listnames
link listbrief
link <name> create [[template-root-prefix=<prefix>]
template=<template-name>]
[attribute>=<value> ...]
link <name> delete
link <name> set <attribute>=<value> [<attribute>==<value> ...]
link <name> get <attribute>
link <name> unset <attribute>
link <name> enable <attribute>
link <name> disable <attribute>
link <name> [show]
link <name> listPrefixes
link <name> listPrefixNames
link listGroups
link listGroupNames
link listGroup <group-name>
link <name> applyTemplate <template-name> [<template-root-prefix>]
link <name> push <cluster/failover-pair-list>
[-template=<prefix-template-name>] [-omitparents]
[-omitchildren] [-report]
link <name> reclaim [<cluster/failover-pair-list>] [-force] [-report]
Description
The link command configures IPv6 network links. Links group IPv6
prefixes (see the prefix command) together. Links are required if
multiple prefixes share the same physical link.
When creating a link using a template, specify - for the <name> to
allow the link template's link-name-expr to name the link.
The listGroups, listGroupNames, and listGroup operations are
helpful when using link groups to examine the configuration.
The push and reclaim commands are only available when connected
to a regional cluster. For push, usually only a single cluster
or failover-pair may be specified, and for reclaim no cluster
or failover-pair. However, a list of clusters / failover-pairs
may be specified if the link is a universal link.
Examples
Status
See Also
link-template, prefix
Attributes
description string
embedded-policy obj(0)
free-address-config nameref(0)
group-name string
Specifies the link group to which this link belongs. When servicing
client requests, the prefixes under the links in the link group may
be used by clients.
local-cluster oid
owner nameref(0)
prefix-list nlist(obj(0))
region nameref(0)
template-root-prefix prefix
link-policy
link-policy - Edits a DHCP policy embedded in a link.
Note: dhcp-link-policy is a synonym for compatibility with earlier
versions.
Synopsis
Description
Status
See Also
policy, client-policy, client-class-policy,
dhcp-address-block-policy, link-template-policy,
prefix-policy, prefix-template-policy, scope-policy,
scope-template-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
link-template
link-template - Configures a link template
Synopsis
link-template list
link-template listnames
link-template listbrief
link-template <name> create [<attribute>=<value>...]
link-template <name> delete
link-template <name> set <attribute>=<value> [<attribute>=<value> ...]
link-template <name> get <attribute>
link-template <name> unset <attribute>
link-template <name> disable <attribute>
link-template <name> enable <attribute>
link-template <name> show
link-template <name> create clone=<clone-name>
link-template <name> apply-to all | <link1>[,...]
link-template <name> apply-to <link> [<prefix>]
link-template < <name> | all > pull < ensure | replace | exact >
<cluster-name> [-report-only | -report]
link-template < <name> | all > push < ensure | replace | exact >
<cluster-list> [-report-only | -report]
link-template <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
link
Attributes
description string
embedded-policy obj(0)
free-address-config nameref(0)
group-name string
Specifies the link group to which this link belongs. When servicing
client requests, the prefixes under the links in the link group may
be used by clients.
link-description-expr expr
link-name-expr expr
options-expr expr
owner nameref(0)
prefix-expr expr
region nameref(0)
link-template-policy
link-template-policy - Edits a DHCP policy embedded in a link-
template
Synopsis
Description
Examples
Status
See Also
policy, client-policy, client-class-policy,
dhcp-address-block-policy, link-policy, prefix-policy,
prefix-template-policy, scope-policy, scope-
template-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
option
option - Configures option definitions
Synopsis
Description
Examples
Status
See Also
Attributes
number int
option-definition-set-name nameref(0)
option-desc objref(0)
sub-options nlist(obj(0))
value blob
option-set
option-set - Configure option definition sets
Synopsis
option-set list
option-set listnames
option-set <name> create <8-bit | 16-bit>
vendor-option-string=<string>
[vendor-option-regex=<string>]
[<attribute>=<value>]
option-set <name> create <8-bit | 16-bit>
vendor-option-enterprise-id=<integer>
[<attribute>=<value>]
option-set <name> delete
option-set <name> [show]
option-set <name> list
option-set <name> listnames
option-set <name> get <attribute>
option-set <name> set <attribute>=<value>
[<attribute>=<value> ...]
option-set <name> unset <attribute>
option-set <name> enable <attribute>
option-set <name> disable <attribute>
option-set < <name> | all > pull < ensure | replace | exact >
<cluster-list> [-report-only | -report]
option-set < <name> | all > push < ensure | replace | exact >
<cluster-list> [-report-only | -report]
option-set <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
owner
owner - Configures owners
Synopsis
Description
Status
See Also
Attributes
contact string
name string
organization nameref(0)
prefix
prefix - Configures IPv6 network prefixes for use in DHCPv6
Note: dhcp-prefix is a synonym for compatibility with earlier
versions of Network Registrar.
Synopsis
prefix list
prefix listnames
prefix listbrief
prefix <name> create <address> [template=<template-name>]
[<attribute>=<value>]
prefix <name> delete
prefix <name> set <attribute>=<value> [<attribute>=<value> ...]
prefix <name> get <attribute>
prefix <name> unset <attribute>
prefix <name> enable <attribute>
prefix <name> disable <attribute>
prefix <name> [show]
prefix <name> listLeases
prefix <name> addReservation <address> <lookup key>
prefix <name> removeReservation <address>
prefix <name> listReservations
prefix <name> applyTemplate <template-name>
prefix <name> getUtilization
prefix <name> push <cluster/failover-pair-list> [-template=<template-name>]
[-omitparents] [-omitchildren] [-report]
prefix <name> reclaim [<cluster/failover-pair-list>] [-force]
[-omitchildren] [-report-only | -report]
Description
Examples
Status
See Also
link, prefix-template
Attributes
address prefix required,immutable
allocation-group string
embedded-policy obj(0)
expiration-time date
Sets the time and date on which a prefix expires. After this date
and time, the server neither grants new leases nor renews existing
leases from this prefix.
Once the expiration-time has passed, the prefix is no longer used
(though old leases and leases with grace or affinity periods
continue to exist until those periods elapse).
Enter this as a date in the format "[weekday] mon day
hh:mm[:ss] year". For example, "Dec 31 23:59 2006".
free-address-config nameref(0)
link nameref(0)
local-cluster oid
owner nameref(0)
policy nameref(0)
range prefix
region nameref(0)
reverse-zone-prefix-length rangeint(0-124)
selection-tags nlist(obj(0))
prefix-policy
prefix-policy - Edits a DHCP policy embedded in a prefix
Note: dhcp-prefix-policy is a synonym for compatibility with earlier
versions of Network Registrar.
Synopsis
Description
Examples
Status
See Also
policy, client-policy, client-class-policy,
dhcp-address-block-policy, link-policy, link-template-policy,
prefix-template-policy, scope-policy,
scope-template-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
prefix-template
prefix-template - Configures a prefix template.
Synopsis
prefix-template list
prefix-template listnames
prefix-template listbrief
prefix-template <name> create [<attribute>=<value> ...]
prefix-template <name> delete
prefix-template <name> set <attribute>=<value> [<attribute>=<value> ...]
prefix-template <name> get <attribute>
prefix-template <name> unset <attribute>
prefix-template <name> disable <attribute>
prefix-template <name> enable <attribute>
prefix-template <name> show
prefix-template <name> create clone=<clone-name>
prefix-template <name> apply-to <<b>all | <prefix1>[,...]>
prefix-template < <name> | all > pull < ensure | replace | exact >
<cluster-name> [-report-only | -report]
prefix-template < <name> | all > push < ensure | replace | exact >
<cluster-list> [-report-only | -report]
prefix-template <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
prefix
Attributes
allocation-algorithms flags(client-request=1, reservation=2, extension=3, interface-identifier=4, random=5, best-fit=6)
default = reservation,extension,random,best-fit
description string
embedded-policy obj(0)
expiration-time date
Sets the time and date on which a prefix expires. After this date
and time, the server neither grants new leases nor renews existing
leases from this prefix.
