Acquire a resource identity from a resource identity pool.
Synopsis
acquire resource id [-poolid <Resource identity pool ID>] [-name <Name>] [-id <ID>]
Description
Acquire a resource identity from a resource identity pool. If resource identity ID or name is not provided, the next available resource identity in a pool identified by a pool ID is acquired. Resource identity can be identified either by ID or combination of name and resource identity pool ID. If resource identity ID is specified, name and resource pool ID are ignored.
-poolid - ID of the resource identity pool to acquire a resource identity from.
This command can modify passwords on a specific device or device group, or merely update what the system knows of a device's or network's password information. The -ip option provides information specific to the device. Otherwise, the command adds a network-wide password rule to the system. When using this command to modify passwords on a device, the modification operation is actually a scheduled task.
-loc - The location to which password information should be written. Valid values for this argument are "db", "device", and "group". "db" tells the command that password information should be changed only in the system's database. "device" tells the command that the password changes should be made on the device as well and "group" performs the same function as "device" but across all devices in the group.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: The device to which this password information should apply.
-host - A valid hostname: An existing device to which this password information should apply.
-fqdn - A valid Fully Qualified Domain Name: An existing device to which this password information should apply.
-deviceid - A device ID
-snmpro - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read only community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read only community strings to be, either set on the device, or appended to an existing list of read only community strings (depends on whether or not the -appendsnmpro flag was supplied.)
-snmprw - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read write community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read write community strings to be, either set on the device, or appended to an existing list of read write community strings (depends on whether or not the -appendsnmprw flag was supplied.)
-snmpv3user - When used in conjunction with -loc db, this argument is taken as the username for snmpv3 access.
-snmpv3authpw - When used in conjunction with -loc db, this argument is taken as the authentication password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3authpw with no password value and respond to the command prompt.
-snmpv3encryptpw - When used in conjunction with -loc db, this argument is taken as the encryption password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3encryptpw with no password value and respond to the command prompt.
-user - Username.
-passwd - Password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-connectionmethods - The methods used by the system to connect to devices. Can be telnet, serial_direct, or SSH.
-accessvariables - To override variables in the script, such as prompts.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Use this option only if the argument to the -loc flag is "device".
-appendsnmpro - Supply this option if read only community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-appendsnmprw - Supply this option if read write community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-sync - Indicates that the command should return only after the password change task is complete. Do not use this option with -start.
-group - The group name for performing this command across all devices in a group.
-site - The site partition this rule will be applied to. Default to be global
-rule - the rule name to be added
-rulehostname - Hostname, the rule applies to
-ruledevicegroup - Device group name, the rule applies to
-iprangestart - IP start range, the rule applies to
-iprangeend - IP end range, the rule applies to
-taskname - Task Name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.Do not use this option with -sync.
-apikey - This argument is taken as the API key for device access. To enter the API key without displaying it on the command line, use -apikey with no value and respond to the command prompt.
Return Type
String
Examples
add authentication -loc db -ip 192.0.2.10 -passwd fish -snmpro public -enablepasswd 31337
add authentication -loc db -ip 192.0.2.10 -passwd old -enablepasswd joshua -snmpro public -snmprw public
add authentication -loc device -ip 192.0.2.10 -passwd limited -enablepasswd full
add authentication -loc device -ip 192.0.2.10 -passwd some -enablepasswd all -snmprw brillig,slithy,toves,gire -appendsnmprw -sync
add authentication -loc device -ip 192.0.2.10 -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
add authentication -loc group -group MyDevices -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
add authentication -loc db -rule "rule 1" -rulehostname DALAB-C2600-NAT
-desc - Description for the Change plan being added.
-tag - Change Plan Tag (i.e. user defined subcategory)
-sitename - Site Name of the site the change plan belongs to.
-family - Device family for the new change plan.
-driver - List of applicable drivers - provided as a comma separated list of internal driver names
-changetype - Type of the desired change script - may be command, advanced
-changename - Name of Change Script
-changedescription - Change Script Description
-changescript - Change Script Text
-rollbackscript - RollBack Script Text
-changemode - Change Script mode
-language - Language for the new advanced change script - must be a supported language such as Expect or Perl
-parameters - Command line parameters for the new advanced change script
-conditions - The Change Conditions expressed in XML format. For information on the syntax of the XML, see the "Defining Change Conditions Using XML" chapter of the Administration Guide.
Return Type
STATUS
Examples
add change plan -name "Set Banner If Not Set" -desc "Set Banner if No banner in device" -tag "Troubleshooting Change plans" -family "Cisco IOS" -driver "CiscoIOSGeneric,CiscoIOSSwitch" -sitename "Default Site" -changetype command -changescript "show banner" -changemode "Cisco IOS enable"
add change plan -name cp -desc "Set Banner if No banner in device" -tag "Troubleshooting Change plans" -family "Cisco IOS" -driver "CiscoIOSGeneric,CiscoIOSSwitch" -sitename "Default Site" -changetype advanced -changescript "show banner" -language Perl
-description - Description for the new change plan
-scripttype - Change Plan Tag (i.e. user defined subcategory)
-mode - Change Script mode
-driver - List of applicable drivers - provided as a comma separated list of internal driver names
-script - Script text - may separate commands with '\n'. Commands that require multiple entries before returning to the device prompt can separate each entry with '\\r\\n'.
add device -ip <IP address> [-hostname <Host name>] [-comment <Comment>] [-description <Device name>] [-model <Device model>] [-vendor <Device vendor>] [-domain <Domain name>] [-serial <Serial number>] [-asset <Asset tag>] [-location <Location>] [-status <Status>] [-nopoll <Do not poll>] [-consoleip <Console IP address, if using console server>] [-consoleport <Console Port>] [-tftpserverip <TFTP server IP address, if using NAT>] [-natip <NAT IP address>] [-useconsoleserver <true or false>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>] [-origin <Device Origin>] [-forcesave <true or false>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device will be put in.
-hostname - The device's host name
-comment - Additional information regarding the device.
-description - The descriptive name of the device (informational only).
-model - The device's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-domain - A fully qualified domain name (such as www.google.com).
-serial - The device's serial number.
-asset - The device's asset tag.
-location - The device's location.
-status - 0: Mark this device as managed by the system (Active). 1: Mark this device to be unmanaged by the system(Disable). 3: Mark this device as pre-production.
-nopoll - 0: Mark this device to be polled for changes. 1: Mark this device as not to be polled for changes. 2: Mark this device to be polled for changes only as part of the regular polling task.
-consoleip - a.b.c.d where 0 <= a,b,c,d <= 255
-consoleport - The port number
-tftpserverip - a.b.c.d where 0 <= a,b,c,d <= 255
-natip - a.b.c.d where 0 <= a,b,c,d <= 255
-useconsoleserver - true, if the device uses a console server. false, if the device does not. If this option is not provided, it is assumed that the device does not use a console server.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP, SNMP, snmp_noauthnopriv, snmp_authnopriv_sha512, snmp_authnopriv_sha256, snmp_authnopriv_sha384, snmp_authnopriv_sha224, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha512_des, snmp_authpriv_sha512_3des, snmp_authpriv_sha512_aes, snmp_authpriv_sha512_aes128, snmp_authpriv_sha512_aes192, snmp_authpriv_sha512_aes256, snmp_authpriv_sha256_des, snmp_authpriv_sha256_3des, snmp_authpriv_sha256_aes, snmp_authpriv_sha256_aes128, snmp_authpriv_sha256_aes192, snmp_authpriv_sha256_aes256, snmp_authpriv_sha384_des, snmp_authpriv_sha384_3des, snmp_authpriv_sha384_aes, snmp_authpriv_sha384_aes128, snmp_authpriv_sha384_aes192, snmp_authpriv_sha384_aes256, snmp_authpriv_sha224_des, snmp_authpriv_sha224_3des, snmp_authpriv_sha224_aes, snmp_authpriv_sha224_aes128, snmp_authpriv_sha224_aes192, snmp_authpriv_sha224_aes256, snmp_authpriv_sha_des, snmp_authpriv_sha_3des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes128, snmp_authpriv_sha_aes192, snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_3des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes128, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.If this option is not provided, the system will try all access methods when attempting to connect to the device.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
-origin - The device's origin.
-forcesave - If true, allow duplicated IP address to be added into the system.
add device context -deviceid <Device ID> -contextvariables <Context Variables> [-taskname <Task name>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
For drivers that support it, add a virtual context to a device
-deviceid - The device ID to add a context to
-contextvariables - A comma separated list of driver specific variables and values that are required to create a context on the given device. These variables can be found using the 'list device context variables' command.
-taskname - Task name
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-name - The name of the device group to be added. To add a group to a specific site, prefix the group name with "SITENAME:".
-type - The type of group to be added. The valid values for this option are "static" and "dynamic". The default value is "static".
-comment - Additional information about the device group.
-shared - 1 if the group is shared, 0 if it is not.
-criteria - The search criteria expressed in XML format. This parameter is ignored if the -type parameter is "static". For information on the syntax of the XML, see the "Defining Dynamic Device Groups Using XML" chapter of the Administration Guide.
-searchgroups - The list of groups that must be used along with the search criteria. Multiple values must be separated by a comma. This parameter is ignored if the -type parameter is "static".
-limitsearchgroups - The filter condition to be used in conjunction with the -searchgroups parameter. The valid values are "any", "none", and "all". This parameter is ignored if the -type parameter is "static".
-partitions - The list of partitions to be considered to apply the filter. This parameter is ignored if the -type parameter is "static".
Return Type
STATUS
Examples
add device group -name "border routers" -type dynamic -comment "The group containing all border routers."
add device group -name "Site 2:Edge Routers" -type static
add device template -hostname <Device name> [-driver <Driver name>] [-comment <Comment>] [-description <Description>] [-model <Device model>] [-vendor <Device vendor>] [-location <Location>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>] [-sitename <Site Name>]
Description
-hostname - A valid name
-driver - The driver name in short form
-comment - Additional information regarding the device template.
-description - The descriptive name of the device template (informational only).
-model - The device template's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-location - The device's location.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP, SNMP, snmp_noauthnopriv, snmp_authnopriv_sha512, snmp_authnopriv_sha256, snmp_authnopriv_sha384, snmp_authnopriv_sha224, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha512_des, snmp_authpriv_sha512_3des, snmp_authpriv_sha512_aes, snmp_authpriv_sha512_aes128, snmp_authpriv_sha512_aes192, snmp_authpriv_sha512_aes256, snmp_authpriv_sha256_des, snmp_authpriv_sha256_3des, snmp_authpriv_sha256_aes, snmp_authpriv_sha256_aes128, snmp_authpriv_sha256_aes192, snmp_authpriv_sha256_aes256, snmp_authpriv_sha384_des, snmp_authpriv_sha384_3des, snmp_authpriv_sha384_aes, snmp_authpriv_sha384_aes128, snmp_authpriv_sha384_aes192, snmp_authpriv_sha384_aes256, snmp_authpriv_sha224_des, snmp_authpriv_sha224_3des, snmp_authpriv_sha224_aes, snmp_authpriv_sha224_aes128, snmp_authpriv_sha224_aes192, snmp_authpriv_sha224_aes256, snmp_authpriv_sha_des, snmp_authpriv_sha_3des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes128, snmp_authpriv_sha_aes192, snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_3des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes128, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
-sitename - The Site name in which the template belongs to.
Add an event rule. However, with the Network Automation Software Premium edition license, you cannot add rules for the occurrence of the following events: Policy Added Policy Changed Policy Non-Compliance Policy Pattern Timeout Policy Rule Added Policy Rule Changed Security Alert Software Vulnerability Detected
Add new event rule. It will subscribe provided host to the system events.
-name - The name identifier for event rule
-action - Event rule action, must be one of the following: snmp, syslog, nnmi-integration and nnmi-snmp. Note the old value "integration" is equivalent to "nnmi-integration".
-receiverhost - A valid hostname or ip address
-receiverport - A numeric port, if not provided, then 162 will be used
-events - List of event types, separated by column. If not provided, then ALL will be used
-community - Community string, if not provided, then public will be used
-eventtemplate - Specify the absolute path to the file which contains the event text template. The file must be directly accessible by the system.
-eventtext - Specify the event text
-site - Name of the site the rule will be added to. The rule will be global if site name is null or not specified
Add images to database. Must specify either driver or model
-site - The site the image will be applicable to. The image will be global if site is not specified.
-imageset - The imageset the images will add to.
-images - The images to add. The paths specified by this option must point to files accessible by the management server. Files must be placed on the management server first. To add checksum, append checksum value to the path using a delimeter #, in the format path#checksum
-driver - The driver the images required.