Once the expiration-time has passed, the prefix is no longer used
(though old leases and leases with grace or affinity periods
continue to exist until those periods elapse).
Enter this as a date in the format "[weekday] mon day
hh:mm[:ss] year". For example, "Dec 31 23:59 2006".
free-address-config nameref(0)
options-expr expr
owner nameref(0)
policy nameref(0)
prefix-description-expr expr
prefix-name-expr expr
range-expr expr
region nameref(0)
reverse-zone-prefix-length rangeint(0-124)
selection-tags nlist(obj(0))
prefix-template-policy
prefix-template-policy - Edits a DHCP policy embedded in a prefix-
template
Synopsis
Description
Examples
Status
See Also
policy, client-policy, client-class-policy,
dhcp-address-block-policy, link-policy, link-template-policy,
prefix-policy, prefix-policy, scope-
policy,
scope-template-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
policy
policy - Specifies DHCP policy information
Synopsis
Description
Examples
Status
See Also
option-set, option
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
region
region - Configures a named geographic region
Synopsis
Description
Examples
Status
See Also
Attributes
contact string
name string
The unique tag name for this region. Typically a short name
referring to this region.
report
report - Creates a summary report of address usage
Synopsis
report [column-separator=<string>]
[dhcp-only]
[dhcpv4 [-network]]
[dhcpv6 [-network]]
[file=<output file>]
[vpn=<vpn-name>]
Description
Examples
report
report file=myreport.txt
Status
See Also
export addresses, lease-notification, session current-vpn
Report Keywords
column-separator
Specifies the character string you want used between the
columns in the report. The default is a single space. If
you specify more than one space, you must use a backslash
(\) to allow the extra spaces, and if you enter the spaces
on the command line, use quotation marks.
dhcp-only
Provided for command-syntax compatibility with prior versions,
specifies a summary of the DHCP server information.
This is the only option available for the report command,
and is no longer required to run the command.
dhcpv4
Displays ipv4 utilization.
dhcpv6
Display ipv6 utilization.
file
Specifies the filename to which the report command writes
the output. If you do not specify a filename, the report
command writes to 'standard out'.
vpn
The VPN address space from which to select scopes to examine
when executing this command. If no vpn-name is specified,
then the session's current-vpn is used. If the reserved
vpn-name "global" is used, then the global (or unnamed)
VPN address space is used. The reserved vpn-name "all" is not
allowed for this command, because the report command has no
mechanism to distinguish identical IP addresses in different
VPNs.
reservation
reservation - Configures DHCPv4 reservations
Synopsis
Description
Examples
Status
See Also
Attributes
client-class nameref(0)
cm-mac-address macaddr
device-name string
include-tags nlist(obj(0))
lookup-key blob
Specifies the sequence of bytes that is the key for this reservation
object. The type for this key is set in the lookup-key-type attribute.
The string representation of this key is defined by its associated
lookup-key-type parse and unparse methods. For example, a mac address
key would be converted from a string to raw form with the
AT_MACADDR parse() method, and converted from raw form to a string
by the AT_MACADDR unparse() method.
lookup-key-type int
scope nameref(0)
reservation6
reservation6 - Configures DHCPv6 reservations
Synopsis
Description
Examples
Status
See Also
Attributes
client-class nameref(0)
cm-mac-address macaddr
description string
device-name string
include-tags nlist(obj(0))
Specifies the sequence of bytes that is the key for this reservation
object. The type for this key is set in the lookup-key-type attribute.
The string representation of this key is defined by its associated
lookup-key-type parse and unparse methods. For example, a blob
key would be converted from a string of colon-separated hex digits
to raw form with the AT_BLOB parse() method, and converted from raw
form to a string by the AT_BLOB unparse() method.
prefix nameref(0)
resource
resource - configures resources limits and allows for viewing and
resetting resources
Synopsis
Description
Examples
Status
See Also
Attributes
ccm-memory-critical-level filesz
Specifies the critical level for the CCM server's memory usage in
bytes. If the CCM server's virtual memory size exceeds this value, a
critical notification is triggered.
If not specified, the default-memory-critical-level attribute value is
used.
ccm-memory-warning-level filesz
Specifies the warning level for the CCM server's memory usage in
bytes. If the CCM server's virtual memory size exceeds this value, a
warning notification is triggered.
If not specified, the default-memory-warning-level attribute value is
used.
cdns-memory-critical-level filesz
Specifies the critical level for the Caching DNS server's memory usage
in bytes. If the DNS server's virtual memory size exceeds this value,
a critical notification is triggered.
If not specified, the default-memory-critical-level attribute value is
used.
cdns-memory-warning-level filesz
Specifies the warning level for the Caching DNS server's memory usage
in bytes. If the DNS server's virtual memory size exceeds this value,
a warning notification is triggered.
If not specified, the default-memory-warning-level attribute value is
used.
cnrservagt-memory-critical-level filesz
Specifies the critical level multiplier for the data volume's free
space. If the data volume free space falls below this number of times
the last shadow backup size, a critical notification is triggered.
Specifies the warning level multiplier for the data volume's free
space. If the data volume free space falls below this number of times
the last shadow backup size, a warning notification is triggered.
dhcp-memory-critical-level filesz
Specifies the critical level for the DHCP server's memory usage in
bytes. If the DHCP server's virtual memory size exceeds this value, a
critical notification is triggered.
If not specified, the default-memory-critical-level attribute value is
used.
dhcp-memory-warning-level filesz
Specifies the warning level for the DHCP server's memory usage in
bytes. If the DHCP server's virtual memory size exceeds this value,
a warning notification is triggered.
If not specified, the default-memory-warning-level attribute value is
used.
dns-memory-critical-level filesz
Specifies the critical level for the Authoritative DNS server's memory
usage in bytes. If the DNS server's virtual memory size exceeds this
value, a critical notification is triggered.
If not specified, the default-memory-critical-level attribute value is
used.
dns-memory-warning-level filesz
Specifies the warning level for the Authoritative DNS server's memory
usage in bytes. If the DNS server's virtual memory size exceeds this
value, a warning notification is triggered.
If not specified, the default-memory-warning-level attribute value is
used.
Specifies the critical level for the number of DHCP leases. If the
DHCP server's DHCPv4 configured plus DHCPv6 allocated leases exceeds
this value, a critical notification is triggered.
Specifies the warning level for the number of DHCP leases. If the DHCP
server's DHCPv4 configured plus DHCPv6 allocated leases exceeds this
value, a warning notification is triggered.
Specifies the critical level for the number of resource records (RRs)
in the authoritative DNS server. If the DNS server's RR count exceeds
this value, a critical notification is triggered.
Specifies the warning level for the number of resource records (RRs)
in the authoritative DNS server. If the DNS server's RR count exceeds
this value, a warning notification is triggered.
Specifies the critical level for the nightly backup's elapsed time. If
the nightly backup takes longer than this time, a critical
notification is triggered.
snmp-memory-critical-level filesz
Specifies the critical level for the SNMP server's memory usage in
bytes. If the SNMP server's virtual memory size exceeds this value, a
critical notification is triggered.
If not specified, the default-memory-critical-level attribute value is
used.
snmp-memory-warning-level filesz
Specifies the warning level for the SNMP server's memory usage in
bytes. If the SNMP server's virtual memory size exceeds this value, a
warning notification is triggered.
If not specified, the default-memory-warning-level attribute value is
used.
tftp-memory-critical-level filesz
Specifies the critical level for the TFTP server's memory usage in
bytes. If the TFTP server's virtual memory size exceeds this value, a
critical notification is triggered.
If not specified, the default-memory-critical-level attribute value is
used.
tftp-memory-warning-level filesz
Specifies the warning level for the TFTP server's memory usage in
bytes. If the TFTP server's virtual memory size exceeds this value, a
warning notification is triggered.
If not specified, the default-memory-warning-level attribute value is
used.
tomcat-memory-critical-level filesz
Specifies the critical level for the Tomcat server's memory usage in
bytes. If the Tomcat server's virtual memory size exceeds this value,
a critical notification is triggered.
If not specified, the default-memory-critical-level attribute value is
used.
tomcat-memory-warning-level filesz
Specifies the warning level for the Tomcat server's memory usage in
bytes. If the Tomcat server's virtual memory size exceeds this value,
a warning notification is triggered.
If not specified, the default-memory-warning-level attribute value is
used.
role
role - Configures a role
Synopsis
Description
Examples
Status
See Also
group, admin
Attributes
all-sub-roles bool default = true
groups nlist(obj(0))
Lists the groups with which this role is associated. Any member of
a listed group can perform the operations that the role allows.
Specifies the base role for this object. The base role defines
operations, such as modifying a zone, that are allowed and
the further constraints on these operations. For example,
a constrained role could limit the list of zones to a specific
list of Owners.
sub-roles nlist(obj(0))
router
router - Configures a router
Synopsis
Description
Examples
Status
See Also
router-interface
Attributes
address ipaddr unique
description string
Describes this router.
owner oid
region oid
router-interface
router-interface - Configures an interface on a router
Synopsis
Description
Examples
Status
See Also
router
Attributes
bundle-id int
cable-helper nlist(obj(0))
description string
ip-helper nlist(obj(0))
ip6-relay-destinations nlist(obj(0))
ip6address ip6net
mac-address macaddr
parent oid(0)
primary-subnet net
secondary-subnets nlist(obj(0))
router-login-template
router-login-template - Configures login-templates for routers
Synopsis
Description
Examples
Status
See Also
router, router-interface
Attributes
enable-password-prompt string
The string that is used as the enable password prompt by the router.
The string that is used as the prompt by the router in enable mode.
password-prompt string
The string that is used as the user password prompt by the router.
username-prompt string
router-type
router-type - Displays the available router types
Synopsis
router-type list
router-type listnames
Description
The router-type command displays the available router types.
Note: This command is now obsolete, but is still available when
connected to clusters running earlier releases.
Examples
Status
See Also
router
Attributes
description string
manufacturer string
router-os-version string
save
save - Saves the current changes to the cluster
Synopsis
save
Description
The save command saves the current configuration changes to the database.
Examples
Status
See Also
scope
scope - Specifies the scope's properties
Synopsis
scope list
scope listnames
scope listbrief
scope <name> create <address> <mask> [template=<template-name>]
[<attribute>=<value>...]
scope <name> delete
scope <name> set <attribute>=<value> [<attribute>=<value> ...]
scope <name> get <attribute>
scope <name> unset <attribute>
scope <name> disable <attribute>
scope <name> enable <attribute>
scope <name> show
scope <name> listLeases
scope <name> addRange <start> <end>
scope <name> removeRange <start> <end>
scope <name> listRanges
scope <name> addReservation <ipaddr> (<macaddr>|<lookup-key>)
[-mac|-blob|-string]
scope <name> removeReservation (<ipaddr>|<macaddr>|<lookup-key>)
[-mac|-blob|-string]
scope <name> listReservations
scope <name> clearUnavailable
scope <name> getUtilization
scope <name> applyTemplate <template-name>
scope report-staged-edits
Description
Examples
Status
See Also
scope-template
Attributes
allocate-first-available bool default = false
backup-pct percent
deactivated bool
description string
Controls whether the DHCP server accepts DHCP requests for this
scope. Disable DHCP if you want a scope to use BOOTP exclusively
or you want to deactivate the scope temporarily.
dns-host-bytes rangeint(1-4)
Tells DHCP how many bytes in a lease IP address to use when forming
in-addr.arpa names. The server forms names in the in-addr zone by
prepending dns-host-bytes of IP address (in reverse order) to the
reverse zone name. If unset, the server synthesizes an appropriate
value based on the scope's subnet size.
embedded-policy obj(0)
failover-backup-allocation-boundary ipaddr
free-address-config nameref(0)
ping-clients bool
ping-timeout int
Sets the number of milliseconds the DHCP server waits for ping
responses. If you make this value too large, you slow down
the lease offering processes. If you make this value too small,
you reduce the effectiveness of pinging addresses before
offering them. 300 milliseconds (the default value) is often the
best choice.
Only used if 'ping-clients' is enabled either for this scope or for
the DHCP server.
If not specified for the scope, the DHCP server's 'ping-timeout'
is used as the default.
Identifies the name of the policy associated with this scope. Default
is the default policy. This means that the scope uses all the
properties set in the default policy (including the lease time),
unless you specifically reset a property.
primary-subnet subnet
renew-only bool
selection-tag-list nlist(obj(0))
Displays the identifier of the DHCP VPN that contains the addresses
in this scope. Define this value with the vpn vpn-name create id
command. Once set, you cannot change this value.
scope-policy
scope-policy - Adds DHCP policy information to a scope
Synopsis
Examples
Status
See Also
policy, client-policy, client-class-policy,
dhcp-address-block-policy, link-policy, link-template-policy,
prefix-policy, prefix-template-policy,
scope-template-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
limitation-count int
longest-prefix-length rangeint(0-128)
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
v4-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
scope-template
scope-template - Configures a scope template
Synopsis
scope-template list
scope-template listnames
scope-template listbrief
scope-template <name> create [<attribute>=<value> ...]
scope-template <name> delete
scope-template <name> set <attribute>=<value> [<attribute>=<value> ...]
scope-template <name> get <attribute>
scope-template <name> unset <attribute>
scope-template <name> disable <attribute>
scope-template <name> enable <attribute>
scope-template <name> show
scope-template <name> create clone=<clone-name>
scope-template <name> apply-to <all | <scope1>[,...]>
scope-template < <name> | all > pull < ensure | replace | exact >
<cluster-name> [-report-only | -report]
scope-template < <name> | all > push < ensure | replace | exact >
<cluster-list> [-report-only | -report]
scope-template <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
scope
Attributes
allocate-first-available bool
allocation-priority int
backup-pct percent
bootp bool
deactivated bool
description string
dhcp bool
dns-host-bytes rangeint(1-4)
This value tells DHCP how many of the bytes in a lease IP address to
use when forming in-addr.arpa names. The server forms names in the
in-addr zone by prepending dns-host-bytes of IP address (in reverse
order) to the reverse zone name.