-model - The device model the images required.
-memory - The minimum system memory required (in bytes) for images.
add ip -ipvalue <Value> [-deviceip <Device IP address>] [-comment <Comment>] [-usetoaccess <Use to Access Device>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255, the non-primary IP address of the device.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-comment - Additional information regarding the device.
-usetoaccess - Use this IP Value to access its device, 1 - yes, 0 - no, default - no
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
Return Type
STATUS
Examples
add ip -deviceip 192.0.2.10 -ipvalue 10.10.10.0 -comment "my own ip"
add ip -deviceip 192.0.2.10 -ipvalue 10.10.10.0 -usetoaccess 0
add ip -deviceid 1401 -ipvalue 192.0.2.10 -usetoaccess 0
add parent group -name <Name> -type <Type> [-comment <Comment>]
Description
-name - The name of the parent group to add. It is possible to associate a group with a partition by giving partitionName:groupName. If the group or partition name contains a colon (:), add a slash (\) before the colon to distinguish the group name from name of the partition. For example if a group name has to be associated with a partition named ‘partition1’, then the input has to be "Partition1:Group\:Name"
-type - The type of the parent group to add. "device" is currently the only valid argument to this option.
-comment - Additional information about the parent group.
Return Type
STATUS
Examples
add parent group -name "North America" -type device -comment "Parent group to roll up East, Central and West regions."
Create a resource identity pool associated with a given site.
Synopsis
add resource id pool -name <Name> [-description <Description>] [-site <Site Name>]
Description
Create a resource identity pool associated with a given site.
-name - Name of a resource identity pool to add. The name has to be unique for the site.
-description - Description of resource identity pool to add.
-site - Name of the site the added resource identity pool will be associated with. If the site is not specified, the resource identity pool will be created in the default partition unless the system is partitioned. In such case, the resource identity pool will be created global.
Return Type
VO:ResourceIdentityPoolVO with columns:
createDate
createUserID
description
lastModifiedDate
lastModifiedUserID
name
resourceIdentityPoolID
siteID
Examples
add resource id pool -name VLANs -description "Pool of VLAN names" -site SiteA
-type - Role type must be either MDP (for modify device permission) or VIEW (for view partition permission).
-resources - Comma-separated list of resources to which the user role has access. If resource name contains a comma(,), use the unicode character \\u002c instead of comma(,). For role type MDP, specify device group names. For role type VIEW, specify some or all of the partition names under the specified view name.
-viewname - Required for role type VIEW. The device-specific view for this role.
-desc - Optional description string.
Return Type
STATUS
Examples
add role -name operators -type MDP -resources "Labs,WP-Controllers" -desc "Operators for labs and wp controllers"
An email message (containing the system message) will be the result of an added system messages if the system is configured to send email for added events.
-message - The text of the system message
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
Return Type
STATUS
Examples
add system message -ip 192.0.2.10 -message "Connectivity to the border router has been restored."
add system message -message "This is a test of the emergency broadcast system."
-p - Password. To enter the password without displaying it on the command line, omit -p and respond to the password prompt.
-fn - First name
-ln - Last name
-email - Email address
-aaausername - AAA username for this user.
-aaapassword - AAA password for this user. To enter the password without displaying it on the command line, use -aaapassword with no password value and respond to the password prompt.
-useaaaloginforproxy - Whether to user AAA logins for the Proxy Interface for this user (yes|no).
-extauthfailover - Whether to allow external auth failover for this user (yes|no).
Return Type
STATUS
Examples
add user -u johnd -p fish -fn john -ln doe -email johnd@example.net
add user -u johnd -fn john -ln doe -aaausername johnd -aaapassword -useaaaloginforproxy 0
add vlan [-deviceid <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] -vlanid <Vlan ID> [-vlanname <Vlan Name>] [-addports <Add Port IDs>] [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-sessionlog <true or false>] [-retrycount <Retry count>] [-retryinterval <Retry interval>] [-comment <Snapshop comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-deviceid - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-vlanid - Vlan ID to add
-vlanname - Name for Vlan added
-addports - Ports that need to be added to the Vlan
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
add vlan trunk [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] -portname <Port Name> [-nativevlanid <Native vlan ID>] -addvlanids <Add Vlan IDs> [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-sessionlog <true or false>] [-retrycount <Retry count>] [-retryinterval <Retry interval>] [-comment <Snapshop comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-portname - trunk port name to add
-nativevlanid - specify a native or default vlan id
-addvlanids - vlan ids to add to trunk
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Modify the comments on, or the display name of, a device access record.
Synopsis
annotate access -id <Device access record ID> [-comment <Comment>] [-name <Name>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-id - Specifies a device access record. Think of this as a "device access record ID".
-comment - Additional information regarding the access record.
-name - An optional name for the access record.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
STATUS
Examples
annotate access -id 2 -comment "Device tainted at this point." -name "Intrusion detected"
Assign an auto-remediation change plan. This command is available only with the Network Automation Software Ultimate edition license.
Synopsis
assign auto remediation script -ruleid <Policy Rule ID> -scriptid <Change Plan ID>
Description
It lets users assign an existing change plan to a policy rule. Any change plan in the system can be assigned as long as they comply the syntax of auto-remediation scripting language and rule definition.
-ruleid - Policy Rule ID
-scriptid - Change Plan ID
Return Type
STATUS
Examples
assign auto remediation script -ruleid 1234 -scriptid 5678
Schedules Check Policy Compliance task. This command is available only with the Network Automation Software Ultimate edition license.
Synopsis
check policy compliance [-ip <Device IP>] [-deviceid <Device ID>] [-group <Device Group>] -types <Rule Types> [-start <Task Start Date>] [-rep <Repetition Interval>] [-sync] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-sessionlog <true or false>] [-retryCount <Retry Count>] [-retryInterval <Retry Interval>] [-comment <Comment>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
It schedules a check policy compliance task. Note that: Either a device identified by IP (-ip option) or a device group identified by name (-group option) must be provided, and the task will be scheduled for a device or a group of devices. -types option is mandatory and determines what types of policy rules will be checked. Multiple types must be separated by commas. For example: -types "config,level". The options are: 'config', 'diagnostic', 'software', 'level' (for software level)
-ip - Device IP
-deviceid - Device ID
-group - Device Group
-types - Rule Types (comma saperated list of rule types: config|diagnostic|software|level)
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates that the command should return only after the deploy task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-sessionlog - If true a complete session log will be saved with this task.
-retryCount - The number of times to retry the task if it fails.
-retryInterval - The number of seconds between retries.
-comment - Comment
-priority - Task priority value (1, 2, 3, 4 or 5). Default value is 3. Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Configure a device to send syslog messages to the system's change detection facilites.
Synopsis
configure syslog [-ip <IP address>] [-group <Groupname>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-rep <Task repeat period>] [-sync] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-start <Task start date>] [-comment <Snapshop comment>] [-usesyslogrelay <IP address>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Have the system configure the specified device to send all syslog messages necessary for the system's change detection facilites to function optimally to the system's syslog server. The configuration operation is atually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-group - A valid group name. Do not use this option with -ip (exactly one of -ip or -group must be specified).
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the Configure Syslog task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel- Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-comment - An optional comment about the Configure Syslog task.
-usesyslogrelay - Indicates to the syslog configuration task that the device currently logs to syslog relay host. Supply this option if you wish to set up forwarding on that relay host rather than have the device log directly to the system's syslog server. The specified IP address is taken to be the IP address of the relay host.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.Do not use this option with -sync.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
String
Examples
configure syslog -ip 192.0.2.10
configure syslog -ip 192.0.2.10 -priority 3
configure syslog -ip 192.0.2.10 -usesyslogrelay blanka
Connect to a device through the system's Proxy Interface via telnet, ssh, or rlogin. If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-login - Bypass single sign-on and instead take the user to the device login prompt.
-method - Method used to connect to devices outside of the system or for devices in the system when single sign-on is turned off (implies -login option).
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
-info - Dump connection variable information (can set the info prefix following a colon, like "-info:")
-ignoreptyerrors - Ignore pty errors for SSHv2 connections if "-login" option is on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards. The device id can be specified instead by preceding it with a '#'
- Port to use to connect to devices outside of the system.
-useaaa - Use the AAA credentials of the user to connect to the device.
-username - Device user name to connect the device.
-password - Device password to connect the device.
All the fields on the policy page UI can be passed to the API call. Note that the '-dg' option can take multiple device groups to set the scope of the policy to be created. Device group names must be separated by commas. The '-exceptions' option can take multiple devices by either IP addresses or host names separated by commas. Default value -status option is inactive, therefore, a policy created without -status active will be created as inactive. Created policy will not have any rules in it. create policy rule CLI command or API call must be used to create rule(s) after a policy is created.
-name - Policy Name
-site - Site Name
-tag - Policy Tag
-policydesc - Policy Description
-desc - Detailed Description
-dg - Policy Scope (comma separated device group names)
-exceptions - Policy Exceptions (comma separated host names or IPs)
-status - Policy Status (active|inactive)
-cve - CVE
-aurl - Vendor Advisory URL
-surl - Vendor Solution URL
-ddate - Disclosure Date
-solution - Solution
Return Type
ConfigPolicyVO with columns:
CVE
comments
configPolicyDynamicScopeFilterCriteria
configPolicyID
configPolicyName
createDate
description
disclosureDate
inUse
lastModifiedDate
lastModifiedUserID
scope
siteID
solution
status
tag
ticketNumber
vendorAdvisoryURL
vendorSolutionURL
Examples
create policy -name "test policy" -policydesc "This is a test policy" -desc "only for testing" -dg "Inventory" -exceptions "switch11,10.255.40.11"
Create a policy rule. This command is available only with the Network Automation Software Ultimate edition license.
Synopsis
create policy rule -policyid <Policy ID> -name <Policy Rule Name> -type <Policy Rule Type (configuration|diagnostic|software)> -devicefamily <Device Family (type 'all' to apply to all device families)> [-drivers <Drivers (comma separated internal names of drivers)>] [-importance <Importance (informationa|low|medium|high|critical)>] [-useblock <Define Block Start/End Patterns (true|false)>] [-textblockstartpattern <Text Block Start Regex Pattern, or null to remove existing>] [-textblockendpattern <Text Block End Regex Pattern, or null to remove existing>] [-desc <Rule Description>] [-details <Detailed Description>]
Description
Note that: To apply to all device families, please use '-devicefamily all' option. Device family name is the internal name. If the name provided is not valid, the command will fail and print valid device family names as reference. If user has only provided the device family name ('-devicefamily' option) but not drivers with '-drivers' option, it will be assumed to be all device drivers. If one or more drivers are provided with '-drivers' option, the scope will be set accordingly. Driver names are internal names in NA. If there is one or more invalid driver names provided, the command will fail and print all valid driver names under the given device family. There is a separate command to create exceptions ('create rule exception' command). Auto-remediation scripts can be assigned to a rule using 'assign auto remediation script' command. The rule created will not have any rule conditions in it, and the boolean expression (rule logic) will be empty. There are other commands to create rule conditions and set the rule logic.
-policyid - Policy ID
-name - Policy Rule Name
-type - Policy Rule Type (configuration|diagnostic|software)
-devicefamily - Device Family (type 'all' to apply to all device families)
-drivers - Drivers (comma separated internal names of drivers)
create rule condition -ruleid <Policy Rule ID> -label <Label (A letter A-Z)> -datamodel <Data Model Element Name> -operator <Operator Name> -operand <Operand (text or regex pattern)> [-exceptionoperand <Except Operand (Second operand, for 'must contain only' operator>] [-regex <Regex (true|false)>] [-exactorder <Exact Order (true|false)>]
Description
Note that: Data model element name provided by '-datamodel' option is the internal name. The list of data model names will be printed if the name provided is not valid. The operator name is also internal name. The list of valid operator names for a given data model element will be printed if the operator name provided is not valid. If the the operator is 'must contain only', the '-exceptionoperand' must be provided. Creating a rule condition will not update the rule logic. User must use 'set rule logic' command to update the rule logic boolean expression accordingly.
Note that: If regular expression pattern is not provided ('-pattern' option), the device will be excluded completely; otherwise, only the config text matching the pattern will be excluded. If an expiration date is not provided ('-expirationdate' option), the exception will never expire.
del access [-id <Device Access Record ID.>] [-cutoff <Date>]
Description
This command can delete a single access record when provided that record's id (via. the option "-id"), or all access records prior to a given date (via the option "-cutoff"). Provide exactly one of "-id", "-cutoff". Note that deleting access records will cause all configs associated with the deleted access record to also be deleted.
-id - A device access record ID.
-cutoff - YYYY:MM:DD:HH:mm. All access records prior to this date will be deleted.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: The device for which password information should be deleted.
-host - A valid hostname: The device for which password information should be deleted.
-fqdn - A valid Fully Qualified Domain Name: The device for which password information should be deleted.
-deviceid - A device ID
-loc - The location from which password information should be removed. Valid value for this argument is "db". "db" tells the command that password information should be changed only in the system's database.
-site - Site of rule to be deleted
-rulename - Name of rule to be deleted
Return Type
STATUS
Examples
del authentication -ip 192.0.2.10
del authentication -loc db -site SiteA -rulename arule
del device context -deviceid <Device ID> -contextvariables <Context Variables> [-taskname <Task name>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
For drivers that support it, remove a virtual context from a device
-deviceid - The device ID to remove a context from
-contextvariables - A comma separated list of driver specific variables and values that are required to delete a context on the given device. These variables can be found using the 'list device context variables' command.
-taskname - Task name
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
String
Examples
del device context -deviceid 749 -contextvariables "context_name=foo"
del device data [-id <Config ID>] [-cutoff <Date>]
Description
This command can delete a single device data block when provided that device data id (via. the option "-id"), or all device data prior to a given date (via the option "-cutoff"). Provide exactly one of "-id", "-cutoff".
-id - A config ID
-cutoff - YYYY:MM:DD:HH:mm. All configs prior to this date will be deleted.
del ip -ipvalue <Value> [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255, the non-primary IP address of the device.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Delete the indicated diagnostic or advanced diagnostic. The desired diagnostic can be specified by ID, or by a combination of name and type. If more than one name match occurs, then an error will be reported and you must specify the unique diagnostic desired by ID.
-id - ID of the desired script or diagnostic
-name - Name of the desired script or diagnostic
-type - Type of the desired diagnostic - may be diagnostic or advdiagnostic
Return Type
STATUS
Examples
del script -id 5
del script -name "Edit Port Duplex" -type diagnostic
del sshfingerprint [-input <File name >] [-id <ID>] [-hostname <Host name>] [-hostkeyalgorithm <Host key algorithm>] [-state <State>] [-realmname <Realm name>]
Description
-input - Provide input file for Fingerprints to be deleted. we get input file for deletion by exporting Fingerprints. Specify the file name found in the base directory.Use the forward slash (/) as the directory separator on all operating systems. For information about specifying the base directory, see "Specifying the Base Directory for Import Tasks" in NA Documentation.
-id - A valid fingerprint ID
-hostname - A valid host name
-hostkeyalgorithm - A host key algorithm
-state - state 0-ACCEPTED_AND_NOT_SEEN , 1-ACCEPTED_AND_SEEN, 2-NOT_ACCEPTED_AND_SEEN.
-realmname - Realm name
Return Type
STATUS
Examples
del sshfingerprint -input filename
del sshfingerprint -id 1001
del sshfingerprint -hostname 11.20.30.51 -realmname remoterelam
del sshfingerprint -hostkeyalgorithm ssh-rsa
del sshfingerprint -hostname 13.20.30.51 -realmname remoterelam -state 0
del vlan [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] -vlanid <Vlan ID> [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-sessionlog <true or false>] [-retrycount <Retry count>] [-retryinterval <Retry interval>] [-comment <Snapshop comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-vlanid - Vlan ID to delete
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
del vlan trunk [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] -portname <Port Name> -nativevlanid <Native vlan ID> [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-sessionlog <true or false>] [-retrycount <Retry count>] [-retryinterval <Retry interval>] [-comment <Snapshop comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-portname - trunk port name to delete
-nativevlanid - specify a native or default vlan id
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
String
Examples
del vlan trunk -deviceid 2801 -portname xxx -nativevlanid 11
Run an existing change plan against a device or group of devices.
Synopsis
deploy change plan [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-group <Groupname>] -name <Change Plan Name> [-parameters <Parameters>] [-variables <Variable List>] [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-nowait] [-comment <Snapshop comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-postchangesnapshot <true or false>] [-priority <Task priority>] [-sessionlog <true, false>] [-linebyline] [-taskname <Task name>] [-uselatest] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Runs an existing change plan, specified by name, against a device or group of devices. The proper variant of the script will be applied to each device. If no variant of the script supports a given device, that device will be skipped. The script is run as a system task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A valid group name. Either a device or a group must be specified, but not both (exactly one of -ip, -hostname, -fqdn or -group must be specified).
-name - Name of the change plan to run
-parameters - Command line parameters for the change plan to run
-variables - A list of variables to be replaced in the script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''"
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-nowait - Indicates that the task should not wait if there is another task currently running against the same device.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-postchangesnapshot - If true, this indicates that the snapshot that runs after the change applied on the device.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-sessionlog - If true a complete session log will be saved with this task.
-linebyline - if true, enable line by line mode for the script execution
-taskname - Task name
-uselatest - If true, scheduled tasks will run with latest version of change plans.
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.Do not use this option with -sync.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
String
Examples
deploy change plan -ip 192.0.2.10 -name "Set NTP If Not Set" -parameters "" -variables "Target_IP=192.0.2.10" -start 2004:02:29:23:59 -rep 2days -comment "Setting NTP Server"
deploy change plan -ip 192.0.2.10 -name "Set NTP If Not Set" -parameters "" -variables "Target_IP=192.0.2.10" -start 2004:02:29:23:59 -rep 2days -comment "Setting NTP Server" -priority 3
deploy config [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-id <Config ID>] [-configtext <Config Text>] [-start <Task start date>] [-sync] -option <Deployment option> [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Deploy the specified config to a specified device either right away, or at some point in the future. The deploy operation is actually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-id - The ID of the config to deploy to the specified device.
-configtext - The configuration text to deploy to the specified device.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the deploy task is complete. Do not use this option with -start.
-option - current or startup_reload, as applicable to the device.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.Do not use this option with -sync.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
String
Examples
deploy config -ip 192.0.2.10 -id 1962 -sync -option current
deploy image -ip <device ip address> [-site <site of imageset>] -imageset <imageset name> -images <images separated by ,> [-reboot <reboot instruction>] [-rebootwait <reboot wait (in seconds)>] [-filesystem <file system of device>] [-pretask <task to run before deployment>] [-posttask <task to run after deployment>] [-verify <true|false>] [-start <Task start date>] [-comment <Snapshot comment>] [-duration <Estimated duration of snapshot task.>] [-sessionlog <true or false>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>] [-retryInterval <Retry count>] [-retryCount <Retry interval>] [-priority <Task priority>] [-bootimage <Boot image filename>] [-bootslot <Boot image filesystem name>] [-osimage <OS image filename>] [-osslot <OS image filesystem name>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Deploy software images to a device.
-ip - ip address of the device the images will deploy to.
-site - partition site which the imageset belongs to. Will look for global imagesets if not specified.
-imageset - imageset name the images from.
-images - images from the imageset to be deployed.
-reboot - wheather to reboot the device after deploy images.
-rebootwait - seconds to wait before reboot.
-filesystem - filesystem name of the device the images will deploy to.
-pretask - name of task before deployment.
-posttask - name of task after deployment.
-verify - verify the image after deployment.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-comment - An optional comment about the snapshot.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-bootimage - Some devices use different files for the boot image (firmware) and for the OS image. In those cases, use this option to identify the boot image.
-bootslot - The filesystem (slot) to receive the boot image. Used in conjunction with the -bootimage option. If no boot slot is specified, the boot image is deployed to the location specified by the -filesystem option.
-osimage - Some devices use different files for the boot image (firmware) and for the OS image. In those cases, use this option to identify the OS image.
-osslot - The filesystem (slot) to receive the OS image. Used in conjunction with the -osimage option. If no OS slot is specified, the OS image is deployed to the location specified by the -filesystem option.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
discover driver [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-nosync] [-runmode <Run Mode>] [-priority <Task Priority>] [-replace] [-taskname <Task Name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-snmpv3user <SNMPv3 user name>] [-snmpv3authpw <SNMPv3 authentication password>] [-snmpv3encryptpw <SNMPv3 encryption password>] [-snmpv3option <SNMPv3 user authentication option>] [-snmpv3authmethod <SNMPv3 authentication method>] [-snmpv3encryptmethod <SNMPv3 encryption method>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Attempts to match a driver to the specified device.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: The device for which a driver should be discovered.
-host - A valid hostname: The device for which a driver should be discovered.
-fqdn - A valid Fully Qualified Domain Name: The device for which a driver should be discovered.
-deviceid - A device ID
-nosync - Indicates not to wait for command to complete
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-replace - Replace the existing driver. If this option is not specified, no change will be made if device already has driver.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-snmpv3user - Task specific SNMPv3 user name
-snmpv3authpw - Task specific SNMPv3 authentication password. To enter the password without displaying it on the command line, use -snmpv3authpw with no password value and respond to the command prompt.
-snmpv3encryptpw - Task specific SNMPv3 encryption password. To enter the password without displaying it on the command line, use -snmpv3encryptpw with no password value and respond to the command prompt
-snmpv3option - Task specific SNMPv3 user authentication. Allowed option either one of (noAuthNoPriv,authNoPriv,authPriv).
-snmpv3authmethod - Task specific SNMPv3 authentication method. Allowed method is, one of (SHA512,SHA384,SHA256,SHA224,SHA,MD5).
-snmpv3encryptmethod - Task specific SNMPv3 encryption method. Allowed method is, one of (DES,3DES,AES,AES128,AES192,AES256)
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
discover drivers [-noskip] [-group <Device group for drivers discovery>] [-priority <Task priority>] [-replace] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-snmpv3user <SNMPv3 user name>] [-snmpv3authpw <SNMPv3 authentication password>] [-snmpv3encryptpw <SNMPv3 encryption password>] [-snmpv3option <SNMPv3 user authentication option>] [-snmpv3authmethod <SNMPv3 authentication method>] [-snmpv3encryptmethod <SNMPv3 encryption method>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Attempts to match a driver to each device that the system recognizes.
-noskip - do not skip devices with known drivers
-group - discover drivers for specified group
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-replace - Replace the existing driver. If this option is not specified, no change will be made if device already has driver.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-taskname - Task Name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-snmpv3user - Task specific SNMPv3 user name
-snmpv3authpw - Task specific SNMPv3 authentication password. To enter the password without displaying it on the command line, use -snmpv3authpw with no password value and respond to the command prompt.
-snmpv3encryptpw - Task specific SNMPv3 encryption password. To enter the password without displaying it on the command line, use -snmpv3encryptpw with no password value and respond to the command prompt
-snmpv3option - Task specific SNMPv3 user authentication. Allowed option either one of (noAuthNoPriv,authNoPriv,authPriv).
-snmpv3authmethod - Task specific SNMPv3 authentication method. Allowed method is, one of (SHA512,SHA384,SHA256,SHA224,SHA,MD5).
-snmpv3encryptmethod - Task specific SNMPv3 encryption method. Allowed method is, one of (DES,3DES,AES,AES128,AES192,AES256)
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Return Type
String
Examples
discover drivers
discover drivers -priority 3
discover drivers -noskip
discover drivers -noskip -replace
discover drivers -runmode synchronous
discover drivers -runmode serial
discover drivers -runmode serial -stoponfailure true
get snapshot [-ip <IP address>] [-group <Groupname>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-rep <Task repeat period>] [-sync] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-start <Task start date>] [-comment <Snapshot comment>] [-duration <Estimated duration of snapshot task.>] [-sessionlog <true or false>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>] [-retryInterval <Retry count>] [-retryCount <Retry interval>] [-priority <Task priority>] [-taskname <Task name>] [-checkpoint] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>]
Description
Get the config from a specified device either right away, or at some point in the future. The retrieval operation is actually a scheduled task. Using this command, you can set the task to repeat periodically.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-group - A valid group name. Do not use this option with -ip (exactly one of -ip or -group must be specified).
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-comment - An optional comment about the snapshot.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-checkpoint - Indicates that the snapshot task will store the configuration regardless of whether there is a change.
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
Return Type
String
Examples
get snapshot -ip 192.0.2.10
get snapshot -ip 192.0.2.10 -priority 3
get snapshot -ip "East Office:192.0.2.10"
get snapshot -host Zangief -start 2004:02:29:23:59 -rep 2days
get snapshot -ip 192.0.2.10 -runmode synchronous
get snapshot -group mygroup
get snapshot -group mygroup -runmode serial
get snapshot -group mygroup -runmode serial -stoponfailure true
import -input <Filename or CSV data> -data <device or auth> [-log <Filename>] [-append <true or false>] [-discoverafter <true or false>] [-configuresyslog <true or false>] [-usesyslogrelay <Hostname>] [-filter <Filename>] [-cleanafter <true or false>] [-deviceorigin <Any String>] [-debug <true or false>]
Description
This command can import into the system device or device password information contained in appropriately formatted CSV files.(Contact customer support for a CSV file format specification.)