If this is unset, the server will synthesize an appropriate value
based on the scope subnet size.
dynamic-bootp bool
embedded-policy obj(0)
free-address-config nameref(0)
grace-period time
The length of time between the expiration of a lease and the time
it is made available for re-assignment. This attribute is set in
the scope embedded policy.
ignore-declines bool
offer-timeout time
options-expr expr
ping-clients bool
ping-timeout int
The number of milliseconds the DHCP server should wait for ping
responses. If you make this value too large, you will slow down the
lease offering processes. If you make this value too small, you will
reduce the effectiveness of pinging addresses before offering them.
policy nameref(0) default = default
ranges-expr expr
renew-only bool
Defines the address offset for the giaddr address on the subnet.
It is used to create the router interface address, which is an
AT_IPNET address that combines the giaddr and scope subnet,
when Push Subnet is used to create both a scope and a router
interface from the scope template.
scope-description-expr expr
scope-name expr
selection-tag-list nlist(obj(0))
update-dns-for-bootp bool
scope-template-policy
scope-template-policy - Edits a DHCP policy embedded in a scope-
template
Synopsis
Description
Examples
Status
See Also
policy, client-policy, client-class-policy,
dhcp-address-block-policy, link-policy, link-template-policy,
prefix-policy, prefix-template-policy,
scope-policy
Attributes
affinity-period time
Enables DHCP clients to perform DNS updates into two DNS zones.
To support these clients, you can configure the DHCP server to
allow the client to perform an update, but also to perform a DNS
update on the client's behalf.
Gives the server control over the lease period. Although a client
can request a specific lease time, the server need not honor the
request if this attribute is set to false (the default).
Even if set to true, clients can request only lease times that are
shorter than those configured for the server.
excluded-prefix prefix
forward-dnsupdate nameref(0)
forward-zone-name dname
Causes the server to reject all renewal requests, forcing the client
to obtain a different address any time it contacts the DHCP server.
limitation-count int
longest-prefix-length rangeint(0-128)
For prefix delegation, specifies the longest prefix length allowed
for delegated prefixes. If the requesting router (client) requests a
prefix length that is longer than this, this length is used.
The default is the value of the default-prefix-length.
This prefix length must always be greater than or equal to the prefix
length of the prefix range.
max-client-lease-time rangetime(60s-2y)
Specifies the maximum client lease time that the server is allowed to
send to the client. If the calculated lease time is greater than this
value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server, including when
it expects the client to renew (T1).
The renewal (T1) and rebinding (T2) times given to the client will be
based on the lease time actually sent to the client and may further be
limited by the max-client-renewal-time and max-client-rebinding-time
attributes.
max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-lease-time as T2 must be less than or equal to the lease
time.
max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
max-client-rebinding-time or max-client-lease-time as T1 must be less
than or equal to T2 (and the lease time).
max-leases-per-binding rangeint(0-65535)
Specifies the maximum number of leases that a client may use per
binding from an allocation group. This applies to DHCPv6 only.
Explicit or implicit allocation groups only limit new server
initiated allocations to a binding. They do not limit the overall
leases a client may use. Leases may have been assigned because of
differences in the configuration, reservations, communication with
the failover partner, client requests, or from using extensions to
alter lease acceptability (lease acceptability extensions can
still override the limits as well). This attribute can be used to
limit the number of leases.
The server only applies a configured limit for client Solicit,
Request, Renew, and Rebind requests and the server will prefer the
leases that were most recently provided to the client. However,
when leases have the same time, the result will be random as to
which lease(s) will be revoked.
packet-file-name string
packet-server-name string
packet-siaddr ipaddr
reverse-dnsupdate nameref(0)
server-lease-time time
Tells the server how long a lease is valid. For more frequent
communication with a client, you might have the server consider
leases as leased for a longer period than the client considers them.
This also provides more lease-time stability. This value is not used
unless it is longer than the lease time in the dhcp-lease-time option
found through the normal traversal of policies.
shortest-prefix-length rangeint(0-128)
Permits the server to make a lease unavailable for the time specified
and then to return the lease to available state. If there is no value
configured in the system_default_policy, then the default is
86400 seconds (or 24 hours).
v4-bootp-reply-options nlist(obj(0))
Lists the options the server returns to all DHCPv4 clients, whether
or not the client specifically asks for the option data.
v6-max-client-preferred-lifetime rangetime(60s-2y)
v6-max-client-rebinding-time rangetime(30s-2y)
Specifies the maximum client rebinding time (T2) that the server is
allowed to send to the client. If the rebinding time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-preferred-lifetime as T2 must be less than or equal to
the preferred lifetime.
v6-max-client-renewal-time rangetime(30s-2y)
Specifies the maximum client renewal time (T1) that the server is
allowed to send to the client. If the renewal time is greater than
this value, the client is sent this value.
This attribute limits the time sent to the client, it does not impact
any of the lease time calculations made by the server.
The actual value sent to the client may be further limited by the
v6-max-client-rebinding-time or v6-max-client-preferred-lifetime as
T1 must be less than or equal to T2 (and the preferred lifetime).
v6-max-client-valid-lifetime rangetime(60s-2y)
v6-reply-options nlist(obj(0))
v6-rsoo-allowed-options nlist(obj(0))
view-id int
Designates the optional view associated with zones used for DNS
update that overrides the view-id configuration in forward
(reverse) DNS Update configuration object.
server
server - Configures and controls the server objects
Synopsis
The server keyword is optional. You can enter all commands starting
with just the server type (<server>).
server <server> disable <attribute>
server <server> enable <attribute>
server <server> get <attribute>
server <server> start
server <server> stop
server <server> reload
server <server> getHealth
server <server> getStats
server <server> setDebug <category-list>=<value>
server <server> unsetDebug
server <server> getDebug
server <server> serverLogs show
server <server> serverLogs nlogs=<nlogs> logsize=<logsize>
Description
Examples
See Also
ccm(nrcmd), cdns(nrcmd), dhcp(nrcmd), dns(nrcmd), snmp(nrcmd),
tftp(nrcmd), nrcmd documentation
session
session - Configures nrcmd program session parameters
Synopsis
Description
The session command lets you view and set session parameters,
such as the session visibility and the default output
format of your nrcmd program session. If -save is specified
when changing a parameter that can be saved, and you are
connected to a cluster that supports this feature, the setting
is saved in your user preferences. Future nrcmd sessions to
that cluster will use the saved settings.
The listNetInterfaces command returns a list of the network
interfaces that are present on the machine running
Network Registrar. Both IPv4 and IPv6 interfaces are included.
The listProcesses command returns a list of the Network
Registrar processes running on the cluster, provided
statistics history is enabled.
The log command closes the currently open log file, if any,
and opens a new log file to which subsequent output is written
if a filename is specified.
The session listbrief commands are used to manage the user's
custom definitions of formats for subsequent listbrief
operations for that object class or nrcmd command. The default
formats, and details on the format specifications, can be found
in the conf/nrcmd-listbrief-defaults.conf file. System-wide
definitions can be added to the conf/nrcmd-listbrief-custom.conf
file. The user's definitions are saved across sessions.
session listbrief show
Displays the user's customized definitions.
session listbrief show <class>|<command>
Displays the definition for the object class or command
(whether user or system defined).
session listbrief show all
Displays all definitions.
session listbrief set <class>|<command>
Resets the display format to the default for the class
or command.