-input - Either the name of a file that contains CSV data or the CSV data itself. For a file, specify the file name found in the base directory. Use the forward slash (/) as the directory separator on all operating systems. For information about specifying the base directory, see "Specifying the Base Directory for Import Tasks" in NA Administration Guide.
-data - Whether the type of information imported is devices or device authentication.
-log - Command log file.
-append - If true, this command will append to the log file. If false, this command will overwrite the log file. This option is false by default.
-discoverafter - Discover drivers for imported device? This option is false by default.
-configuresyslog - Configure devices to send syslog messages to the system? Valid values are true | false
-usesyslogrelay - The name of a syslog relay host to use
-filter - This option is obsolete and has no effect.
-cleanafter - If true, then after importing data, a process will run on the server that will delete old devices. Devices are deleted according to the current configuration of the system's "deletion-on-import" rules, and the argument to the deviceorigin option. This option is false by default.
-deviceorigin - A description of the source of the data. This is recorded by the system, but is not visible via any UI.
Import configuration policies from a file. This command is available only with the Network Automation Software Ultimate edition license.
Synopsis
import policy -filename <Import file name>
Description
The import filename must contain the absolute path to the file and must be directly accessible by the system. The import file is usually created by exporting policies.
-filename - Specify the absolute path to the import file. If the path contains spaces, you must quote the argument.
This command imports sshfingerprints into the system contained in appropriately formatted CSV files.The import file is usually created by exporting fingerprints.
-input - Name of a file that contains CSV data.For a file, specify the file name found in the base directory.Use the forward slash (/) as the directory separator on all operating systems. For information about specifying the base directory, see "Specifying the Base Directory for Import Tasks" in NA Documentation.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those access records created on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format: "
-end - Display only those access records created on or before the given date. Values for this option have the same format as for the option -start.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those configs stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those configs stored on or before the given date. Values for this option have the same format as for the option -start.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those configs stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those configs stored on or before the given date. Values for this option have the same format as for the option -start.
-size - Display the size (in bytes) of each config
-ids - List only configs in this comma-separated list of IDs.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those configs stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those configs stored on or before the given date. Values for this option have the same format as for the option -start.
list device context variables -deviceid <Device ID> -action <Action>
Description
Adding device contexts requires device specific parameters. This command lists the device context variables needed to perform a context addition or removal. For example, one device might require a context name and a config location, while a different device might require a context name and a slot number. This command will list what is needed for the device you are working on. This information is then used as input into the add device context command.
-deviceid - The deviceID to get context variable names for
-action - The action to get context variable names for (add or remove)
Return Type
String
Examples
list device context variables -deviceid 749 -action add
List device groups that contain one or more devices.
Synopsis
list device group [-software <Software Version>] [-vendor <Device Vendor>] [-type <Device Type>] [-model <Device Model>] [-family <Device Family>] [-parent <Parent Device Group Name>]
Description
Lists the device groups that match the specified device criteria. If no argument is provided, lists all device groups that contain at least one device.
-software - List only device groups for devices running this software
-vendor - List only device groups for devices with this vendor name
-type - List only device groups for devices of this type (Router, Switch, etc.)
-model - List only device groups for devices of this model ("2500 (3000 series)", BIG-IP, etc.)
-family - List only device groups for devices in this device family ("Cisco IOS", F5, etc.)
-parent - List only device groups that are direct descendants of this parent device group name
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in. One of -ip, -host, -fqdn, or -deviceid is required.
-host - A valid hostname. One of -ip, -host, -fqdn, or -deviceid is required.
-fqdn - A valid Fully Qualified Domain Name. One of -ip, -host, -fqdn, or -deviceid is required.
-deviceid - A device ID. One of -ip, -host, -fqdn, or -deviceid is required.
-start - Display only those diagnostics stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those diagnostics created on or before the given date. Values for this option have the same format as for the option -start.
Return Type
Collection:DeviceDataVO with columns:
blockFormat
blockSize
blockType
changedBy
comments
configHash
configHashMode
createDate
customModel
dataBlock
deviceAccessLogID
deviceDataID
deviceID
lastModifiedDate
maskedSize
sourceDeviceDataID
variableData
Examples
list diagnostic -ip 192.0.2.10 -diagnostic "vlan report"
List events. However, with the Network Automation Software Premium edition license, using this command, you cannot view the following events: Policy Added Policy Non-Compliance Policy Changed Policy Pattern Timeout Policy Rule Added Policy Rule Changed Software Vulnerability Detected
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: Display only those events associated with the specified device.
-host - A valid hostname: Display only those events associated with the specified device.
-fqdn - A valid Fully Qualified Domain Name: Display only those events associated with the specified device.
-deviceid - A device ID
-type - A valid event type: Display only events of this type. Values for this option may be one of the following: Approval No Longer Required Approval Request Approval Granted Approval Task Changed Approval Task Deleted Approval Denied Approval Task Timeout Approval Override Change Plan Added Change Plan Modified Change Plan Deleted Command Authorization Error Command Script Modified User Authentication Error Policy Added Policy Non-Compliance Policy Changed Policy Pattern Timeout Policy Rule Added Policy Rule Changed Device Access Failure Device Added Device Password Change Device Booted Device Change Plan Failed Device Change Plan Completed Successfully Device Command Script Failed Device Command Script Completed Successfully Device Configuration Change Device Configuration Change - No User Device Configuration Deployment Failure Device Configuration Deployment Device Data Failure Device Deleted Device Diagnostic Changed Device Diagnostic Failed Device Diagnostic Completed Successfully Device Flash Storage Running Low Group Modified Group Added Group Deleted Device Inaccessible Device Edited Last Used Device Password Changed Device Managed Device Missing from Import Device Permissions - Modified Device Reservation Conflict Device Snapshot Device Software Change Device Startup/Running Config Difference Device Unmanaged Diagnostic Modified Software Vulnerability Detected Email Report Saved External Directory Server Authentication Error License Almost Exceeded License Almost Expired License Exceeded License Expired Module Added Module Changed Module Removed Monitor Okay Monitor Error Device Permissions - New Device Device Password Change Failure Concurrent Telnet/SSH Session Override Reserved Device Configuration Changed Scheduled for Deploy Configuration Edited Scheduled for Deploy Password Modified Server Startup Session Data Captured Software Update Failed Software Update Succeeded Summary Reports Generated Pending Task Deleted Task Started Ticket Created User Login User Logout User Added User Deleted User Permission Changed User Message
-start - Display only events after this date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those ICMPTest models stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those ICMPTest models stored on or before the given date. Values for this option have the same format as for the option -start.
List all configs for which the ShowInterfaces model may be shown.
Synopsis
list int [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-start <Date>] [-end <Date>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those ShowInterfaces models stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those ShowInterfaces models stored on or before the given date. Values for this option have the same format as for the option -start.
list ip [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
Lists ip addresses for specific device.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those ShowOSPFNeighbors models stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those ShowOSPFNeighbors models stored on or before the given date. Values for this option have the same format as for the option -start.
List ports (or interfaces) for a specific device in the system.
Synopsis
list port [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
Ports are ports and interfaces found on the devices in their configuration or within ancillary commands that detail specifics of the ports and interfaces. The values returned have been processed by the device drivers.
-ip - List all device ports on the device with this IP address
-host - List all device ports on the device with this hostname
-fqdn - List all device ports on the device with this Fully Qualified Domain Name
-deviceid - List all device ports on the device with this device ID
list port channels [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
List all resource identity pools associated with a given site.
Synopsis
list resource id pool [-site <Site Name>]
Description
List all resource identity pools associated with a given site.
-site - Name of the site the resource identity pools to be listed are associated with. If the site is not specified, the resource identity pools associated with the default partition will be listed unless the system is partitioned. In such case, only the global resource identity pools will be listed.
-type - List the user roles for the following types of permissions: Modify Device Permission (MDP), Command Permission (COMMAND), Script Permission (SCRIPT), and View Partition Permission (VIEW). By default, all the user roles are listed.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those routing tables stored on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those routing tables stored on or before the given date. Values for this option have the same format as for the option -start.
list script [-type <Type>] [-name <Name>] [-mode <Mode>] [-ids <Diagnostic ID List>] [-sitename <Site Name>]
Description
-type - Type of the desired diagnostic - may be diagnostic or advdiagnostic
-name - diagnostic name
-mode - diagnostic mode - for diagnostics the mode of device access (such as Cisco IOS enable); for advanced diagnostic the device family (such as Cisco IOS)
-ids - List only diagnostics in this comma-separated list of IDs.
-sitename - Site Name of the site the diagnostic belongs to.
List diagnostic IDs, diagnostics and/or advanced diagnostics.
Synopsis
list script id [-type <Type>] [-name <Name>] [-mode <Mode>] [-id <ID>]
Description
-type - Type of the desired diagnostic - may be diagnostic or advdiagnostic
-name - Script name
-mode - Script mode - for diagnostics the mode of device access (such as Cisco IOS enable); for advanced diagnostics the device family (such as Cisco IOS)
list session [-ip <IP address>] [-start <Date>] [-end <Date>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-start - Display only those interceptor log records created on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those interceptor log records created on or before the given date. Values for this option have the same format as for the option -start.
list system message [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-start <Date>] [-end <Date>]
Description
Lists all system messages unless you include one of the options. Including one of the device options displays all system messages associated with the specified device.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-start - Display only those system messages created on or after the given date. Values for this option may be in one of the following formats: YYYY-MM-DD HH:MM:SS e.g. 2002-09-06 12:30:00 YYYY-MM-DD HH:MM e.g. 2002-09-06 12:30 YYYY-MM-DD e.g. 2002-09-06 YYYY/MM/DD e.g. 2002/09/06 YYYY:MM:DD:HH:MM e.g. 2002:09:06:12:30
Or, one of: now, today, yesterday, tomorrow
Or, in the format:
-end - Display only those system messages created on or before the given date. Values for this option have the same format as for the option -start.
Display a list of tasks. However, with the Network Automation Software Premium edition license, you cannot view the 'Check Policy Compliance' tasks using this command.
This command behaves differently depending on the options you give it. The command by itself returns a list of all tasks. Each option filters the returned list of tasks, causing it to return a subset of the total list.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: Display only those tasks associated with the specified device.
-host - A valid hostname: Display only those tasks associated with the specified device.
-fqdn - A valid Fully Qualified Domain Name: Display only those tasks associated with the specified device.
-deviceid - A valid device ID: Display only those tasks associated with the specified device.
-start - YYYY:MM:DD:HH:mm: Display only those tasks whose schedule date falls on or after the given date.
-end - YYYY:MM:DD:HH:mm: Display only those tasks whose schedule date falls on or before the given date
-parentid - a task ID: Display only those tasks whose parent is the task specified by the given Task ID.
list topology graph [-deviceids <List of Device IDs>] [-deviceportids <List of Device Port IDs>] [-serverids <List of Server IDs>] [-serverportids <List of Server Interface IDs>] [-deviceid <A Device ID>]
Description
-deviceids - A comma separated list of device IDs
-deviceportids - A comma separated list of device port IDs
-serverids - A comma separated list of server IDs
-serverportids - A comma separated list of server interface IDs
list trunk port [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Modify the indicated advanced diagnostic. The desired diagnostic can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique diagnostic desired by ID.
-id - ID of the advanced diagnostic to edit
-name - Name of the advanced diagnostic to edit
-newname - New name for the diagnostic being modified
-description - New description for the diagnostic being modified
-family - New device family for the diagnostic being modified
-language - New language for the diagnostic being modified - must be a supported language such as Expect or Perl
-parameters - New command line parameters for the diagnostic being modified
-script - New script text
-sitename - Site name
Return Type
STATUS
Examples
mod advanced diagnostic -id 22 -newname "Set Duplex" -description "Sets the interface duplex configuration" -sitename "Default Site"
Modify the indicated change plan. The desired change plan can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique change plan desired by ID.
-id - ID of the change plan to edit
-name - Name of the change plan to edit
-newname - New name for the change plan being modified
-description - New description for the change plan being modified
-scripttype - New Change Plan Tag (i.e. user defined subcategory)
-family - New device family for the change plan being modified
-language - New language for the change plan being modified - must be a supported language such as Expect or Perl
-parameters - New command line parameters for the change plan being modified
This command can modify passwords on a specific device, across all devices in a device group, or merely update what the system knows of the device's password information. When using this command to modify passwords on a device or device group, the modification operation is actually a scheduled task.