Features
Examples
Status
See Also
snmp
snmp - Configures and controls the SNMP server
Synopsis
Description
Examples
Status
See Also
server
Attributes
cache-ttl time default = 60s
Controls how long CNR data can be cached by the SNMP server as it
responds to SNMP GETs.
trap-source-addr ipaddr
trap-source-ip6address ip6addr
snmp-interface
snmp-interface - Configures the SNMP server's network interfaces
Synopsis
Description
Examples
Status
See Also
Attributes
address subnet
The IP address and subnet mask of an interface that the SNMP server
should use.
ip6address prefix
The IPv6 address and prefix length of an interface that the SNMP
server should use.
subnet
subnet - Describes a contiguous range of IP address space
in the address-space model
Synopsis
Description
Examples
Status
See Also
address-block
Attributes
address subnet required,immutable
dns-host-bytes rangeint(1-4)
failoverpair oid
forward-zone-name dname
interface oid
owner oid
parent oid
primary-subnet subnet
region oid
reverse-zone-name dname
type nameref(0)
Specifies the VPN that contains the subnet address for this
subnet.
sync-from-dns
sync-from-dns - Synchronizes CCM from DNS
Synopsis
sync-from-dns
Description
Examples
Status
See Also
session
tenant
tenant - Configures a tenant
Synopsis
Description
Examples
Status
See Also
Attributes
description string
name string
tftp
tftp - Configures and controls the TFTP server
Synopsis
Description
The tftp command lets you configure the TFTP server in the cluster.
The serverLogs show command displays the number of log files and the
maximum size for each file.
The serverLogs command allows you to set the two server logging
parameters,nlogs and logsize. You can set one parameter or both.
Changes occur only to the one or ones specified. When setting
logsize, you can add the suffix K or M signify units of thousands or
millions. Note that in order for these changes to take effect you must
save the changes and restart the server Agent.
tftp serverLogs nlogs=6 logsize=500K
tftp serverLogs logsize=5M
The getStats command displays the requested TFTP server statistics.
Examples
Status
See Also
server(nrcmd)
Attributes
active-directory-domain string
default-device string
Specifies the name of the default disk device the TFTP server will
use when none is specified in the pathname contained in the TFTP
request. This property is specifically to be used on NT to
specify a default drive letter.
file-cache-directory string
home-directory string
initial-packet-timeout-ms int
Specifies the level of verbosity the TFTP server will employ when
writing log messages to the TFTP server log file. Each integer
value from 0 through 4 enables the following log levels: None,
Error, Warning, Information and Activity.
Specifies the maximum file size limit that the TFTP server will
enforce for a file written to the TFTP server. Default units is in
kilobytes. Use k, m or g to indicate kilobytes, megabytes or
gigabytes.
Specifies the minimum socket buffer size the TFTP server will use
for the well known port on which it is listening for TFTP requests.
packet-trace-level rangeint(0-4) default = 0
Specifies the level of verbosity the TFTP server will employ when
writing messages to the server trace file. Each integer value
from 1 through 4 enables increasing levels of tracing. Setting
packet trace level to 0 disables tracing.
Specifies the UDP port number the TFTP server will use to listen
for TFTP requests.
Specifies how the TFTP server should respond to file read requests
from TFTP clients. If this feature is disabled, the TFTP server
will refuse file read requests.
search-list string
Specifies a comma separated list of paths the TFTP server will use
to resolve TFTP requests. If use-home-directory-as-root is
enabled, the paths in the search list are ignored and the home
directory is used to resolve all TFTP requests.
Specifies how the TFTP server should respond to file write requests
from TFTP clients. If this feature is disabled, the TFTP server
will refuse file write requests.
tftp-interface
tftp-interface - Configures the network interfaces of the TFTP
server
Synopsis
Description
Examples
Status
See Also
Attributes
address subnet
The IP address and subnet mask of an interface that the TFTP server
should use.
ip6address prefix
trap-recipient
trap-recipient - Configures destinations for SNMP trap messages
Synopsis
Description
Examples
Status
See Also
dhcp, dns, addr-trap
Attributes
agent-addr ipaddr
community string
ip-addr ipaddr
ip6address ip6addr
update-policy
update-policy - Configures DNS update policies.
Synopsis
Description
Examples
Status
See Also
Attributes
name string required,unique
rules nlist(obj(0))
Lists rules that make up the update policy. Each rule has the
following syntax:
action: Can be grant or deny.
grant - will allow an update if the rest of the rule
matches.
deny - will deny an update if the rest of the rule
matches.
acl-list: A list of one or more ip addresses, network addresses,
keys and/or named acl references. Note key names must be
prefixed with "key " (i.e. "key key.example" ).
keyword: Can be name, subdomain or wildcard.
name - used to specify a specific RR.
subdomain - used to specify a subdomain name.
wildcard - used to specify a name with wildcard
characters.
value: The name, sudomain or wildcard value associated with the
specified keyword. Note that all values specified are
relative to the zone in which they are applied.
Therefore it is not necessary to add the zone name to
the end of the value.
The supported wildcard characters are:
* Will match zero or more characters. For example,
the pattern dhcp-* matches all strings with the
dhcp- prefix including the string dhcp-.
? Will match a single character. For example, the
pattern zone?.com matches zone1.com, zone2.com,
etc but does not match zone.com
[...] Will match any characters listed within the
brackets. For example, you can provide a range
such as 0-9 or a-z. If the pattern also includes
the - character, make it the first character in
the list (i.e. dhcp[-a-z]*)
rr-types: A comma delimited list of RR types for this rule. Each RR
type can also be negated using the exclamation point
(i.e. !A,!TXT). You can also specify all types the an
asterisk (*).
vpn
vpn - Defines a logical VPN within which other DHCP objects
may be configured
Note: The namespace command is a synonym for compatibility
with earlier versions of Network Registrar.
Synopsis
Description
Examples
Status
See Also
Attributes
addr-blocks-default-selection-tags nlist(obj(0))
Specifies the default selection tag (or list of tags) that will
be associated with incoming subnet-allocation requests in this
vpn that do not contain any subnet name data. No
default.
addr-blocks-use-client-affinity bool
addr-blocks-use-lan-segments bool
addr-blocks-use-selection-tags bool
description string
id int required,unique,immutable
The VPN's name within the CNR management system. Independent from,
but could be the same as the vrf-name.
vpn-id vpnid
The vpn-id in RFC 2685 format (i.e, 7 octets),
using a syntax similar to that used by IOS to enter the
same information. The syntax is 3 hex octets, a colon,
and 4 hex octets. For example 010203:04050607 would
be the way to enter the following hex octets:
01:02:03:04:05:06:07 into this property.
vrf-name string
zone
zone - configures a DNS zone
Synopsis
Description
The zone command lets you create and edit DNS zones.
The name of the zone may be an IPv4 subnet (<address>/<length>),
IPv6 prefix (<address>/<length>), prefix name (the prefix
address is used), or view qualified DNS name (<view_name>/<DNS name>
or simple DNS name.
zone <name> create from <src_view_name> [-omitRRs]
This command copies a zone from one DNS View to another, including
all its associated RRs unless the -omitRRs option is specified.
zone <name> addHost <host name> <address> [<alias> ...]
zone <name> removeHost <host name>
zone <name> showHost <host name>
zone <name> listHosts
The addHost command adds a host with a given name, address
and optional aliases to the zone.
The removeHost command removes a host from the zone.
The showHost command shows the specified host in the zone.
The listHosts command lists the hosts in the zone.
zone <name> addRR [-sync] [-unprotected]
<rr-name> [<ttl>] [IN] <type> <data> [<attribute>=<value> ...]
zone <name> addDNSRR
<rr-name> [<ttl>] <type> <data> [<attribute>=<value> ...]
zone <name> removeRR <rr-name> [<type> [<data>]]
zone <name> removeDNSRR <rr-name> [<type> [<data>]]
zone <name> modifyRR <rr-name> <type> [<data>]
<attribute>=<value> [<attribute>=<value> ...]
zone <name> findRR [-namePrefix <namePrefix>]
[-rrTypes <rrTypeList>] [-protected | -unprotected]
zone <name> listRR [-protected | -unprotected | -all]
The addRR command adds a resource record to a zone.
If the resource record defines a new nameset, it will be created as
a protected name, unless the -unprotected flag is set.
If the new resource record is added to an existing nameset,
the protection state will remain unchanged.
Optional attributes such as order and weight can also be set on the
new resource record. To set extra attributes, the data section must
be enclosed in quotes when it contains an '=' character. Embedded
quotes must also be escaped (i.e.: \") if this is the case.
When connected to server versions prior to 8.2, attempts to add a
protected record to an unprotected name will fail.
The removeRR command removes all specified resource
records. Resource records may be specified by name, by name
and type, or by name, type, and data (the data is specified in
BIND-style format.) When connected to server versions prior to 8.2,
the removeRR command can only be used to remove protected records.
The modifyRR command sets the specified attributes for the matching
resource record. For example:
nrcmd> zone example.com. modifyRR a1 A 10.10.1.1 rdata=10.10.10.10 ttl=3600
Resource records are specified by name and type, or by name,
type, and data if there are multiple entries for the given type.
The data section must be enclosed in quotes when it
contains an '=' character and embedded quotes must also be
escaped (i.e.: \") if this is the case.
The addDNSRR command creates an unprotected resource record. The
name, type, and data must be specified. If the new resource record
is added to an existing protected nameset, the protection state
will be ignored and the nameset will remain protected.
Optional attributes such as order and weight can also be set on
the new resource record. To set extra attributes, the data section
must be enclosed in quotes when it contains an '=' character.
When connected to server versions prior to 8.2, attempts to add a
unprotected record to a protected name will fail.
The removeDNSRR command removes all specified resource records.
Resource records may be specified by name, by name+type, or
name+type+data. The changes take effect immediately; no server
reload is necessary. When connected to server versions prior to
8.2, the removeDNSRR command can only be used to remove
unprotected records. Also, if the DNS server is not running, the
command will fail.
The findRR command displays the resource records matching a
name prefix, a list of resource record types, and whether
protected or not (or either).
The listRR command lists the resource records in the zone.
RRs can be filtered using option -protected/-unprotected/-all.
Default behaviour is to list both protected and unprotected RRs
of the zone.
The arguments to commands that accept full or partial resource
records use the same format as BIND files, with one difference
for rr-names. BIND specifies that rr-names that do not end in a
dot have the zone name appended. NRCMD will not append the zone
name when the rr-name already ends in the zone name because
that would produce an rr-name with the zone name repeated
twice. In cases where the rr-name should repeat the zone name
twice at the end, you must specify this explicitly, though the
terminal dot can be omitted. It is recommended to use fully
qualified rr-names that include the terminal dot to avoid any
confusion.
zone <name> protect-name|unprotect-name> <rr-name>
The protect-name/unprotect-name command sets the protection
status of the resource records for the name. Protected names
cannot be updated using DNS update requests.
Examples
See Also
zone-template
Attributes
defttl rangetime(0-68y5w3h14m7s) default = 24h
Controls the default TTL value used for resource records in this
zone that do not specify a TTL.
description string
dist-map objref(0)
ds-rr string
Specifies the DS RR for this zone using the current Key Signing Key.
This record must be published in the parent zone for this zone.
Specifies the TTL value that Caching DNS servers should use for
caching negative responses.
notify-list nlist(obj(0))
ns dname required
nsttl dnsttl
owner objref(0)
Names the owner of this zone. Use the owner field to group
similarly owned zones and to limit administrative access.
region objref(0)
scvg-max-records rangeint(1-10000)
scvg-refresh-interval rangetime(60m-1y)
soattl dnsttl
Specifies the access control list for DNS updates to the zone,
given as an address match element list. The access control list
is not applied to administrative edits managed through the CCM server.
Note that if set, the DNS server global 'update-acl' value will
override the default value.
update-policy-list nlist(obj(0))
zone-dist
zone-dist - Configures zone distributions
Synopsis
The zone-dist command lets you define and manage zone distribution
configurations.
On local clusters, the zone-dist sync command synchronizes staged
edits to the DNS server and synchronizes primary zones to
secondaries. Regardless of the mode selected, the exact list of
authoritative zones (primary and secondary) is synchronized with
the DNS server.
On the regional cluster, the zone-dist sync command synchronizes
primary zones from the regional configuration to the primary
local cluster, and synchronizes primary zones to secondaries.
Primary zones on the local cluster are replaced in Update or
Complete mode. In Exact mode, extra primary zones found on the
local cluster are deleted.
Secondary servers use the same synchronization logic at both
local and regional clusters. In Update mode, synchronization
ensures only that corresponding secondary zones exist on the
server. In Complete mode, any existing zones are updated to
use the master servers list specified by the distribution map.
In Exact mode, any zones not matching the distribution map
are deleted.
Use the [no-rrs] and [primary-only] flags to skip portions of
the synchronization logic. While using these flags might improve
the performance of the command, use them only when you are
certain there are no changes pending. For example, if primary
zones are current with the DNS server, you can use the [no-rrs]
flag to synchronize your secondary zones.
On local clusters, RRs are always synchronized to the local DNS
server if changes are pending, and thus the [no-rrs] flag is
ignored.
Caching server commands help in configuring CDNS server. It
provides propagation of view list and creation of exception to
the CDNS server.
Examples
Status
See Also
cluster
Attributes
master-servers nlist(obj(0))
notify-list nlist(obj(0))
primary oid(0)
restrict-query-acl amelist
restrict-xfer-acl amelist
zone-template
zone-template - Configures a zone template
Synopsis
zone-template list
zone-template listnames
zone-template listbrief
zone-template <name> create [<attribute>=<value> ...]
zone-template <name> delete
zone-template <name> set <attribute>=<value> [<attribute>=<value> ...]
zone-template <name> get <attribute>
zone-template <name> unset <attribute>
zone-template <name> disable <attribute>
zone-template <name> enable <attribute>
zone-template <name> show
zone-template <name> create clone=<clone-name>
zone-template <name> apply-to [all | <[view1/]zone1>[,...]
zone-template < <name> | all > pull < ensure | replace | exact >
<cluster-name> [-report-only | -report]
zone-template < <name> | all > push < ensure | replace | exact >
<cluster-list> [-report-only | -report]
zone-template <name> reclaim <cluster-list> [-report-only | -report]
Description
Examples
Status
See Also
zone
Attributes
defttl rangetime(0-68y5w3h14m7s)
dist-map oid
expire rangetime(1s-68y5w3h14m7s)
Specifies the TTL value that Caching DNS servers should use for
caching negative responses.
nameservers nlist(obj(0))
notify enumbyt
notify-list nlist(obj(0))
ns string
nsttl dnsttl
owner objref(0)
Identifies the owner of this zone. Use the owner field to group
similarly owned zones and to limit administrative access.
person string
push-notifications bool
refresh rangetime(1s-68y5w3h14m7s)
region objref(0)
The region associated with this object. This region field is used
to group similarly located zones and can be
used to limit administrative access.
restrict-query-acl amelist
Specifies the zone access control list (ACL) used to restrict
the queries that the DNS server for this zone accepts. This list
can contain host IPs, network addresses, TSIG keys, and (global)
ACLs. Only queries from clients defined in the ACL are accepted.
restrict-xfer bool
restrict-xfer-acl amelist
retry rangetime(1s-68y5w3h14m7s)
round-robin bool
scvg-enabled bool
scvg-interval rangetime(60m-1y)
scvg-max-records rangeint(1-10000)
scvg-refresh-interval rangetime(60m-1y)
serial rangeint(1--1)
Sets the starting serial number of the zone. A DNS server uses
a serial number to indicate database changes. Increments to this
number trigger zone transfers to a secondary server.
soattl dnsttl
update-acl amelist
update-policy-list nlist(obj(0))
view-id int
Specifies the view identifier for this zone.