-loc - The location to which password information should be written. Valid values for this argument are "db", "device", and "group". "db" tells the command that password information should be changed only in the system's database. "device" tells the command that the password changes should be made on the device as well and "group" performs the same function as "device" but across all devices in the group.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.: An existing device to which this password information should apply.
-host - A valid hostname: An existing device to which this password information should apply.
-fqdn - A valid Fully Qualified Domain Name: An existing device to which this password information should apply.
-deviceid - A valid device ID: An existing device to which this password information should apply.
-snmpro - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read only community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read only community strings to be, either set on the device, or appended to an existing list of read only community strings (depends on whether or not the -appendsnmpro flag was supplied.)
-snmprw - When used in conjunction with -loc db, this argument is taken as a single community string understood by the system as THE read write community string for the device or network. When used in conjunction with -loc device, this argument is taken as a comma-separated list of read write community strings to be, either set on the device, or appended to an existing list of read write community strings (depends on whether or not the -appendsnmprw flag was supplied.)
-snmpv3user - When used in conjunction with -loc db, this argument is taken as the username for snmpv3 access.
-snmpv3authpw - When used in conjunction with -loc db, this argument is taken as the authentication password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3authpw with no password value and respond to the command prompt.
-snmpv3encryptpw - When used in conjunction with -loc db, this argument is taken as the encryption password for snmpv3 access. To enter the password without displaying it on the command line, use -snmpv3encryptpw with no password value and respond to the command prompt.
-user - Username.
-passwd - Password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-connectionmethods - The methods used by the system to connect to devices. Can be telnet, serial_direct, or SSH.
-accessvariables - To override variables in the script, such as prompts. You can specify multiple access variables in a colon-separated list.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Use this option only if the argument to the -loc flag is "device".
-appendsnmpro - Supply this option if read only community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-appendsnmprw - Supply this option if read write community strings should be appended to any existing on the device. Use this option only if the argument to the -loc flag is "device".
-sync - Indicates that the command should return only after the password change task is complete. Do not use this option with -start.
-group - The group name for performing this command across all devices in a group.
-site - The site partition this rule belongs to. Default to be global
-rulename - The password rule name to which you can apply the access variables. Password rule names that contain spaces must be specified within quotes (" ").
-rulehostname - Hostname, the rule applies to
-ruledevicegroup - Device group name, the rule applies to
-iprangestart - IP range start (range), the rule applies to
-iprangeend - IP range end (range), the rule applies to
-taskname - Task Name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-apikey - This argument is taken as the API key for device access. To enter the API key without displaying it on the command line, use -apikey with no value and respond to the command prompt.
Return Type
String
Examples
mod authentication -loc db -ip 192.0.2.10 -passwd fish -snmpro public -enablepasswd 31337
mod authentication -loc device -ip 192.0.2.10 -passwd limited -enablepasswd full
mod authentication -loc device -ip 192.0.2.10 -passwd some -enablepasswd all -snmprw brillig,slithy,toves,gire -appendsnmprw -sync
mod authentication -loc device -ip 192.0.2.10 -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
mod authentication -loc group -group MyDevices -passwd less -enablepasswd more -snmpro foo,bar,fork,snork -start 2004:02:29:23:59
mod authentication -loc db -rulename "rule 1" -rulehostname DALAB-C2600-NAT
mod authentication -loc db -rulename "rule 2" -ruledevicegroup DeviecGroup1
mod authentication -loc db -site DefaultSite -rulename "rule 3" -iprangestart 172.30.1.1 -iprangeend 172.30.1.5
mod authentication -loc db -ip 192.0.2.10 -passwd -enablepasswd -snmpro public
mod authentication -loc db -ip 192.0.2.10 -passwd -enablepasswd -snmpro public -apikey eiowdhy1232434jejwhewu
mod change plan [-id <Change Plan ID>] [-name <Change Plan Name>] [-newname <New Change Plan Name>] [-desc <Description>] [-tag <Change Plan Tag>] [-driver <Driver List>] [-changetype <New Change Script Type>] [-changename <New Change Script Name>] [-changedescription <New Change Script Description>] [-changescript <New Change Script Text>] [-rollbackscript <RollBack Script Text>] [-changemode <New Change Script mode>] [-language <New Change Script Language>] [-parameters <New Change Script Parameters>] [-conditions <New List of Conditions expressed in XML format>] [-updateTasks <Referenced change plan task IDs.>]
Description
Change an existing Change Plan.
-id - ID of the change plan to edit.
-name - Name of Change Plan to edit.
-newname - New name for the Change Plan being modified.
-desc - New description for the change plan being modified.
-tag - Change Plan Tag (i.e. user defined subcategory)
-driver - List of applicable drivers - provided as a comma separated list of internal driver names
-changetype - New Type of the desired change script - may be command, advanced
-changename - New Name of Change Script
-changedescription - New Change Script Description
-changescript - New Change Script Text
-rollbackscript - RollBack Script Text
-changemode - New Change Script mode
-language - New Language for the advanced change script - must be a supported language such as Expect or Perl
-parameters - New Command line parameters for the advanced change script
-conditions - The Change Conditions expressed in XML format. For information on the syntax of the XML, see the "Defining Change Conditions Using XML" chapter of the Administration Guide.
-updateTasks - A comma-separated list of referenced change plan task ids that need to updated automatically, or "all". Use "list" to know all the referenced change plan tasks.
Return Type
String
Examples
mod change plan -name "Set Banner If Not Set" -desc "Set Banner if No banner is not set" -newname "Set Banner"
mod change plan -name cp -desc "Set Banner" -tag "Troubleshooting Change plans" -changescript "show verion" -changetype advanced -language Perl
Modify the indicated change plan. The desired change plan can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique change plan desired by ID.
-id - ID of the change plan to edit
-name - Name of the change plan to edit
-newname - New name for the change script being modified
-description - New description for the change script being modified
-scripttype - New Change Plan Tag (i.e. user defined subcategory)
-mode - New change script mode
-driver - New list of applicable drivers - provided as a comma separated list of internal driver names
mod device [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-hostname <New Hostname>] [-comment <Comment>] [-description <Device name>] [-model <Device model>] [-vendor <Device vendor>] [-domain <Domain name>] [-serial <Serial number>] [-asset <Asset tag>] [-location <Location>] [-status <Status>] [-nopoll <Do not poll>] [-newIP <New IP address>] [-consoleip <Console IP address, if using console server>] [-consoleport <Console Port>] [-tftpserverip <TFTP server IP address, if using NAT>] [-natip <NAT IP address>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-useconsoleserver <true or false>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-hostname - The device's new host name
-comment - Additional information regarding the device.
-description - The descriptive name of the device (informational only).
-model - The device's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-domain - A fully qualified domain name (such as www.google.com).
-serial - The device's serial number.
-asset - The device's asset tag.
-location - The device's location.
-status - 0: Mark this device as managed by the system (Active). 1: Mark this device to be unmanaged by the system(Disable). 3: Mark this device as pre-production.
-nopoll - 0: Mark this device to be polled for changes. 1: Mark this device as not to be polled for changes. 2: Mark this device to be polled for changes only as part of the regular polling task.
-newIP - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device will be put in. This is the new IP address of the device.
-consoleip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with REALM_NAME:, where REALM_NAME is the name of the Realm the address is in. To remove this IP, supply empty string "" as argument.
-consoleport - The port number
-tftpserverip - a.b.c.d where 0 <= a,b,c,d <= 255. To remove this IP, supply empty string "" as argument.
-natip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with REALM_NAME:, where REALM_NAME is the name of the Realm the address is in. To remove this IP, supply empty string "" as argument.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-useconsoleserver - If the device uses a console server, specify true. If the device does not, specify false. The -consoleip option is required along with this option if the "Used To Access Device" parameter has to be updated. Note: When you run the command with the -useconsoleserver and -consoleip options together,only the "Used To Access Device" option will be edited.Functionality of other parameters will not be supported.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP, SNMP, snmp_noauthnopriv, snmp_authnopriv_sha512, snmp_authnopriv_sha256, snmp_authnopriv_sha384, snmp_authnopriv_sha224, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha512_des, snmp_authpriv_sha512_3des, snmp_authpriv_sha512_aes, snmp_authpriv_sha512_aes128, snmp_authpriv_sha512_aes192, snmp_authpriv_sha512_aes256, snmp_authpriv_sha256_des, snmp_authpriv_sha256_3des, snmp_authpriv_sha256_aes, snmp_authpriv_sha256_aes128, snmp_authpriv_sha256_aes192, snmp_authpriv_sha256_aes256, snmp_authpriv_sha384_des, snmp_authpriv_sha384_3des, snmp_authpriv_sha384_aes, snmp_authpriv_sha384_aes128, snmp_authpriv_sha384_aes192, snmp_authpriv_sha384_aes256, snmp_authpriv_sha224_des, snmp_authpriv_sha224_3des, snmp_authpriv_sha224_aes, snmp_authpriv_sha224_aes128, snmp_authpriv_sha224_aes192, snmp_authpriv_sha224_aes256, snmp_authpriv_sha_des, snmp_authpriv_sha_3des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes128, snmp_authpriv_sha_aes192, snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_3des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes128, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.If this option is not provided, the system will try all access methods when attempting to connect to the device.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
Return Type
STATUS
Examples
mod device -ip 192.0.2.10 -newIP 192.0.2.10
mod device -ip 192.0.2.10 -newIP "West Site:192.0.2.10"
mod device -ip "East Site:192.0.2.10" -newIP "West Site:192.0.2.10"
mod device -ip 192.0.2.10 -nopoll 1 -comment "enabled polling by change detection."
mod device -ip 192.0.2.10 -customname Owner -customvalue Bob
mod device -ip 192.0.2.10 -customnames "Owner,Location" -customvalues "Bob,'Seattle, WA'"
mod device -ip 192.0.2.10 -useconsoleserver false -consoleip 192.0.2.100
mod device group -name <Name> [-newname <New name>] [-comment <Comment>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-shared <Shared>] [-newtype <dynamic|static>] [-criteria <Criteria>] [-searchgroups <Search groups>] [-limitsearchgroups <Limit to search groups>] [-partitions <Partitions>]
Description
Modify the name, comments, and/or the search criteria of a device group.
-name - The name of the group to be modified.
-newname - The new name for the modified group. Do not use this option unless you also use -name.
-comment - Additional information about the group.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list; however, the order must match the same order as that of the customvalues.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list; however, the order must match the same order as that of the customnames. Any values with commas must be quoted in single quotes.
-shared - 1 if the group is shared, 0 if it is not.
-newtype - Change the type of the device group. The valid values are static or dynamic.
-criteria - The search criteria expressed in XML format. This parameter is ignored if the -newtype parameter is "static". For information about the syntax of the XML, see the "Defining Dynamic Device Groups Using XML" chapter of the Administration Guide.
-searchgroups - The list of groups that must be used along with the search criteria. Multiple values must be separated by a comma. This parameter is ignored if the -newtype parameter is "static".
-limitsearchgroups - The filter condition to be used in conjunction with the -searchgroups parameter. The valid values are "any", "none" and "all". This parameter is ignored if the -newtype parameter is "static".
-partitions - The list of partitions to be considered to apply the filter. This parameter is ignored if the -newtype parameter is "static".
Return Type
STATUS
Examples
mod device group -name "mystery routers" -newname "defunct" -comment "removing these devices is a bad idea, but we don't really know what purpose they serve."
mod device group -name "border routers" -newtype dynamic
mod device group -name "border routers" -customname Location -customvalue Earth
mod device template -templateid <Device Template ID> [-hostname <Device name>] [-newdriver <Driver name>] [-comment <Comment>] [-description <Description>] [-model <Device model>] [-vendor <Device vendor>] [-location <Location>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-accessmethods <Comma-separated list of access methods>] [-hierarchylayer <Hierarchy layer>] [-sitename <Site Name>]
Description
-templateid - A device template ID
-hostname - A valid name
-newdriver - The new device driver name in short form
-comment - Additional information regarding the device template.
-description - The descriptive name of the device template (informational only).
-model - The device template's model (such as 2620).
-vendor - The device's vendor (such as Cisco).