Cisco Prime
Network Registrar CLI Reference Guide
Connecting to Network
Registrar
A Network Registrar
cluster consists of:
The data
manager, the MCD server, which controls access to persistent
datastores that contain configuration and state
information for the
DNS, DHCP, and TFTP servers.
The server
agent, AIC Server Agent, which starts and stops the protocol
servers, and provides a standard control interface
to
them.
The DNS, DHCP, and TFTP protocol
servers.
Performing
Authentication
Choosing
Scripting Techniques
Using nrcmd
Batch Files
% nrcmd -b <
scope.txt
The advantage to
using batch files is that you can execute multiple configuration
commands while only incurring the connection
cost once. However, if
a command fails (such as the initial scope creation in the previous
example), the batch file continues even
though subsequent commands
are now useless.
Command
Syntax
nrcmd -C cluster -N name -P password "client MAC create client-class-name= name "
Adding Program
Control
A more
sophisticated method for automatically configuring and controlling
Network Registrar is to have a program or script start a
nrcmd session and communicate with the session through
standard input and output.
To control
nrcmd from another program, you need to start
nrcmd from the controlling program and
redirect standard input and
output from nrcmd
to file handles in the controlling program. The controlling program
can then write commands to the input file
handle and read results
from the output file handle.
When running in
batch mode, nrcmd reads a line of input at a
time and prints a new line after the prompt. This provides an
easily
parsed sequence of lines in response to any command
where:
The syntax is
status-line result-lines prompt-line
The status-line has the format [0-9]{3} .*.
There may be
zero or more result-lines of any
format.
The prompt-line is nrcmd>
.
Network
Registrar Error Codes
Import and
Export File Formats
Status Returns
The
nrcmd program returns status information on the first line of
information written to the standard output stream. If there is more
data, nrcmd
displays this information on additional lines.
Value Description
300-499 Error
For anything other than an error, Network
Registrar assumes that the requested operation was completed; however, some
warning
messages signal a condition that must be corrected. Unless a fatal
error occurs, the command line interface will keep running in
interactive mode.
Fatal errors imply that something serious happened and that you must restart
the Network Registrar command
line processor.
Number Description
100 OK
101 OK, with warnings
313 No match
316 Invalid
field1|field2|field3|...
width=19 border=0>Domain
name (optional)
Client ID (optional)
VPN (optional)
All contents are Copyright © 1992--2017 Cisco Systems, Inc. All rights
reserved.
Cisco Prime
Network Registrar CLI Reference Guide
AT_AMELST (amelist)
A list of DNS Address Match elements. For example: '10.10.0.0/16, lab-acl'. The usage follows BIND conventions. See the BIND 9
documentation for acl and address_match_element.
AT_ARRAY (array)
A sequence of strings. This attribute type is deprecated in favor of the more general AT_NLIST type for lists of all other types.
AT_ATTRTYPE (attrtype)
A CNR attribute type, stored as an integer.
AT_BITARRAY (bitarray)
A bit-array, stored as an AT_BLOB of a fixed size.
AT_BLOB (blob)
A sequence of unsigned octets. For example: '02:00:0a:00'.
AT_BOOL (bool)
An 8-bit boolean value with only 0 and 1 as the legal values.
AT_BYTE (byte)
An unsigned 8 bit integer value.
AT_CALCBIT (calcbit)
A specialized type used to in representing certain DHCP options, such as option-81, the 'client-fqdn' option.
AT_CALCFLAG (calcflag)
A value whose type is defined by the byte value that precedes it. Example: dhcp-v4 option-122, suboption-3. The extra-value field contains a
map between the flag-byte and the AT_xxx type to use for parse/unparse.
AT_CIS (cis)
A string that has case-insensitive comparison properties.
AT_CLEARTEXT (clrtxt)
A string attribute that contains the clear text of sensitive information, such as a password.
AT_CONTAINER6 (container6)
A sequence of octects representing a DHCPv6 option that has encapsulated options.
AT_DATE (date)
A 32-bit integer value representing a point in time to 1 second resolution. Format is 'Month Date hh:mm:ss Year'. For example: 'Jun 05
00:00:00 1980'.
AT_DICT (dict)
Deprecated
AT_DNSNAME (dname)
A fully qualified DNS name, encoded in DNS wire format with counted labels.
AT_DNSTTL (dnsttl)
A a signed integer with the semantics of a DNS ttl; only -1 is allowed as a negative number, with the special meaning 'use the zone default'.
AT_ENUMBYTE (enumbyt)
An 8-bit integer with a fixed set of valid values that have an associated string name.
AT_ENUMINT (enumint)
A 32-bit integer with a fixed set of valid values that have an associated string name.
AT_ENUMSHORT (enumshort)
A 16-bit integer with a fixed set of valid values that have an associated string name.
AT_ENUMSTR (enumstr)
A string with a fixed set of valid values.
AT_ESTRING (estr)
Deprecated.
AT_EXPR (expr)
An embedded expression with LISP-style syntax. For example: '(concat prefix var suffix)'. This expression is evaluated based on the context to
produce a typed value.
AT_FILESIZE (filesz)
An unsigned 64-bit integer representing the byte size.
AT_FILTER (filter)
Deprecated.
AT_FLAGSINT (flags)
A 32-bit integer with distinguished names associated with each bit position.
AT_GENADDR (genaddr)
Deprecated.
AT_IFNAME (ifname)
Deprecated.
AT_INT (int)
An unsigned 32-bit integer.
AT_INT100 (int100)
An unsigned 32-bit integer number of 1/100's value. This is used for storing percentages in integer form.
AT_INT64 (int64)
An unsigned 64-bit integer.
AT_INT8 (decimal-byte)
A one-octet value with the same semantics as AT_INT.
AT_INTI (inti)
An unsigned 32-bit integer in Intel byte order.
AT_IP6 (ip6)
A 17-octet sequence representing an IPv6 address or prefix. It consists of 16 octets of address followed by an octet of 255, or 16 octets of
prefix (with bits beyond the prefix-length being 0) followed by an octet of the prefix-length (0-128).
AT_IP6ADDR (ip6addr)
A 128-bit IPv6 address.
AT_IP6NET (ip6net)
A 17-octet sequence representing an IPv6 address or address with prefix-length. It consists of 16 octets of address followed by an octet of 255
(for address) or the prefix-length (0-128).
AT_IPADDR (ipaddr)
A 32-bit IPv4 address.
AT_IPKEY (ipkey)
An IP address that can be associated with a port number and/or a required TSIG key name.
<address>
<address>:<port>
<address>:<port>-<key>
<address>-<key>
AT_IPNET (net)
An IPv4 address and a count of the bits that comprise the network number.
AT_IPPAIR (ippair)
A pair of IPv4 addresses, stored in 8 octets.
AT_KEY (key)
A sequence of bytes holding a shared-secret key that has a base-64 string representation.
AT_LISTREF (listref)
Deprecated.