-location - The device's location.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-accessmethods - A comma-separated list of access methods, or "none". The set of access methods: {telnet, ssh, rlogin, SCP, FTP, TFTP, SNMP, snmp_noauthnopriv, snmp_authnopriv_sha512, snmp_authnopriv_sha256, snmp_authnopriv_sha384, snmp_authnopriv_sha224, snmp_authnopriv_sha, snmp_authnopriv_md5, snmp_authpriv_sha512_des, snmp_authpriv_sha512_3des, snmp_authpriv_sha512_aes, snmp_authpriv_sha512_aes128, snmp_authpriv_sha512_aes192, snmp_authpriv_sha512_aes256, snmp_authpriv_sha256_des, snmp_authpriv_sha256_3des, snmp_authpriv_sha256_aes, snmp_authpriv_sha256_aes128, snmp_authpriv_sha256_aes192, snmp_authpriv_sha256_aes256, snmp_authpriv_sha384_des, snmp_authpriv_sha384_3des, snmp_authpriv_sha384_aes, snmp_authpriv_sha384_aes128, snmp_authpriv_sha384_aes192, snmp_authpriv_sha384_aes256, snmp_authpriv_sha224_des, snmp_authpriv_sha224_3des, snmp_authpriv_sha224_aes, snmp_authpriv_sha224_aes128, snmp_authpriv_sha224_aes192, snmp_authpriv_sha224_aes256, snmp_authpriv_sha_des, snmp_authpriv_sha_3des, snmp_authpriv_sha_aes, snmp_authpriv_sha_aes128, snmp_authpriv_sha_aes192, snmp_authpriv_sha_aes256, snmp_authpriv_md5_des, snmp_authpriv_md5_3des, snmp_authpriv_md5_aes, snmp_authpriv_md5_aes128, snmp_authpriv_md5_aes192, snmp_authpriv_md5_aes256}.
-hierarchylayer - This device attribute is used in diagramming. When you config a network diagram, you can select which hierarchy layers on which to filter. Valid values include: (core, distribution, access, edge and "layer not set").
-sitename - The Site name in which the template belongs to.
Return Type
STATUS
Examples
mod device template -templateid 801 -comment "Test Comment"
mod device template -templateid 801 -customname Owner -customvalue Bob
mod device template -templateid 801 -accessmethods FTP,SSH
-configtext - A valid configuration text in double quotes
-configfile - Specify the absolute path to the file which contains the device template configuration. The file must be directly accessible by the system.
Return Type
STATUS
Examples
mod device template config -templateid 801 -configtext "$var1"
mod device template config -templateid 801 -configile /usr/home/config.txt
Modify the indicated diagnostic script. The desired diagnostic can be specified by ID or name. If more than one name match occurs, then an error will be reported and you must specify the unique diagnostic desired by ID.
-id - ID of the diagnostic to edit
-name - Name of the diagnostic to edit
-newname - New name for the diagnostic being modified
-description - New description for the diagnostic being modified
-mode - New command script mode
-driver - New list of applicable drivers - provided as a comma separated list of internal driver names
-script - New diagnostic script text
-sitename - Site name
Return Type
STATUS
Examples
mod diagnostic -id 22 -newname "Show IP CEF" -description "Gather IP CEF information" -sitename "Default Site"
mod diagnostic -name "Extended Ping To Core" -mode "Cisco IOS enable" -driver "CiscoIOSGeneric,CiscoIOSSwitch" -script "extended ping 192.0.2.10"
mod group -type <Type> -name <Name> [-newname <New name>] [-comment <Comment>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-shared <Shared>]
Description
Modify the comments associated with and/or the name of a group.
-type - The type of the group. "device" is currently the only valid argument to this option.
-name - The name of the group to be modified.
-newname - The new name for the modified group. Do not use this option unless you also use -name.
-comment - Additional information regarding the group.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-shared - 1 if the group is shared, 0 if it is not.
Return Type
STATUS
Examples
mod group -name "mystery routers" -type device -comment "removing these devices is a bad idea, but we don't really know what purpose they serve."
mod group -type device -name "border routers" -newname "defunct"
mod group -type device -name "border routers" -customname Location -customvalue Earth
mod ip -ipvalue <Value> [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-comment <Comment>] [-usetoaccess <Use to Access Device>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255, the non-primary IP address of the device.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-comment - Additional information regarding the device.
-usetoaccess - Use this IP Value to access its device, 1 - yes, 0 - no, default - no
Return Type
String
Examples
mod ip -deviceip 192.0.2.10 -ipvalue 10.10.10.0 -comment "my own ip"
mod ip -deviceip 192.0.2.10 -ipvalue 10.10.10.0 -usetoaccess 0
mod ip -deviceid 1401 -ipvalue 192.0.2.10 -usetoaccess 0
mod module -id <Module ID> [-comment <Comment>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>]
Description
-id - The ID of a module
-comment - Additional information about the module.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
It modifies an existing policy. Note that the policy must be identified by either policy ID or policy name. Please also see the description for 'create policy' command.
-name - Policy Name
-policyid - Policy ID
-site - Site Name
-newname - New Name
-tag - Policy Tag
-policydesc - Policy Description
-desc - Detailed Description
-dg - Policy Scope (comma separated device group names)
-exceptions - Policy Exceptions (comma separated host names or IPs)
-status - Policy Status (active|inactive)
-cve - CVE
-aurl - Vendor Advisory URL
-surl - Vendor Solution URL
-ddate - Disclosure Date
-solution - Solution
Return Type
ConfigPolicyVO with columns:
CVE
comments
configPolicyDynamicScopeFilterCriteria
configPolicyID
configPolicyName
createDate
description
disclosureDate
inUse
lastModifiedDate
lastModifiedUserID
scope
siteID
solution
status
tag
ticketNumber
vendorAdvisoryURL
vendorSolutionURL
Examples
mod policy -name "test policy" -policydesc "This is a test policy" -desc "only for testing" -dg "Seattle,Dallas" -exceptions "switch11,10.255.40.11"
mod policy -name "test policy" -desc "only for testing" -dg "Seattle,Dallas" -exceptions "switch11,10.255.40.11"
mod port -id <Port ID> [-comment <Comment>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>]
Description
-id - The ID of a port
-comment - Additional information about the port.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
mod resource id custom field data [-fielddataid <Custom field data ID>] [-resourceidentityid <Resource Identity ID>] [-fieldname <Custom field name>] [-data <Custom field data>]
Description
Modify custom field data for a resource identity. Resource identity custom field data can be identified either by a custom field data ID (-fielddataid) or a combination of custom field name (-fieldname) and resource identity ID (-resourceidentityid). If resource identity custom field data ID is specified, custom field name and resource identity ID are ignored. If custom field data is not specified, the field value is set to null.
-fielddataid - ID of the custom field data.
-resourceidentityid - ID of the associated resource identity.
-fieldname - Name of the custom field.
-data - New value for modifying the custom field data. If the -data option is not specified, the custom field value is set to null.
Return Type
STATUS
Examples
mod resource id custom field data -fielddataid 321 -data BLDG7
mod resource id custom field data -resourceidentityid 201 -fieldname vlanid -data VLAN22
Modify an existing resource identity pool identified by a resource identity pool ID
Synopsis
mod resource id pool -id <ID> [-name <Name>] [-description <Description>] [-site <Site Name>] [-addcustomfieldid <Custom Field ID>] [-removecustomfieldid <Custom Field ID>]
Description
Modify an existing resource identity pool identified by a resource identity pool ID
-id - ID of the resource identity pool to modify.
-name - New name for the resource identity pool being modified. The name has to be unique for the site.
-description - New description for the resource identity pool being modified.
-site - New site name to associate the modified resource identity pool with.
-addcustomfieldid - ID of the custom field to associate with the pool. This option can't be used with -removecustomfieldid
-removecustomfieldid - ID of the custom field to dissociate with the pool. This option can't be used with -addcustomfieldid
Return Type
VO:ResourceIdentityPoolVO with columns:
createDate
createUserID
description
lastModifiedDate
lastModifiedUserID
name
resourceIdentityPoolID
siteID
Examples
mod resource id pool -id 321 -name VLANPool -description "Poll of VLAN names for SiteB" -site SiteB
Change an existing user role of type modify device partition or view partition permission.
Synopsis
mod role -name <Role name> -resources <Resources> [-viewname <Device view name>] [-desc <Description>]
Description
Change an existing user role of type modify device partition or view partition permission.
-name - Role name.
-resources - Comma-separated list of resources to which the user role has access. This value overwrites the existing configuration. If resource name contains a comma(,), use the unicode character \\u002c instead of comma(,). For role type MDP, specify device group names. For role type VIEW, specify some or all of the partition names under the specified view name.
-viewname - Optional for role type VIEW. Changes the device-specific view for this role.
-desc - Optional description string.
Return Type
STATUS
Examples
mod role -name operators -resources "Labs"
mod role -name "Junior Admins" -resources "partition\\u002cContainscomma" -viewname View2
mod rule condition -rcid <Rule Condition ID> [-operator <Operator Name>] [-operand <Operand (text or regex pattern)>] [-exceptionoperand <Except Operand (Second operand, for 'must contain only' operator>] [-regex <Regex (true|false)>] [-exactorder <Exact Order (true|false)>]
Description
This command is available only with the Network Automation Software Ultimate edition license. It modifies an existing rule condition that is identified by rule condition ID (use 'list rule condition' command to see IDs). Note that data model element name cannot be modified. Please also see the description for 'create rule condition' command.
mod task -id <Task ID> [-comment <Comment>] [-retryInterval <Retry interval>] [-expensive] [-notexpensive] [-days <Days>] [-retryCount <Retry count>] [-repeatType <Repeat type>] [-duration <Duration>] [-start <Start>] [-repeatInterval <Repeat interval>] [-approve <Approval comment>] [-reject <Reason the task is not approved>] [-override <Reason for overriding approval process>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>] [-sessionlog <true or false>] [-priority <Task priority>] [-coreid <Core ID>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>]
Description
-id - The task ID of the task to modify.
-comment - Additional information about the task.
-retryInterval - The number of seconds between retries.
-expensive - Mark the task as expensive. Do not use this option with -notexpensive.
-notexpensive - Mark the task as not expensive. Do not use this option with -expensive.
-days - This argument differs depending on the task. For weekly tasks, -days should be a comma-separated list of weekdays. Each item in the list is a day of the week upon which the task should be run. Valid weekdays are: sun, mon, tue, wed, thur, fri, sat. For monthly tasks, -days should be a single integer between 1 and 31, corresponding to the day of the month upon which the task should be run.
-retryCount - The number of times to retry the task if it fails.
-repeatType - The metric by which a task repeats. Valid values are 1: once, 2: periodically, 3: daily, 4: weekly, 5: monthly. If you modify this value, then modify -repeatInterval or -days accordingly.
-duration - Estimated duration the task will run(in minutes)
-start - YYYY:MM:DD:HH:mm. The first date the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-repeatInterval - This option differs depending on the task. For Periodic tasks, this is the period in minutes. For Monthly tasks, each bit of the integer (except the last) represents a day, but we recommend using the -days option to modify the days on which a monthly task runs. This option is invalid with all other tasks.
-approve - Approve the task
-reject - Reject the task
-override - Override the approval requirement
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-sessionlog - If true a complete session log will be saved with this task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to value 5 automatically.
-coreid - Core ID
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
Return Type
STATUS
Examples
mod task -id 7097 -repeatType 4 -days mon,wed,thur
mod user -u <Username> [-p <Password>] [-fn <First name>] [-ln <Last name>] [-email <Email address>] [-priv <User Privilege>] [-newusername <Username>] [-aaausername <Username>] [-aaapassword <AAA Password>] [-useaaaloginforproxy <Use AAA Logins for Proxy (yes|no)>] [-extauthfailover <Allow External Auth Failover (yes|no)>] [-customname <Custom data column name>] [-customvalue <Custom data value>] [-customnames <Custom data column names>] [-customvalues <Custom data values>] [-status <Enable or Disable the user (enable|disable)>] [-view1partition <view1partitionname>] [-view2partition <view2partitionname>] [-view3partition <view3partitionname>]
Description
-u - Username
-p - Password. To enter the password without displaying it on the command line, use -p with no password value and respond to the password prompt.
-fn - First name
-ln - Last name
-email - Email address
-priv - User Privilege (1=Limited Access,2=Full Access,3=Power User,4=Admin)
-newusername - New username for this user.
-aaausername - AAA username for this user.
-aaapassword - AAA password for this user. To enter the password without displaying it on the command line, use -aaapassword with no password value and respond to the password prompt.
-useaaaloginforproxy - Whether to user AAA logins for the Proxy Interface for this user (yes|no).
-extauthfailover - Whether to allow external auth failover for this user (yes|no).
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-status - enable or disable
-view1partition - partition the user belongs to in the first view
-view2partition - partition the user belongs to in the second view
-view3partition - partition the user belongs to in the third view
Return Type
STATUS
Examples
mod user -u johnd -p new -fn Johnathan -email jdoe@example.net
mod user -u johnd -p new -fn Johnathan -email jdoe@example.net -priv 2
mod user -u -customname Title -customvalue Engineer
mod user -u johnd -status disable
mod user -u johnd -view1partition "Default Site" -view2partition Fedex -view3partition Security
mod user -u johnd -fn john -ln doe -aaausername johnd -aaapassword -useaaaloginforproxy 0
Edits a Vlan - Rename Vlan Name, Add ports or Remove ports
Synopsis
mod vlan [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] -vlanid <Vlan ID> [-renameto <New Vlan Name>] [-addports <Add Port IDs>] [-removeports <Remove Port IDs>] [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-sessionlog <true or false>] [-retrycount <Retry count>] [-retryinterval <Retry interval>] [-comment <Snapshop comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-vlanid - Vlan ID to edit
-renameto - New Vlan name
-addports - Ports that need to be added to the Vlan
-removeports - Ports that need to be removed from the Vlan
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
mod vlan trunk [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] -portname <Port Name> -nativevlanid <Native vlan ID> [-addvlanids <Add Vlan IDs>] [-removevlanids <Remove Vlan IDs>] [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-sessionlog <true or false>] [-retrycount <Retry count>] [-retryinterval <Retry interval>] [-comment <Snapshop comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-portname - trunk port name to edit
-nativevlanid - specify a native or default vlan id
-addvlanids - vlan ids to add to trunk
-removevlanids - vlan ids to remove from trunk
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-sessionlog - If true a complete session log will be saved with this task.
-retrycount - The number of times to retry the task if it fails.
-retryinterval - The number of seconds between retries.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Run a ping command from the server to the sepecified device.
Synopsis
os ping
Description
The ping command is an OS command. All ping options that are available at the OS level are supported. Users should be able to enter any host name or address. The behavior is that it simply passes the string to the OS, executes it as a command and returns the results of the executed command.
Run a traceroute command from the server to the sepecified device.
Synopsis
os traceroute
Description
The traceroute command is an OS command. All traceroute options that are available at the OS level are supported. Users should be able to enter any options the command supported. The behavior is that it simply passes the command to the OS, executes it and returns the results of the executed command.
ping -source <IP address | Hostname | Fully Qualified Domain Name> -sourcegroup <Groupname> -dest <List of IP addresses> -rep <Task repeat period> -async -start <task start date> -priority <Task priority> -maxwaittime <Maximum Waiting Time> [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Causes a series of ping commands to be executed on a device. One ping command is executed for each target host specified. This series of commands may by run on the device immediately, or scheduled to run sometime in the future. Via this command, the task scheduled can be set to repeat periodically. Note that if not scheduled as a task, this command may take some time to complete.
-source - Can be an IP address (a.b.c.d where 0 <= a,b,c,d <= 255), or a valid hostname, or a valid Fully Qualified Domain Name.
-sourcegroup - A valid group name. Exactly one of -source or -sourcegroup must be specified.
-dest - A comma separated list of devices. Devices may be specified in any way that is understood by the ping program on the device specified by the option "-source".
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes, the two integers don't have to be the same. This option should not be used unless -async is also supplied.
-async - Indicates that the ping operation should be scheduled on the system as a task. The start time for the task will be immediatly unless an alternate start data is provided by means of the -start option.
-start - YYYY:MM:DD:HH:mm. The date on which the task will first be run. This option should not be used unless -async is also supplied.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
port scan -deviceip <Device IP address> -deviceid <Device ID> [-start <Task start date>] [-rep <Task repeat period>] [-sync <true or false>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-deviceid - A device ID
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
provision device -ip <IP address> -templateid <Device Template ID> -priority <Task priority> [-name <A used defined name for the task>] [-start <Task start date>] [-variables <Variable List>] [-ignorevariables] [-comment <Comment>] [-duration <Duration>] [-sessionlog <true or false>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-retryCount <Retry count>] [-retryInterval <Retry interval>] [-nocompliance] [-setactive] [-copydata] [-rep <Task repeat period>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-templateid - Device template ID to provision the device.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-name - A User defined name for indetyfying the task.
-start - YYYY:MM:DD:HH:mm. The first date the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-variables - A list of variables to be replaced in the script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''"
-ignorevariables - Mark the config variables as ignored that are not passed in the variables argument to the command.
-comment - Additional information about the provision device task.
-duration - Estimated duration the task will run(in minutes)
-sessionlog - If true a complete session log will be saved with this task.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-retryCount - The number of times to retry the task if it fails.
-retryInterval - The number of seconds between retries.
-nocompliance - If passed policy compliance will not be checked before provisioning.
-setactive - Set device as active upon success.
-copydata - Copy additional information from device template to device.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
reboot device [-ip <IP address>] [-group <Groupname>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-comment <Reboot task comment>] [-runmode <Run Mode>] [-stoponfailure <true or false>] [-sessionlog <true or false>] [-start <Task start date>] [-rep <Task repeat period>] [-retryCount <Retry count>] [-retryInterval <Retry interval>] [-priority <Task priority>] [-taskname <Task name>] [-forcesave <true or false>] [-verifyreboot <true or false>] [-estimatedreboottime <The timeout(in seconds)>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
This command enables you to reboot devices.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-group - A valid group name. Do not use this option with -ip (exactly one of -ip or -group must be specified).
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-comment - An optional comment about the reboot task.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-sessionlog - If true a complete session log will be saved with this task.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same.
-retryCount - The number of seconds between retries.
-retryInterval - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-forcesave - If true save the running configuration to the startup configuration upon task completion.
-verifyreboot - If true, will verify that the device has booted up successfully before marking the task success. Apply global config value if not specified.
-estimatedreboottime - The timeout(in seconds) for the device reboot verification process. This value applies only when "-verifyreboot" value is true.
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
Load any new content packs (such as scripts or policies) that have been installed on the server since the last time it was restarted or content was reloaded. Note that the policies are imported only if you are using the Network Automation Software Ultimate edition license.
Remove an auto-remediation change plan assignment (not the change plan itself). This command is available only with the Network Automation Software Ultimate edition license.
Synopsis
remove auto remediation script -ruleid <Policy Rule ID> -scriptid <Change Plan ID>
Description
It removes the auto-remediation change plan assignment from a rule identified by rule ID. Note that neither the change plan nor the policy rule will be deleted from the system; they both will be kept in the system.
-ruleid - Policy Rule ID
-scriptid - Change Plan ID
Return Type
STATUS
Examples
remove auto remediation script -ruleid 1234 -scriptid 5678
Connect to a device through the system's Proxy Interface via telnet (bypassing single sign-on). If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards.
- Port to use to connect to devices outside of the system.
Run an existing change plan against a device or group of devices. This command is deprecated, please consider using the corresponding command to deploy change plan.
Runs an existing change plan, specified by name, against a device or group of devices. The proper variant of the change plan will be applied to each device. If no variant of the change plan supports a given device, that device will be skipped. The change plan is run as a system task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A valid group name. Either a device or a group must be specified, but not both (exactly one of -ip, -hostname, -fqdn or -group must be specified).
-name - Name of the change plan to deploy
-parameters - Command line parameters for the change script to run
-variables - A list of variables to be replaced in the change script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''"
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-nowait - Indicates that the task should not wait if there is another task currently running against the same device.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the change plan should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the change plan should be skipped. If "task", this indicates that snapshot after the change plan should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-sessionlog - If true, session log will be enabled for this task.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
Run an existing change plan against a device or group of devices.This command is deprecated, please consider using the corresponding command to deploy change plan.
Runs an existing change plan, specified by name, against a device or group of devices. The proper variant of the change plan will be applied to each device. If no variant of the change plan supports a given device, that device will be skipped. The change plan is run as a system task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A valid group name. Either a device or a group must be specified, but not both (exactly one of -ip, -hostname, -fqdn or -group must be specified).
-name - Name of the change plan to deploy
-variables - A list of variables to be replaced in the change script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''"
-linebyline - Indicates that line by line deployment is preferred, rather than file-based deployment
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates the command should return only after the snapshot retrieval task is complete. Do not use this option with -rep or -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-nowait - Indicates that the task should not wait if there is another task currently running against the same device.
-comment - An optional comment about the snapshot.
-presnapshot - If false, this indicates that the snapshot that runs before the change plan should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the change plan should be skipped. If "task", this indicates that snapshot after the change plan should run as a separate task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-sessionlog - If true, session log will be enabled for this task.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.Do not use this option with -sync.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
run diagnostic [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-group <Group Name>] -diagnostic <Diagnostic Name> [-rep <Task repeat period>] [-start <Task start date>] [-sync] [-nowait] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-comment <Run script comment>] [-duration <Estimated duration of script task.>] [-sessionlog <true or false>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>] [-retryInterval <Retry count>] [-retryCount <Retry interval>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-variables <Variable List>]
Description
Run the specified diagnostic on a specified device either right away, or at some point in the future. The run diagnostic operation is actually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A name of a device group (mutually exclusive with -ip, -host, or -fqdn)
-diagnostic - A diagnostic to run. Built-in diagnostics are 'NA Routing Table', 'NA Interfaces' and 'NA OSPF Neighbors'.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-nowait - Indicates that the command does not need to wait for other tasks to complete on the device.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-comment - An optional comment about the diagnostic.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-variables - A list of variables to be replaced in the script - provided as a list of name=value pairs, separated by commas. Values can be surrounded in single-quotes ('). Within a quoted value, a single-quote can be embedded with two single-quote characters. Example: "variable1=value1,varable2='this is ''value 2'''". The values will be substituted globally, please edit the task in UI for per diagnostic substitution.
Return Type
String
Examples
run diagnostic -ip 192.0.2.10 -diagnostic "vlan report" -sync
run diagnostic -ip 192.0.2.10 -diagnostic "NA Routing Table" -start 2004:02:29:23:59
run external application -app <Command> [-start <Task start date>] [-rep <Task repeat period>] [-sync] [-comment <Comment text>] [-startdir <Directory path>] [-resultfile <File path>] [-errorifnonzero <true or false>] [-priority <Task priority>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Runs a NA task which spawns a new process that executes a command external to NA.
-app - The command to execute.
-start - YYYY:MM:DD:HH:mm The time when the command will be executed. Do not use this option with -sync.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-sync - Indicates that the CLI command should return only after the task is complete. Do not use this option with -start.
-comment - Comments to be attached to the task that runs to execute the command.
-startdir - The working directory of the process in which the command is executed.
-resultfile - The file to contain the output of the command.
-errorifnonzero - If true the task will be marked FAILED or WARNING if the command returns a non zero result code.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
run script [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-group <Group Name>] [-mode <Command Script Mode>] -script <Change Script> [-rep <Task repeat period>] [-start <Task start date>] [-sync] [-runmode <Run Mode>] [-stoponfailure <Stop on Failure>] [-nowait] [-comment <Run script comment>] [-presnapshot <true or false>] [-postsnapshot <true, false or task>] [-disablesessionlogging] [-priority <Task priority>] [-linebyline <true or false>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>]
Description
Run the specified change script on a specified device either right away, or at some point in the future. The run script operation is actually a scheduled task. If no mode is specified the first supported enable, supervisor, provisioning or root mode will be used.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A name of a device group (mutually exclusive with -ip, -host, or -fqdn)
-mode - A command script mode to run the script in.
-script - A change script to run, may separate commands with '\n'. Commands that require multiple entries before returning to the device prompt can separate each entry with '\\r\\n'.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the deploy task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-nowait - Indicates that the task should not wait if there is another task currently running against the same device.
-comment - An optional comment about the script being run.
-presnapshot - If false, this indicates that the snapshot that runs before the script should be skipped.
-postsnapshot - If false, this indicates that the snapshot that runs after the script should be skipped. If "task", this indicates that snapshot after the script should run as a separate task.
-disablesessionlogging - Indicates that the session should not be logged.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-linebyline - if true, enable line by line mode for the script execution
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
set core status -coreid <Core ID> -status <Status (inactive|active)>
Description
The status can be set to either 'active' or 'inactive'. Setting a core to 'inactive' completely excludes it from the Horizontal Scalability environment. It is recommended to power down inactive cores to reduce energy consumption. The 'standby' and 'normal' options have been deprecated. It is no longer necessary to restart any cores for this change to take effect.
set policy rule logic (boolean expression or IF-THEN-ELSE statement). This command is available only with the Network Automation Software Ultimate edition license.