AT_MACADDR (macaddr)
A MAC address, most frequently a 6 byte ethernet address with type 1, but more generally an arbitrary 1 byte type id, a 1 byte length and then
'length' address bytes.For example: '1,6,aa:bb:cc:dd:ee:ff'.
AT_MASK (mask)
An AT_IPADDR that is in the form of an IP address mask (its binary sequence matches 1*0*).
AT_MESSAGE (dhcpmsg)
A DHCP message type.
AT_MSDATE (msdate)
A 64-bit value that represents a specific point in time to millisecond resolution.
AT_MSG6 (msg6)
A sequence of octects representing a DHCPv6 message in wire format.
AT_MSTIME (mstime)
A 64-bit integer value that represents a span of time to millisecond resolution.
AT_MULTI (multi)
A type that may contain data of multiple data types.
AT_NAMEREF (nameref)
A string that refers to another object by name.
AT_NDICT (ndict)
Deprecated.
AT_NLIST (nlist)
A list of elements of some other type. This is the preferred type for storing lists.
AT_NODE (dhcpnode)
Deprecated.
AT_NOLEN (no length)
A DHCP option code with no length or value. For example: PAD or END.
AT_NSTRING (nstr)
A string that is stored as a counted sequence, and is not necessarily null-terminated.
AT_OBJ (obj)
A CNR object of any schema class.
AT_OBJREF (objref)
A reference to a specific class of object by OID. It is similar to an AT_OID, but adds the additional expectation that the referenced object has
the specified class and does exist in the database.
AT_OID (oid)
An 8-byte object id. The AT_OID type differs from the AT_OBJREF in that it does not imply that the OID can be resolved to any specific type of
object.
AT_OPTION (option)
A sequence of octects representing a DHCPv4 option value in wire format.
AT_OPTION6 (option6)
A sequence of octects representing a DHCPv6 option value in wire format.
AT_OPTIONID4 (optionid4)
A DHCPv4 option number, stored as a four-octet integer.
AT_OPTIONID6 (optionid6)
A DHCPv6 option number, stored as a four-octet integer.
AT_OVERLOAD (overld)
A type representing the DHCP option-overload option as a single octet.
AT_PACK (pack)
An AT_BLOB that has some kind of structure associated with it.
AT_PAD (dhcppad)
The DHCP PAD option, a single zero octet.
AT_PCV (pcv)
A 32 bit product compatibility version number. The components of this number are (from high to low): major: 8 bits, minor: 8 bits, revision: 16
bits.
AT_PERCENT (percent)
An integer bounded to the range 0-100, with a normal ascii output form that ends with a '%'. The value is stored as a single byte.
AT_PREFIX (prefix)
A 17-byte sequence representing an IPv6 prefix. It consists of 16 bytes of prefix (with bits beyond the prefix-length being 0) followed by 1-byte
of prefix-length (0-128). This is like AT_SUBNET for IPv6.
AT_PRIORITY (priority)
A positive number where the precedence order is 1-n, followed by 0.
AT_RANGE (range)
A 64-bit value containing a pair of 32-bit integers defining a range of integer values. This differs from the bounded integer and bounded time
types.
AT_RANGEBYTE (rangebyte)
An AT_BYTE value that is restricted to a range of valid values.
AT_RANGEINT (rangeint)
An AT_INT value that is restricted to a range of valid values.
AT_RANGESHORT (rangeshort)
An AT_SHORT value that is restricted to a range of valid values.
AT_RANGETIME (rangetime)
An AT_TIME value that has an associated range of valid values.
AT_RDNSNAME (rdname)
A relative DNS name, encoded in DNS wire format with counted labels.
AT_REQUEST (dhcpreq)
A DHCP REQUESTED_OPTIONS option, which the DHCP client uses to request option data by option number.
AT_RETCODE (retcode)
A status code or return code.
AT_ROF_FQDN (rel or full fqdn)
A relative or fully qualified dns name.
AT_RR (rr pack)
DNS RR encoded in DNS wire format.
AT_RULE (rule)
A rule string, used in a DNS update-policy.
AT_SBYTE (sbyte)
A signed 8 bit integer value.
AT_SECRET (secret)
An OID object reference to a Secret object that stores the actual secret.
AT_SET (set)
Deprecated.
AT_SHORT (short)
An unsigned 16-bit integer.
AT_SHORTPAIR (shortpair)
A 32-bit value holding a pair of 16-bit unsigned integers that are restricted to a range of valid values.
AT_SHRTI (shorti)
An unsigned 16 bit integer in Intel byte order.
AT_SINT (sint)
A signed 32-bit integer.
AT_SINT64 (sint64)
A signed 64-bit integer.
AT_SINT8 (s-decimal-byte)
A one-octet value with the same semantics as AT_SHORT.
AT_SINTI (sinti)
A signed 32-bit integer in Intel byte order.
AT_SSHORT (sshort)
A signed 16-bit integer.
AT_SSHRTI (sshorti)
A signed 16 bit integer in Intel byte order.
AT_STIME (stime)
A signed version of the AT_TIME type that allows negative time spans. The main use of this type is for time-zone offsets that may be positive
or negative.
AT_STRING (string)
A null-terminated sequence of ASCII bytes.
AT_STRUCT (struct)
Deprecated.
AT_SUBNET (subnet)
An IPv4 address and a count of the bits that comprise the network number. The address component will have its host bits set to 0. A similar
type, AT_IPNET does not assume or require the host bits to be 0.
AT_TAG (tag)
A case-insensitive, restricted character set string.
AT_TEXPR (texpr)
A typed expression; its structure and representation is the same as an AT_EXPR but the extra value of the attribute contains the expected type
of the value produced by evaluating this expression.
AT_TIME (time)
An unsigned integer number of seconds. It differs from the AT_DATE type in that it encodes a span or duration of time rather than an exact
point in time. Format is 'HH:MM:SS'.
AT_TLV (tlv)
A generic type-length-value tuple, in which the 'type' and 'length' are each one octet long.
AT_TLV2 (tlv2)
A generic type-length-value tuple, in which the 'type' and 'length' are each two octets long.
AT_TLV4 (tlv4)
A generic type-length-value tuple, in which the 'type' and 'length' are each four octets long.
AT_TYPECNT (type-cnt)
This is a special-purpose type used in configuring DHCP options used by PXE clients. It holds a repeating pattern of tuples, each consisting of
a two-octet type, a length byte, and 'length' bytes of data.
AT_VENDOR_CLASS (vendor-class)
An AT_BLOB representing a DHCP vendor-class option. An enterprise ID is followed by opaque data. (If DHCPv4, the enterprise ID is followed
by an EID length.)
AT_VENDOR_NOLEN (vendor-nolen)
An AT_BLOB representing a DHCP vendor-class option. An enterprise ID is followed by tuples of vendor-specific data. The enterprise ID is
never followed by an ID-length.
AT_VENDOR_OPTS (vendor-opts)
An AT_BLOB representing DHCP vendor-specific options data. An enterprise-id that is followed by TLVs of vendor-specific data. If DHCPv4,
the enterprise ID is followed by an EID length.
AT_VERSION (version)
A two-component 32 bit number, with 16 bits of major version and 16 bits of minor version.
AT_VPNID (vpnid)
A 7-byte standard VPN ID, as defined in RFC 2685.
AT_VPREFIX (prefix-var)
A 1 to 17-octet sequence representing an IPv6 prefix.See RFC 7227, section 5.3.
AT_ZEROSIZE (zero-size)
A sequence of bytes representing certain DHCP options that have an option code and a length, where the length is always zero.