Synopsis
set policy rule logic -ruleid <Policy Rule ID> -boolexpr <Boolean Expression or IF-THEN-ELSE Rule Logic>
Description
It must be called to set the rule logic after rule conditions are created, deleted, or desired to be changed. Note that no other API call will change the rule logic.
-ruleid - Policy Rule ID
-boolexpr - Boolean Expression or IF-THEN-ELSE Rule Logic
Return Type
ConfigRuleVO with columns:
appliesToEntireDeviceFamily
blockEndPattern
blockStartPattern
comments
conditions
configPolicyID
configRuleID
configRuleName
createDate
description
deviceFamily
evaluationLogic
importance
inUse
lastModifiedDate
lastModifiedUserID
ruleType
scope
ticketNumber
Examples
set policy rule logic -ruleid 1234 -boolexpr "A"
set policy rule logic -ruleid 1234 -boolexpr "(A and B) or C"
set policy rule logic -ruleid 1234 -boolexpr "IF A THEN (B or C)"
If the -ip flag is given, show the BasicIP model for the most recent config for the specified device. If the -id flag is given, show the BasicIP model for the specified config. Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
show change plan [-id <change plan ID>] [-name <change plan Name>]
Description
-id - The change plan ID for which the information is displayed.
-name - The change plan name for which the information is displayed. NOTE: If change plan name contains an escape character, the input must be escaped properly.
The passwords are populated in following algorithm: 1) If device has a LastAuthentication records, the passwords will be retrieved from that record, otherwise: 2) If device has device specific passwords defined(on Edit Device page), the device specific passwords will be returned 3) Otherwise, the first applicable device password rule will be used The return value may contain some or all of following attributes, depending on the device setting: username password enable_password read_community write_community snmpv3_user snmpv3_authpassword snmpv3_privpassword
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-protocol - A valid protocol (SNMP or CLI)
Return Type
Map
Examples
show device credentials -ip 192.0.2.10
show device credentials -ip "East Site:192.0.2.10"
show device credentials -ip 192.0.2.10 -protocol snmp
If the -ip flag is given, show the DeviceInformation model for the most recent config for the specified device. If the -id flag is given, show the DeviceInformation model for the specified config. Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Display the details of an event. However, with the Network Automation Software Premium edition license, using this command, you cannot view the following events: Policy Added Policy Non-Compliance Policy Changed Policy Pattern Timeout Policy Rule Added Policy Rule Changed Software Vulnerability Detected
If the -ip flag is given, show the ICMPTest model for the most recent config for the specified device. If the -id flag is given, show the ICMPTest model for the specified config. Include exactly one of the -id or -ip option.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
show int [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>] [-id <Config ID>]
Description
Output the raw diagnostic data from the ShowInterfaces model. To see the fully parsed interface values, see the show port command. If the -ip flag is given, show the ShowInterfaces model for the most recent config for the specified device. If the -id flag is given, show the ShowInterfaces model for the specified config. Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
show ip -ipvalue <Value> [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-ipvalue - The ip value a.b.c.d where 0 <= a,b,c,d <= 255, the non-primary IP address of the device.
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
If the -ip flag is provided, show the ShowOSPFNeighbors model for the most recent config for the specified device. If the -id flag is given, show the ShowOSPFNeighbors model for the specified config. Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Ports are ports and interfaces found on the devices in their configuration or within ancillary commands that detail specifics of the ports and interfaces. The values returned have been processed by the device drivers.
show resource id [-name <Name>] [-poolid <Resource identity pool ID>] [-id <ID>]
Description
Show resource identity information. Resource identity can be identified either by ID or combination of name and resource identity pool ID. If resource identity ID is specified, name and resource pool ID are ignored.
-name - Name of the resource identity to show.
-poolid - ID of the resource identity pool the resource identity to be shown is associated with.
show resource id pool [-name <Name>] [-site <Site Name>] [-id <ID>]
Description
Show resource identity pool information. Resource identity pool can be identified either by ID or name and site. If ID is specified, name and site are ignored.
-name - Name of resource identity pool to show.
-site - Name of the site the resource identity pool to be shown is associated with. If a name of resource identity pool is specified but site is not specified, the resource identity pool is assumed to be associated with the default partition unless the system is partitioned. In such case, the resource identity pool is assumed to be global.
If the -ip flag is given, show the most recent routing table captured for the specified device. If the -id flag is given, show the specified routing table. Include either the -id or -ip option, but not both.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Output the indicated diagnostic or advanced diagnostic. The desired diagnostic can be specified by ID, or by a combination of name and type. If more than one name match occurs, then an error will be reported and you must specify the unique diagnostic desired by ID.
-id - ID of the desired diagnostic
-name - Name of the desired diagnostic
-type - Type of the desired diagnostic - may be diagnostic or advdiagnostic
Return Type
CustomScriptVO with columns:
createDate
createUserID
customScriptID
description
lastModifyDate
lastModifyUserID
name
parameters
script
scriptMode
scriptType
siteID
taskType
variableData
Examples
show script -id 5
show script -name "Edit Port Duplex" -type diagnostic
Shows detailed information about a task. However, with the Network Automation Software Premium edition license, you cannot view the 'Check Policy Compliance' tasks using this command.
-u - The user name for whom information will be displayed \\n NOTE: If user name contains '\' escape charater , the input needs to be escaped properly, for example if user name is like "Domain\User" then the input needs to be "Domain\\User"
-id - The user id for whom information will be displayed
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
show vtp [-deviceip <Device IP address>] [-ip <IP address>] [-host <Hostname>] [-fqdn <Fully Qualified Domain Name>] [-deviceid <Device ID>]
Description
-deviceip - The device's ip address a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
Have the the system client execute all commands contained within a text file.
Synopsis
source
Description
This command has no options but takes one argument: the name of the file to "source". The source file should contain only valid CLI commands each separated by one newline.
Connect to a device through the system's Proxy Interface via ssh (bypassing single sign-on). If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards.
- Port to use to connect to devices outside of the system.
Synchronize a device's startup configuration so it matches its running configuration. The synchronize operation is actually a scheduled task.
-ip - a.b.c.d where 0 <= a,b,c,d <= 255. You may optionally prefix the IP with SITE: where SITE is the name of the Site the device is in.
-host - A valid hostname
-fqdn - A valid Fully Qualified Domain Name
-deviceid - A device ID
-group - A name of a device group (mutually exclusive with -ip, -host, or -fqdn)
-skipinsync - Indicates that the command should skip any device that the system indicates already has matching startup and running configs. Possible values are true or false.
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes--the two integers do not have to be the same. Do not use this option with -sync.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. Do not use this option with -sync.
-sync - Indicates that the command should return only after the synchronize task is complete. Do not use this option with -start. This is deprecated, use -runmode synchronous.
-runmode - Parallel - Multiple child tasks of a group task can run at the same time. Alternatively, the task runs on a single device. Serial - Only one child task of a group task runs at any given time. Serial run mode applies to group tasks only. Synchronous - The task command returns task results only after the task completes. Synchronous run mode is available from the API or CLI only.
-stoponfailure - If the failure of any one child task should cause NA to skip all child tasks that have not yet run, select the Stop on Failure check box. If all child tasks of this group task should attempt to run without regard to the failure status of the other child tasks, clear the Stop on Failure check box.
-comment - An optional comment about the synchronize task.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.Do not use this option with -sync.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
Connect to a device through the system's Proxy Interface via telnet (bypassing single sign-on). If you are connected to a device through a console server, you may hit ctrl-\ to return to the the system shell after logging out of the device.
-override - Force a connection to a device in the event that simultaneous connection warning or prevention is turned on.
- Hostname, Device ID, Fully Qualified Domain Name, or Primary IP Address to use to lookup the device to connect to. The characters * and ? can be used as wildcards.
- Port to use to connect to devices outside of the system.
Test policy compliance for a device configuration script. This command is available only with the Network Automation Software Ultimate edition license.
Synopsis
test config [-family <Device Family>] -script <Configuration Script> [-policy <Policy Name>] [-group <Device Group>] [-device <Device Name or Device IP address>]
Description
-family - The device family for the configuration script to be tested("Cisco IOS", F5, etc.)
-script - The configuration script to be tested.
-policy - The name of the policy for which the script will be test against.
-group - Specify a device group name. The test will be performed against the policies that are applicable to the group. If both -policy and -group are used, -group argument will be ignored. If none of -policy and -group is used, test will be performed against all applicable policies.
-device - The name or IP address of the device to test the script against. If device is specified, the values for the -family and -group options are ignored.
Return Type
String
Examples
test config -family "Cisco IOS" -script "version 12.1 ...."
test config -script "version 12.1 ...." -device 16.78.58.34
* Note this command is intended for API use since it is difficult to input the entire configuration script in the command line.
Causes a series of traceroute commands to be executed on a device. One traceroute command is executed for each target host specified. This series of commands may by run on the device immediately, or scheduled to run sometime in the future. Via this command, the task scheduled can be set to repeat periodically. Note that if not scheduled as a task, this command may take some time to complete.
-source - Can be an IP address (a.b.c.d where 0 <= a,b,c,d <= 255), or a valid hostname, a valid Fully Qualified Domain Name.
-sourcegroup - A valid group name. Exactly one of -source or -sourcegroup must be specified.
-dest - A comma separated list of devices. Devices may be specified in any way that is understood by the traceroute program on the device specified by the option "-source".
-rep - (#min | #:# | #days | #weeks | #months) where # is a positive integer. #:# is hours:minutes, the two integers don't have to be the same. This option should not be used unless -async is also supplied.
-async - Indicates that the traceroute operation should be scheduled on the system as a task. The start time for the task will be immediatly unless an alternate start data is provided by means of the -start option.
-start - YYYY:MM:DD:HH:mm. The date on which the task will first be run. This option should not be used unless -async is also supplied.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.
undeploy image -ip <device ip address> -images <images separated by ,> [-reboot <reboot instruction>] [-rebootwait <reboot wait (in seconds)>] [-filesystem <file system of device>] [-pretask <task to run before delete>] [-posttask <task to run after delete>] [-start <Task start date>] [-comment <Snapshot comment>] [-duration <Estimated duration of snapshot task.>] [-sessionlog <true or false>] [-customname <Custom data field name>] [-customvalue <Custom data value>] [-customnames <Custom data field names>] [-customvalues <Custom data values>] [-retryInterval <Retry count>] [-retryCount <Retry interval>] [-priority <Task priority values>] [-taskname <Task name>] [-maxwaittime <Maximum Waiting Time>] [-useaaa] [-user <Username>] [-passwd <Password>] [-enablepasswd <Enable password>] [-snmpro <Read only community string>] [-snmprw <Read write community string>]
Description
delete software images from device.
-ip - ip address of the device the images will be deleted.
-images - images to be deleted.
-reboot - wheather to reboot the device after deleting images.
-rebootwait - seconds to wait before reboot.
-filesystem - name of filesystem of the device the images will be deleted.
-pretask - name of task before delete.
-posttask - name of task after delete.
-start - YYYY:MM:DD:HH:mm. The first date on which the task will run. The string "now" means the current time. The string "tomorrow" means 24 hours from the current time.
-comment - An optional comment about the snapshot.
-duration - A number concatenated with a units signifier. Valid signifiers are m (minutes), h (hours), d (days), w (weeks). If this option is not provided, the duration for the task is set to 60 minutes.
-sessionlog - If true a complete session log will be saved with this task.
-customname - A single custom field name.
-customvalue - A single custom field value.
-customnames - The custom field names. Multiple names can be specified as a comma separated list, the order should match the customvalues order.
-customvalues - The custom field values. Multiple values can be specified as a comma separated list, the order should match the customnames order. Any values with commas should be quoted with single quotes.
-retryInterval - The number of seconds between retries.
-retryCount - The number of times to retry the task if it fails.
-priority - Task priority value (1, 2, 3, 4 or 5). Invalid priority will be changed to an appropriate value automatically.
-taskname - Task name
-maxwaittime - The maximum time in minutes for which the task can remain in the waiting or pending state from the schedule date. The task is skipped automatically if it remains in the waiting state beyond the value specified.
-useaaa - Task owner's AAA credentials.
-user - Task specific user name.
-passwd - Task specific password. To enter the password without displaying it on the command line, use -passwd with no password value and respond to the command prompt.
-enablepasswd - ADDITIONAL task specific password to get to "enable" mode. To enter the password without displaying it on the command line, use -enablepasswd with no password value and respond to the command prompt.
-snmpro - The read only community string for the device or network.
-snmprw - The read write community string for the device or network.